Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
t1hz2L221F.exe

Overview

General Information

Sample Name:t1hz2L221F.exe
Analysis ID:751341
MD5:1a5c0c52cd2e7bb1929b90b191325b64
SHA1:52cdefeec4bccff4e0d0b43e7712aaa0aeaf6ca1
SHA256:8f24e6ddba21d619abef75b15916c8817522cfbd8dfc05dfa0663f1caffee3bc
Tags:exeRedLineStealer
Infos:

Detection

RedLine
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Yara detected RedLine Stealer
Multi AV Scanner detection for submitted file
Malicious sample detected (through community Yara rule)
Snort IDS alert for network traffic
Tries to steal Crypto Currency Wallets
Machine Learning detection for sample
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
C2 URLs / IPs found in malware configuration
Found many strings related to Crypto-Wallets (likely being stolen)
Tries to harvest and steal browser information (history, passwords, etc)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
May sleep (evasive loops) to hinder dynamic analysis
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Uses code obfuscation techniques (call, push, ret)
Internet Provider seen in connection with other malware
Detected potential crypto function
Yara detected Credential Stealer
Contains long sleeps (>= 3 min)
Enables debug privileges
Is looking for software installed on the system
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Sample file is different than original file name gathered from version info
Detected TCP or UDP traffic on non-standard ports
Binary contains a suspicious time stamp
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Classification

Process Tree

  • System is w10x64
  • t1hz2L221F.exe (PID: 1312 cmdline: C:\Users\user\Desktop\t1hz2L221F.exe MD5: 1A5C0C52CD2E7BB1929B90B191325B64)
  • cleanup

Malware Configuration

Threatname: RedLine

{"C2 url": ["185.143.223.31:14433"], "Bot Id": "zeus", "Message": "Error Code: 0x800F0922\u201d Failed to install Updates on Windows \u00b7 Run the Windows Update Troubleshooter", "Authorization Header": "0a4e17c920915cf1addb54d994094181"}

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
t1hz2L221F.exeJoeSecurity_RedLineYara detected RedLine StealerJoe Security
    t1hz2L221F.exeMALWARE_Win_RedLineDetects RedLine infostealerditekSHen
    • 0x211a8:$pat14: , CommandLine:
    • 0x18d60:$v2_1: ListOfProcesses
    • 0x18aec:$v4_3: base64str
    • 0x19b7f:$v4_4: stringKey
    • 0x16708:$v4_5: BytesToStringConverted
    • 0x15770:$v4_6: FromBase64
    • 0x16edc:$v4_8: procName
    • 0x1725f:$v5_1: DownloadAndExecuteUpdate
    • 0x189fc:$v5_2: ITaskProcessor
    • 0x1724d:$v5_3: CommandLineUpdate
    • 0x1723e:$v5_4: DownloadUpdate
    • 0x178f0:$v5_5: FileScanning
    • 0x16a77:$v5_7: RecordHeaderField
    • 0x16496:$v5_9: BCRYPT_KEY_LENGTHS_STRUCT

    PCAP (Network Traffic)

    SourceRuleDescriptionAuthorStrings
    dump.pcapJoeSecurity_RedLineYara detected RedLine StealerJoe Security
      dump.pcapJoeSecurity_RedLine_1Yara detected RedLine StealerJoe Security

        Memory Dumps

        SourceRuleDescriptionAuthorStrings
        00000000.00000000.293715120.0000000000012000.00000002.00000001.01000000.00000003.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
          00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
            00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
              00000000.00000002.372750778.00000000027BD000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                Process Memory Space: t1hz2L221F.exe PID: 1312JoeSecurity_RedLineYara detected RedLine StealerJoe Security
                  Click to see the 1 entries

                  Unpacked PEs

                  SourceRuleDescriptionAuthorStrings
                  0.0.t1hz2L221F.exe.10000.0.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                    0.0.t1hz2L221F.exe.10000.0.unpackMALWARE_Win_RedLineDetects RedLine infostealerditekSHen
                    • 0x211a8:$pat14: , CommandLine:
                    • 0x18d60:$v2_1: ListOfProcesses
                    • 0x18aec:$v4_3: base64str
                    • 0x19b7f:$v4_4: stringKey
                    • 0x16708:$v4_5: BytesToStringConverted
                    • 0x15770:$v4_6: FromBase64
                    • 0x16edc:$v4_8: procName
                    • 0x1725f:$v5_1: DownloadAndExecuteUpdate
                    • 0x189fc:$v5_2: ITaskProcessor
                    • 0x1724d:$v5_3: CommandLineUpdate
                    • 0x1723e:$v5_4: DownloadUpdate
                    • 0x178f0:$v5_5: FileScanning
                    • 0x16a77:$v5_7: RecordHeaderField
                    • 0x16496:$v5_9: BCRYPT_KEY_LENGTHS_STRUCT

                    Sigma Signatures

                    No Sigma rule has matched

                    Snort Signatures

                    Timestamp:192.168.2.4185.143.223.3149696144332850027 11/22/22-04:57:10.394818
                    SID:2850027
                    Source Port:49696
                    Destination Port:14433
                    Protocol:TCP
                    Classtype:A Network Trojan was detected
                    Timestamp:192.168.2.4185.143.223.3149696144332850286 11/22/22-04:57:30.788857
                    SID:2850286
                    Source Port:49696
                    Destination Port:14433
                    Protocol:TCP
                    Classtype:A Network Trojan was detected
                    Timestamp:185.143.223.31192.168.2.414433496962850353 11/22/22-04:57:11.905752
                    SID:2850353
                    Source Port:14433
                    Destination Port:49696
                    Protocol:TCP
                    Classtype:A Network Trojan was detected

                    Joe Sandbox Signatures

                    Click to jump to signature section

                    Show All Signature Results

                    AV Detection

                    barindex
                    Multi AV Scanner detection for submitted file
                    Source: t1hz2L221F.exeVirustotal: Detection: 59%Perma Link
                    Machine Learning detection for sample
                    Source: t1hz2L221F.exeJoe Sandbox ML: detected
                    Source: t1hz2L221F.exeMalware Configuration Extractor: RedLine {"C2 url": ["185.143.223.31:14433"], "Bot Id": "zeus", "Message": "Error Code: 0x800F0922\u201d Failed to install Updates on Windows \u00b7 Run the Windows Update Troubleshooter", "Authorization Header": "0a4e17c920915cf1addb54d994094181"}
                    Source: t1hz2L221F.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: t1hz2L221F.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h0_2_06EFF5E8
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeCode function: 4x nop then jmp 06EFCEFBh0_2_06EFCC20
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeCode function: 4x nop then jmp 06EFC010h0_2_06EFBE6A
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeCode function: 4x nop then jmp 06EFC010h0_2_06EFBE78
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeCode function: 4x nop then jmp 06EF0F80h0_2_06EF0F68
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeCode function: 4x nop then jmp 06EF1DB2h0_2_06EF1990
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeCode function: 4x nop then jmp 06EF2232h0_2_06EF1990

                    Networking

                    barindex
                    Snort IDS alert for network traffic
                    Source: TrafficSnort IDS: 2850027 ETPRO TROJAN RedLine Stealer TCP CnC net.tcp Init 192.168.2.4:49696 -> 185.143.223.31:14433
                    Source: TrafficSnort IDS: 2850286 ETPRO TROJAN Redline Stealer TCP CnC Activity 192.168.2.4:49696 -> 185.143.223.31:14433
                    Source: TrafficSnort IDS: 2850353 ETPRO MALWARE Redline Stealer TCP CnC - Id1Response 185.143.223.31:14433 -> 192.168.2.4:49696
                    C2 URLs / IPs found in malware configuration
                    Source: Malware configuration extractorURLs: 185.143.223.31:14433
                    Source: Joe Sandbox ViewASN Name: INFORMTECH-ASRU INFORMTECH-ASRU
                    Source: global trafficTCP traffic: 192.168.2.4:49696 -> 185.143.223.31:14433
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.143.223.31
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.143.223.31
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.143.223.31
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.143.223.31
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.143.223.31
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.143.223.31
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.143.223.31
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.143.223.31
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.143.223.31
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.143.223.31
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.143.223.31
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.143.223.31
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.143.223.31
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.143.223.31
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.143.223.31
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.143.223.31
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.143.223.31
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.143.223.31
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.143.223.31
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.143.223.31
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.143.223.31
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.143.223.31
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.143.223.31
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.143.223.31
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.143.223.31
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.143.223.31
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.143.223.31
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.143.223.31
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.143.223.31
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.143.223.31
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.143.223.31
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.143.223.31
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.143.223.31
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.143.223.31
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.143.223.31
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.143.223.31
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.143.223.31
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.143.223.31
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.143.223.31
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.143.223.31
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.143.223.31
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.143.223.31
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.143.223.31
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.143.223.31
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.143.223.31
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.143.223.31
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.143.223.31
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.143.223.31
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.143.223.31
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.143.223.31
                    Source: t1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
                    Source: t1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinary
                    Source: t1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text
                    Source: t1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
                    Source: t1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
                    Source: t1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentif
                    Source: t1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ
                    Source: t1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ1510
                    Source: t1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1
                    Source: t1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#license
                    Source: t1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID
                    Source: t1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID
                    Source: t1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1
                    Source: t1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0
                    Source: t1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey
                    Source: t1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1
                    Source: t1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1
                    Source: t1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd
                    Source: t1hz2L221F.exe, 00000000.00000003.364623869.0000000009171000.00000004.00000800.00020000.00000000.sdmp, t1hz2L221F.exe, 00000000.00000003.364699003.0000000009184000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ns.adobe.c/g
                    Source: t1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap
                    Source: t1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/tlsnego#TLS_Wrap
                    Source: t1hz2L221F.exe, 00000000.00000002.370543999.0000000002401000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/actor/next
                    Source: t1hz2L221F.exe, 00000000.00000002.370543999.0000000002401000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
                    Source: t1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2002/12/policy
                    Source: t1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/sc
                    Source: t1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk
                    Source: t1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/sct
                    Source: t1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1
                    Source: t1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue
                    Source: t1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Nonce
                    Source: t1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/Issue
                    Source: t1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCT
                    Source: t1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/Issue
                    Source: t1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCT
                    Source: t1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKey
                    Source: t1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust
                    Source: t1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKey
                    Source: t1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey
                    Source: t1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/06/addressingex
                    Source: t1hz2L221F.exe, 00000000.00000002.370543999.0000000002401000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing
                    Source: t1hz2L221F.exe, 00000000.00000002.370543999.0000000002401000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/faulth
                    Source: t1hz2L221F.exe, 00000000.00000002.370543999.0000000002401000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
                    Source: t1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat
                    Source: t1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Aborted
                    Source: t1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Commit
                    Source: t1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Committed
                    Source: t1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Completion
                    Source: t1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PC
                    Source: t1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepare
                    Source: t1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepared
                    Source: t1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnly
                    Source: t1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Replay
                    Source: t1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Rollback
                    Source: t1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PC
                    Source: t1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/fault
                    Source: t1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor
                    Source: t1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContext
                    Source: t1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse
                    Source: t1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/Register
                    Source: t1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/RegisterResponse
                    Source: t1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/fault
                    Source: t1hz2L221F.exe, 00000000.00000002.370543999.0000000002401000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm
                    Source: t1hz2L221F.exe, 00000000.00000002.370543999.0000000002401000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested
                    Source: t1hz2L221F.exe, 00000000.00000002.370543999.0000000002401000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequence
                    Source: t1hz2L221F.exe, 00000000.00000002.370543999.0000000002401000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponse
                    Source: t1hz2L221F.exe, 00000000.00000002.370543999.0000000002401000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/LastMessage
                    Source: t1hz2L221F.exe, 00000000.00000002.370543999.0000000002401000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/SequenceAcknowledgement
                    Source: t1hz2L221F.exe, 00000000.00000002.370543999.0000000002401000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence
                    Source: t1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc
                    Source: t1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk
                    Source: t1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1
                    Source: t1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/sct
                    Source: t1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust
                    Source: t1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecret
                    Source: t1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1
                    Source: t1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Cancel
                    Source: t1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Issue
                    Source: t1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce
                    Source: t1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey
                    Source: t1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
                    Source: t1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT
                    Source: t1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel
                    Source: t1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Renew
                    Source: t1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue
                    Source: t1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT
                    Source: t1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel
                    Source: t1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew
                    Source: t1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Renew
                    Source: t1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey
                    Source: t1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/spnego
                    Source: t1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego
                    Source: t1hz2L221F.exe, 00000000.00000002.370543999.0000000002401000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns
                    Source: t1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                    Source: t1hz2L221F.exe, 00000000.00000002.370543999.0000000002401000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/right/possessproperty
                    Source: t1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2006/02/addressingidentity
                    Source: t1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmp, t1hz2L221F.exe, 00000000.00000002.370543999.0000000002401000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/
                    Source: t1hz2L221F.exe, 00000000.00000002.370543999.0000000002401000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1
                    Source: t1hz2L221F.exe, 00000000.00000002.370543999.0000000002401000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id10
                    Source: t1hz2L221F.exe, 00000000.00000002.372539361.0000000002758000.00000004.00000800.00020000.00000000.sdmp, t1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmp, t1hz2L221F.exe, 00000000.00000002.370543999.0000000002401000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id10Response
                    Source: t1hz2L221F.exe, 00000000.00000002.370543999.0000000002401000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id11
                    Source: t1hz2L221F.exe, 00000000.00000002.372539361.0000000002758000.00000004.00000800.00020000.00000000.sdmp, t1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmp, t1hz2L221F.exe, 00000000.00000002.370543999.0000000002401000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id11Response
                    Source: t1hz2L221F.exe, 00000000.00000002.370543999.0000000002401000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id12
                    Source: t1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmp, t1hz2L221F.exe, 00000000.00000002.370543999.0000000002401000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id12Response
                    Source: t1hz2L221F.exe, 00000000.00000002.370543999.0000000002401000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id13
                    Source: t1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmp, t1hz2L221F.exe, 00000000.00000002.372750778.00000000027BD000.00000004.00000800.00020000.00000000.sdmp, t1hz2L221F.exe, 00000000.00000002.370543999.0000000002401000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id13Response
                    Source: t1hz2L221F.exe, 00000000.00000002.370543999.0000000002401000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id14
                    Source: t1hz2L221F.exe, 00000000.00000002.372539361.0000000002758000.00000004.00000800.00020000.00000000.sdmp, t1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmp, t1hz2L221F.exe, 00000000.00000002.370543999.0000000002401000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id14Response
                    Source: t1hz2L221F.exe, 00000000.00000002.370543999.0000000002401000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id15
                    Source: t1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmp, t1hz2L221F.exe, 00000000.00000002.372750778.00000000027BD000.00000004.00000800.00020000.00000000.sdmp, t1hz2L221F.exe, 00000000.00000002.370543999.0000000002401000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id15Response
                    Source: t1hz2L221F.exe, 00000000.00000002.370543999.0000000002401000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id16
                    Source: t1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmp, t1hz2L221F.exe, 00000000.00000002.372750778.00000000027BD000.00000004.00000800.00020000.00000000.sdmp, t1hz2L221F.exe, 00000000.00000002.370543999.0000000002401000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id16Response
                    Source: t1hz2L221F.exe, 00000000.00000002.370543999.0000000002401000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id17
                    Source: t1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmp, t1hz2L221F.exe, 00000000.00000002.370543999.0000000002401000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id17Response
                    Source: t1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmp, t1hz2L221F.exe, 00000000.00000002.370543999.0000000002401000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id18
                    Source: t1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmp, t1hz2L221F.exe, 00000000.00000002.370543999.0000000002401000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id18Response
                    Source: t1hz2L221F.exe, 00000000.00000002.370543999.0000000002401000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19
                    Source: t1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19Response
                    Source: t1hz2L221F.exe, 00000000.00000002.370543999.0000000002401000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19Responseem5d
                    Source: t1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmp, t1hz2L221F.exe, 00000000.00000002.370543999.0000000002401000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1Response
                    Source: t1hz2L221F.exe, 00000000.00000002.370543999.0000000002401000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2
                    Source: t1hz2L221F.exe, 00000000.00000002.370543999.0000000002401000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id20
                    Source: t1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmp, t1hz2L221F.exe, 00000000.00000002.370543999.0000000002401000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id20Response
                    Source: t1hz2L221F.exe, 00000000.00000002.370543999.0000000002401000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id21
                    Source: t1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmp, t1hz2L221F.exe, 00000000.00000002.370543999.0000000002401000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id21Response
                    Source: t1hz2L221F.exe, 00000000.00000002.370543999.0000000002401000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22
                    Source: t1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22Response
                    Source: t1hz2L221F.exe, 00000000.00000002.370543999.0000000002401000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22Responseem5d
                    Source: t1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmp, t1hz2L221F.exe, 00000000.00000002.370543999.0000000002401000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id23
                    Source: t1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmp, t1hz2L221F.exe, 00000000.00000002.370543999.0000000002401000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id23Response
                    Source: t1hz2L221F.exe, 00000000.00000002.370543999.0000000002401000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id24
                    Source: t1hz2L221F.exe, 00000000.00000002.370543999.0000000002401000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id24Response
                    Source: t1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmp, t1hz2L221F.exe, 00000000.00000002.370543999.0000000002401000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2Response
                    Source: t1hz2L221F.exe, 00000000.00000002.370543999.0000000002401000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id3
                    Source: t1hz2L221F.exe, 00000000.00000002.370543999.0000000002401000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id3Response
                    Source: t1hz2L221F.exe, 00000000.00000002.370543999.0000000002401000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id4
                    Source: t1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmp, t1hz2L221F.exe, 00000000.00000002.370543999.0000000002401000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id4Response
                    Source: t1hz2L221F.exe, 00000000.00000002.370543999.0000000002401000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id5
                    Source: t1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmp, t1hz2L221F.exe, 00000000.00000002.370543999.0000000002401000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id5Response
                    Source: t1hz2L221F.exe, 00000000.00000002.370543999.0000000002401000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id6
                    Source: t1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmp, t1hz2L221F.exe, 00000000.00000002.372750778.00000000027BD000.00000004.00000800.00020000.00000000.sdmp, t1hz2L221F.exe, 00000000.00000002.370543999.0000000002401000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id6Response
                    Source: t1hz2L221F.exe, 00000000.00000002.372539361.0000000002758000.00000004.00000800.00020000.00000000.sdmp, t1hz2L221F.exe, 00000000.00000002.370543999.0000000002401000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id7
                    Source: t1hz2L221F.exe, 00000000.00000002.372539361.0000000002758000.00000004.00000800.00020000.00000000.sdmp, t1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmp, t1hz2L221F.exe, 00000000.00000002.372750778.00000000027BD000.00000004.00000800.00020000.00000000.sdmp, t1hz2L221F.exe, 00000000.00000002.370543999.0000000002401000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id7Response
                    Source: t1hz2L221F.exe, 00000000.00000002.370543999.0000000002401000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id8
                    Source: t1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmp, t1hz2L221F.exe, 00000000.00000002.370543999.0000000002401000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id8Response
                    Source: t1hz2L221F.exe, 00000000.00000002.370543999.0000000002401000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id9
                    Source: t1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmp, t1hz2L221F.exe, 00000000.00000002.370543999.0000000002401000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id9Response
                    Source: t1hz2L221F.exe, 00000000.00000002.371382616.00000000025A6000.00000004.00000800.00020000.00000000.sdmp, t1hz2L221F.exe, 00000000.00000002.371832839.0000000002632000.00000004.00000800.00020000.00000000.sdmp, t1hz2L221F.exe, 00000000.00000002.372493483.000000000274B000.00000004.00000800.00020000.00000000.sdmp, t1hz2L221F.exe, 00000000.00000002.372200340.00000000026BF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                    Source: t1hz2L221F.exeString found in binary or memory: https://api.ip.sb/ip
                    Source: t1hz2L221F.exe, 00000000.00000002.371382616.00000000025A6000.00000004.00000800.00020000.00000000.sdmp, t1hz2L221F.exe, 00000000.00000002.371832839.0000000002632000.00000004.00000800.00020000.00000000.sdmp, t1hz2L221F.exe, 00000000.00000002.372493483.000000000274B000.00000004.00000800.00020000.00000000.sdmp, t1hz2L221F.exe, 00000000.00000002.372200340.00000000026BF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                    Source: t1hz2L221F.exe, 00000000.00000002.371382616.00000000025A6000.00000004.00000800.00020000.00000000.sdmp, t1hz2L221F.exe, 00000000.00000002.371832839.0000000002632000.00000004.00000800.00020000.00000000.sdmp, t1hz2L221F.exe, 00000000.00000002.372493483.000000000274B000.00000004.00000800.00020000.00000000.sdmp, t1hz2L221F.exe, 00000000.00000002.372200340.00000000026BF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                    Source: t1hz2L221F.exe, 00000000.00000002.371382616.00000000025A6000.00000004.00000800.00020000.00000000.sdmp, t1hz2L221F.exe, 00000000.00000002.371832839.0000000002632000.00000004.00000800.00020000.00000000.sdmp, t1hz2L221F.exe, 00000000.00000002.372493483.000000000274B000.00000004.00000800.00020000.00000000.sdmp, t1hz2L221F.exe, 00000000.00000002.372200340.00000000026BF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                    Source: t1hz2L221F.exe, 00000000.00000002.371382616.00000000025A6000.00000004.00000800.00020000.00000000.sdmp, t1hz2L221F.exe, 00000000.00000002.371832839.0000000002632000.00000004.00000800.00020000.00000000.sdmp, t1hz2L221F.exe, 00000000.00000002.372493483.000000000274B000.00000004.00000800.00020000.00000000.sdmp, t1hz2L221F.exe, 00000000.00000002.372200340.00000000026BF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                    Source: t1hz2L221F.exe, 00000000.00000002.371382616.00000000025A6000.00000004.00000800.00020000.00000000.sdmp, t1hz2L221F.exe, 00000000.00000002.371832839.0000000002632000.00000004.00000800.00020000.00000000.sdmp, t1hz2L221F.exe, 00000000.00000002.372493483.000000000274B000.00000004.00000800.00020000.00000000.sdmp, t1hz2L221F.exe, 00000000.00000002.372200340.00000000026BF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
                    Source: t1hz2L221F.exe, 00000000.00000002.371382616.00000000025A6000.00000004.00000800.00020000.00000000.sdmp, t1hz2L221F.exe, 00000000.00000002.371832839.0000000002632000.00000004.00000800.00020000.00000000.sdmp, t1hz2L221F.exe, 00000000.00000002.372493483.000000000274B000.00000004.00000800.00020000.00000000.sdmp, t1hz2L221F.exe, 00000000.00000002.372200340.00000000026BF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=
                    Source: t1hz2L221F.exe, 00000000.00000002.371382616.00000000025A6000.00000004.00000800.00020000.00000000.sdmp, t1hz2L221F.exe, 00000000.00000002.371832839.0000000002632000.00000004.00000800.00020000.00000000.sdmp, t1hz2L221F.exe, 00000000.00000002.372493483.000000000274B000.00000004.00000800.00020000.00000000.sdmp, t1hz2L221F.exe, 00000000.00000002.372200340.00000000026BF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://search.yahoo.com?fr=crmas_sfpf
                    Source: t1hz2L221F.exe, 00000000.00000002.371382616.00000000025A6000.00000004.00000800.00020000.00000000.sdmp, t1hz2L221F.exe, 00000000.00000002.371832839.0000000002632000.00000004.00000800.00020000.00000000.sdmp, t1hz2L221F.exe, 00000000.00000002.372493483.000000000274B000.00000004.00000800.00020000.00000000.sdmp, t1hz2L221F.exe, 00000000.00000002.372200340.00000000026BF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico

                    System Summary

                    barindex
                    Malicious sample detected (through community Yara rule)
                    Source: t1hz2L221F.exe, type: SAMPLEMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 0.0.t1hz2L221F.exe.10000.0.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: t1hz2L221F.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: t1hz2L221F.exe, type: SAMPLEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 0.0.t1hz2L221F.exe.10000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeCode function: 0_2_023509080_2_02350908
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeCode function: 0_2_04E3E48C0_2_04E3E48C
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeCode function: 0_2_04E32C880_2_04E32C88
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeCode function: 0_2_04E30C080_2_04E30C08
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeCode function: 0_2_04E34B380_2_04E34B38
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeCode function: 0_2_04E353B00_2_04E353B0
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeCode function: 0_2_06EFF5E80_2_06EFF5E8
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeCode function: 0_2_06EFC2900_2_06EFC290
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeCode function: 0_2_06EFB3C00_2_06EFB3C0
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeCode function: 0_2_06EF06800_2_06EF0680
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeCode function: 0_2_06EF24C80_2_06EF24C8
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeCode function: 0_2_06EFF5DA0_2_06EFF5DA
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeCode function: 0_2_06EF12E20_2_06EF12E2
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeCode function: 0_2_06EF12F00_2_06EF12F0
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeCode function: 0_2_06EF30780_2_06EF3078
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeCode function: 0_2_06EF00400_2_06EF0040
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeCode function: 0_2_06EF00060_2_06EF0006
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeCode function: 0_2_06EFD1E00_2_06EFD1E0
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeCode function: 0_2_06EF3D6F0_2_06EF3D6F
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeCode function: 0_2_06EF19820_2_06EF1982
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeCode function: 0_2_06EF19900_2_06EF1990
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeCode function: 0_2_06EF99280_2_06EF9928
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeCode function: 0_2_06EF99180_2_06EF9918
                    Source: t1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs t1hz2L221F.exe
                    Source: t1hz2L221F.exe, 00000000.00000002.372750778.00000000027BD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamechrome.exe< vs t1hz2L221F.exe
                    Source: t1hz2L221F.exe, 00000000.00000002.372750778.00000000027BD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs t1hz2L221F.exe
                    Source: t1hz2L221F.exe, 00000000.00000002.372750778.00000000027BD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ll,\\StringFileInfo\\040904B0\\OriginalFilename vs t1hz2L221F.exe
                    Source: t1hz2L221F.exe, 00000000.00000002.372750778.00000000027BD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameIEXPLORE.EXE.MUID vs t1hz2L221F.exe
                    Source: t1hz2L221F.exe, 00000000.00000002.372750778.00000000027BD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameIEXPLORE.EXED vs t1hz2L221F.exe
                    Source: t1hz2L221F.exe, 00000000.00000000.293753241.0000000000044000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameBudgies.exe4 vs t1hz2L221F.exe
                    Source: t1hz2L221F.exeBinary or memory string: OriginalFilenameBudgies.exe4 vs t1hz2L221F.exe
                    Source: t1hz2L221F.exeVirustotal: Detection: 59%
                    Source: t1hz2L221F.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32Jump to behavior
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId=&apos;1&apos;
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId=&apos;1&apos;
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeFile created: C:\Users\user\AppData\Local\YandexJump to behavior
                    Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@1/1@0/1
                    Source: t1hz2L221F.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
                    Source: t1hz2L221F.exe, BrEx.csBase64 encoded string: 'ZmZuYmVsZmRvZWlvaGVua2ppYm5tYWRqaWVoamhhamJ8WW9yb2lXYWxsZXQKaWJuZWpkZmptbWtwY25scGVia2xtbmtvZW9paG9mZWN8VHJvbmxpbmsKamJkYW9jbmVpaWlubWpiamxnYWxoY2VsZ2Jlam1uaWR8TmlmdHlXYWxsZXQKbmtiaWhmYmVvZ2FlYW9laGxlZm5rb2RiZWZncGdrbm58TWV0YW1hc2sKYWZiY2JqcGJwZmFkbGttaG1jbGhrZWVvZG1hbWNmbGN8TWF0aFdhbGxldApobmZhbmtub2NmZW9mYmRkZ2Npam5taG5mbmtkbmFhZHxDb2luYmFzZQpmaGJvaGltYWVsYm9ocGpiYmxkY25nY25hcG5kb2RqcHxCaW5hbmNlQ2hhaW4Kb2RiZnBlZWloZGtiaWhtb3BrYmptb29uZmFubGJmY2x8QnJhdmVXYWxsZXQKaHBnbGZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58R3VhcmRhV2FsbGV0CmJsbmllaWlmZmJvaWxsa25qbmVwb2dqaGtnbm9hcGFjfEVxdWFsV2FsbGV0CmNqZWxmcGxwbGViZGpqZW5sbHBqY2JsbWprZmNmZm5lfEpheHh4TGliZXJ0eQpmaWhrYWtmb2JrbWtqb2pwY2hwZmdjbWhmam5tbmZwaXxCaXRBcHBXYWxsZXQKa25jY2hkaWdvYmdoZW5iYmFkZG9qam5uYW9nZnBwZmp8aVdhbGxldAphbWttamptbWZsZGRvZ21ocGpsb2ltaXBib2ZuZmppaHxXb21iYXQKZmhpbGFoZWltZ2xpZ25kZGtqZ29ma2NiZ2VraGVuYmh8QXRvbWljV2FsbGV0Cm5sYm1ubmlqY25sZWdrampwY2ZqY2xtY2ZnZ2ZlZmRtfE1ld0N4Cm5hbmptZGtuaGtpbmlmbmtnZGNnZ2NmbmhkYWFtbW1qfEd1aWxkV2FsbGV0Cm5rZGRnbmNkamdqZmNkZGFtZmdjbWZubGhjY25pbWlnfFNhdHVybldhbGxldApmbmpobWtoaG1rYmpra2FibmRjbm5vZ2Fnb2dibmVlY3xSb25pbldhbGxldAphaWlmYm5iZm9icG1lZWtpcGhlZWlqaW1kcG5scGdwcHxUZXJyYVN0YXRpb24KZm5uZWdwaGxvYmpkcGtoZWNhcGtpampka2djamhraWJ8SGFybW9ueVdhbGxldAphZWFjaGtubWVmcGhlcGNjaW9uYm9vaGNrb25vZWVtZ3xDb2luOThXYWxsZXQKY2dlZW9kcGZhZ2pjZWVmaWVmbG1kZnBocGxrZW5sZmt8VG9uQ3J5c3RhbApwZGFkamtma2djYWZnYmNlaW1jcGJrYWxuZm5lcGJua3xLYXJkaWFDaGFpbgpiZm5hZWxtb21laW1obHBtZ2puam9waGhwa2tvbGpwYXxQaGFudG9tCmZoaWxhaGVpbWdsaWduZGRramdvZmtjYmdla2hlbmJofE94eWdlbgptZ2Zma2ZiaWRpaGpwb2FvbWFqbGJnY2hkZGxpY2dwbnxQYWxpV2FsbGV0CmFvZGtrYWduYWRjYm9iZnBnZ2ZuamVvbmdlbWpiamNhfEJvbHRYCmtwZm9wa2VsbWFwY29pcGVtZmVuZG1kY2dobmVnaW1ufExpcXVhbGl0eVdhbGxldApobWVvYm5mbmZjbWRrZGNtbGJsZ2FnbWZwZmJvaWVhZnxYZGVmaVdhbGxldApscGZjYmprbmlqcGVlaWxsaWZua2lrZ25jaWtnZmhkb3xOYW1pV2FsbGV0CmRuZ21sYmxjb2Rmb2JwZHBlY2FhZGdmYmNnZ2ZqZm5tfE1haWFyRGVGaVdhbGxldApmZm5iZWxmZG9laW9oZW5ramlibm1hZGppZWhqaGFqYnxZb3JvaVdhbGxldAppYm5lamRmam1ta3BjbmxwZWJrbG1ua29lb2lob2ZlY3xUcm9ubGluawpqYmRhb2NuZWlpaW5tamJqbGdhbGhjZWxnYmVqbW5pZHxOaWZ0eVdhbGxldApua2JpaGZiZW9nYWVhb2VobGVmbmtvZGJlZmdwZ2tubnxNZXRhbWFzawphZmJjYmpwYnBmYWRsa21obWNsaGtlZW9kbWFtY2ZsY3xNYXRoV2FsbGV0CmhuZmFua25vY2Zlb2ZiZGRnY2lqbm1obmZua2RuYWFkfENvaW5iYXNlCmZoYm9oaW1hZWxib2hwamJibGRjbmdjbmFwbmRvZGpwfEJpbmFuY2VDaGFpbgpvZGJmcGVlaWhka2JpaG1vcGtiam1vb25mYW5sYmZjbHxCcmF2ZVdhbGxldApocGdsZmhnZm5oYmdwamRlbmpnbWRnb2VpYXBwYWZsbnxHdWFyZGFXYWxsZXQKYmxuaWVpaWZmYm9pbGxrbmpuZXBvZ2poa2dub2FwYWN8RXF1YWxXYWxsZXQKY2plbGZwbHBsZWJkamplbmxscGpjYmxtamtmY2ZmbmV8SmF4eHhMaWJlcnR5CmZpaGtha2ZvYmtta2pvanBjaHBmZ2NtaGZqbm1uZnBpfEJpdEFwcFdhbGxldAprbmNjaGRpZ29iZ2hlbmJiYWRkb2pqbm5hb2dmcHBmanxpV2FsbGV0CmFta21qam1tZmxkZG9nbWhwamxvaW1pcGJvZm5mamlofFdvbWJhdApmaGlsYWhlaW1nbGlnbmRka2pnb2ZrY2JnZWtoZW5iaHxBdG9taWNXYWxsZXQKbmxibW5uaWpjbmxlZ2tqanBjZmpjbG1jZmdnZmVmZG18TWV3Q3gKbmFuam1ka25oa2luaWZua2dkY2dnY2ZuaGRhYW1tbWp8R3VpbGRXYWxsZXQKbmtkZGduY2RqZ2pmY2RkYW1mZ2NtZm5saGNjbmltaWd8U2F0dXJuV2FsbGV0CmZuamhta2hobWtiamtrYWJuZGNubm9nYWdvZ2JuZWVjfFJvbmluV2FsbGV
                    Source: 0.0.t1hz2L221F.exe.10000.0.unpack, BrEx.csBase64 encoded string: 'ZmZuYmVsZmRvZWlvaGVua2ppYm5tYWRqaWVoamhhamJ8WW9yb2lXYWxsZXQKaWJuZWpkZmptbWtwY25scGVia2xtbmtvZW9paG9mZWN8VHJvbmxpbmsKamJkYW9jbmVpaWlubWpiamxnYWxoY2VsZ2Jlam1uaWR8TmlmdHlXYWxsZXQKbmtiaWhmYmVvZ2FlYW9laGxlZm5rb2RiZWZncGdrbm58TWV0YW1hc2sKYWZiY2JqcGJwZmFkbGttaG1jbGhrZWVvZG1hbWNmbGN8TWF0aFdhbGxldApobmZhbmtub2NmZW9mYmRkZ2Npam5taG5mbmtkbmFhZHxDb2luYmFzZQpmaGJvaGltYWVsYm9ocGpiYmxkY25nY25hcG5kb2RqcHxCaW5hbmNlQ2hhaW4Kb2RiZnBlZWloZGtiaWhtb3BrYmptb29uZmFubGJmY2x8QnJhdmVXYWxsZXQKaHBnbGZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58R3VhcmRhV2FsbGV0CmJsbmllaWlmZmJvaWxsa25qbmVwb2dqaGtnbm9hcGFjfEVxdWFsV2FsbGV0CmNqZWxmcGxwbGViZGpqZW5sbHBqY2JsbWprZmNmZm5lfEpheHh4TGliZXJ0eQpmaWhrYWtmb2JrbWtqb2pwY2hwZmdjbWhmam5tbmZwaXxCaXRBcHBXYWxsZXQKa25jY2hkaWdvYmdoZW5iYmFkZG9qam5uYW9nZnBwZmp8aVdhbGxldAphbWttamptbWZsZGRvZ21ocGpsb2ltaXBib2ZuZmppaHxXb21iYXQKZmhpbGFoZWltZ2xpZ25kZGtqZ29ma2NiZ2VraGVuYmh8QXRvbWljV2FsbGV0Cm5sYm1ubmlqY25sZWdrampwY2ZqY2xtY2ZnZ2ZlZmRtfE1ld0N4Cm5hbmptZGtuaGtpbmlmbmtnZGNnZ2NmbmhkYWFtbW1qfEd1aWxkV2FsbGV0Cm5rZGRnbmNkamdqZmNkZGFtZmdjbWZubGhjY25pbWlnfFNhdHVybldhbGxldApmbmpobWtoaG1rYmpra2FibmRjbm5vZ2Fnb2dibmVlY3xSb25pbldhbGxldAphaWlmYm5iZm9icG1lZWtpcGhlZWlqaW1kcG5scGdwcHxUZXJyYVN0YXRpb24KZm5uZWdwaGxvYmpkcGtoZWNhcGtpampka2djamhraWJ8SGFybW9ueVdhbGxldAphZWFjaGtubWVmcGhlcGNjaW9uYm9vaGNrb25vZWVtZ3xDb2luOThXYWxsZXQKY2dlZW9kcGZhZ2pjZWVmaWVmbG1kZnBocGxrZW5sZmt8VG9uQ3J5c3RhbApwZGFkamtma2djYWZnYmNlaW1jcGJrYWxuZm5lcGJua3xLYXJkaWFDaGFpbgpiZm5hZWxtb21laW1obHBtZ2puam9waGhwa2tvbGpwYXxQaGFudG9tCmZoaWxhaGVpbWdsaWduZGRramdvZmtjYmdla2hlbmJofE94eWdlbgptZ2Zma2ZiaWRpaGpwb2FvbWFqbGJnY2hkZGxpY2dwbnxQYWxpV2FsbGV0CmFvZGtrYWduYWRjYm9iZnBnZ2ZuamVvbmdlbWpiamNhfEJvbHRYCmtwZm9wa2VsbWFwY29pcGVtZmVuZG1kY2dobmVnaW1ufExpcXVhbGl0eVdhbGxldApobWVvYm5mbmZjbWRrZGNtbGJsZ2FnbWZwZmJvaWVhZnxYZGVmaVdhbGxldApscGZjYmprbmlqcGVlaWxsaWZua2lrZ25jaWtnZmhkb3xOYW1pV2FsbGV0CmRuZ21sYmxjb2Rmb2JwZHBlY2FhZGdmYmNnZ2ZqZm5tfE1haWFyRGVGaVdhbGxldApmZm5iZWxmZG9laW9oZW5ramlibm1hZGppZWhqaGFqYnxZb3JvaVdhbGxldAppYm5lamRmam1ta3BjbmxwZWJrbG1ua29lb2lob2ZlY3xUcm9ubGluawpqYmRhb2NuZWlpaW5tamJqbGdhbGhjZWxnYmVqbW5pZHxOaWZ0eVdhbGxldApua2JpaGZiZW9nYWVhb2VobGVmbmtvZGJlZmdwZ2tubnxNZXRhbWFzawphZmJjYmpwYnBmYWRsa21obWNsaGtlZW9kbWFtY2ZsY3xNYXRoV2FsbGV0CmhuZmFua25vY2Zlb2ZiZGRnY2lqbm1obmZua2RuYWFkfENvaW5iYXNlCmZoYm9oaW1hZWxib2hwamJibGRjbmdjbmFwbmRvZGpwfEJpbmFuY2VDaGFpbgpvZGJmcGVlaWhka2JpaG1vcGtiam1vb25mYW5sYmZjbHxCcmF2ZVdhbGxldApocGdsZmhnZm5oYmdwamRlbmpnbWRnb2VpYXBwYWZsbnxHdWFyZGFXYWxsZXQKYmxuaWVpaWZmYm9pbGxrbmpuZXBvZ2poa2dub2FwYWN8RXF1YWxXYWxsZXQKY2plbGZwbHBsZWJkamplbmxscGpjYmxtamtmY2ZmbmV8SmF4eHhMaWJlcnR5CmZpaGtha2ZvYmtta2pvanBjaHBmZ2NtaGZqbm1uZnBpfEJpdEFwcFdhbGxldAprbmNjaGRpZ29iZ2hlbmJiYWRkb2pqbm5hb2dmcHBmanxpV2FsbGV0CmFta21qam1tZmxkZG9nbWhwamxvaW1pcGJvZm5mamlofFdvbWJhdApmaGlsYWhlaW1nbGlnbmRka2pnb2ZrY2JnZWtoZW5iaHxBdG9taWNXYWxsZXQKbmxibW5uaWpjbmxlZ2tqanBjZmpjbG1jZmdnZmVmZG18TWV3Q3gKbmFuam1ka25oa2luaWZua2dkY2dnY2ZuaGRhYW1tbWp8R3VpbGRXYWxsZXQKbmtkZGduY2RqZ2pmY2RkYW1mZ2NtZm5saGNjbmltaWd8U2F0dXJuV2FsbGV0CmZuamhta2hobWtiamtrYWJuZGNubm9nYWdvZ2JuZWVjfFJvbmluV2FsbGV
                    Source: t1hz2L221F.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                    Source: t1hz2L221F.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                    Source: t1hz2L221F.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeCode function: 0_2_02358976 push es; retf 0_2_02358977
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeCode function: 0_2_04E36904 push E801025Eh; ret 0_2_04E36909
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeCode function: 0_2_06EF7E7D pushfd ; retf 0_2_06EF7E7E
                    Source: t1hz2L221F.exeStatic PE information: 0xCC10F70D [Tue Jun 28 17:44:45 2078 UTC]
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                    Malware Analysis System Evasion

                    barindex
                    Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                    Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Source: C:\Users\user\Desktop\t1hz2L221F.exe TID: 5860Thread sleep count: 9588 > 30Jump to behavior
                    Source: C:\Users\user\Desktop\t1hz2L221F.exe TID: 5088Thread sleep time: -22136092888451448s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeRegistry key enumerated: More than 150 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeWindow / User API: threadDelayed 9588Jump to behavior
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeProcess information queried: ProcessInformationJump to behavior
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeMemory allocated: page read and write | page guardJump to behavior
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeQueries volume information: C:\Users\user\Desktop\t1hz2L221F.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct

                    Stealing of Sensitive Information

                    barindex
                    Yara detected RedLine Stealer
                    Source: Yara matchFile source: dump.pcap, type: PCAP
                    Source: Yara matchFile source: t1hz2L221F.exe, type: SAMPLE
                    Source: Yara matchFile source: 0.0.t1hz2L221F.exe.10000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000000.00000000.293715120.0000000000012000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: t1hz2L221F.exe PID: 1312, type: MEMORYSTR
                    Tries to steal Crypto Currency Wallets
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeFile opened: C:\Users\user\AppData\Roaming\Ethereum\wallets\Jump to behavior
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                    Found many strings related to Crypto-Wallets (likely being stolen)
                    Source: t1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: ElectrumE#
                    Source: t1hz2L221F.exe, 00000000.00000002.372750778.00000000027BD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: ll1C:\Users\user\AppData\Roaming\Electrum\wallets\*
                    Source: t1hz2L221F.exe, 00000000.00000002.372539361.0000000002758000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: cjelfplplebdjjenllpjcblmjkfcffne|JaxxxLiberty
                    Source: t1hz2L221F.exe, 00000000.00000002.372750778.00000000027BD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: %appdata%\Exodus\exodus.wallet
                    Source: t1hz2L221F.exe, 00000000.00000002.372750778.00000000027BD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: %appdata%\Ethereum\wallets
                    Source: t1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: ExodusE#
                    Source: t1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: EthereumE#
                    Source: t1hz2L221F.exe, 00000000.00000002.372750778.00000000027BD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: ll5C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\*
                    Tries to harvest and steal browser information (history, passwords, etc)
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                    Source: C:\Users\user\Desktop\t1hz2L221F.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                    Source: Yara matchFile source: 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.372750778.00000000027BD000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: t1hz2L221F.exe PID: 1312, type: MEMORYSTR

                    Remote Access Functionality

                    barindex
                    Yara detected RedLine Stealer
                    Source: Yara matchFile source: dump.pcap, type: PCAP
                    Source: Yara matchFile source: t1hz2L221F.exe, type: SAMPLE
                    Source: Yara matchFile source: 0.0.t1hz2L221F.exe.10000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000000.00000000.293715120.0000000000012000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: t1hz2L221F.exe PID: 1312, type: MEMORYSTR

                    Mitre Att&ck Matrix

                    Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                    Valid Accounts221
                    Windows Management Instrumentation                    		Path InterceptionPath Interception1
                    Masquerading                    		1
                    OS Credential Dumping                    		22
                    Security Software Discovery                    		Remote Services1
                    Archive Collected Data                    		Exfiltration Over Other Network Medium1
                    Encrypted Channel                    		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                    Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
                    Disable or Modify Tools                    		LSASS Memory11
                    Process Discovery                    		Remote Desktop Protocol3
                    Data from Local System                    		Exfiltration Over Bluetooth1
                    Non-Standard Port                    		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                    Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)231
                    Virtualization/Sandbox Evasion                    		Security Account Manager231
                    Virtualization/Sandbox Evasion                    		SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration1
                    Application Layer Protocol                    		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                    Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)21
                    Obfuscated Files or Information                    		NTDS1
                    Application Window Discovery                    		Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
                    Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script1
                    Timestomp                    		LSA Secrets123
                    System Information Discovery                    		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings

                    Behavior Graph

                    Hide Legend

                    Legend:

                    • Process
                    • Signature
                    • Created File
                    • DNS/IP Info
                    • Is Dropped
                    • Is Windows Process
                    • Number of created Registry Values
                    • Number of created Files
                    • Visual Basic
                    • Delphi
                    • Java
                    • .Net C# or VB.NET
                    • C, C++ or other language
                    • Is malicious
                    • Internet

                    Screenshots

                    Thumbnails

                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                    windows-stand

                    Antivirus, Machine Learning and Genetic Malware Detection

                    Initial Sample

                    SourceDetectionScannerLabelLink
                    t1hz2L221F.exe59%VirustotalBrowse
                    t1hz2L221F.exe100%Joe Sandbox ML

                    Dropped Files

                    No Antivirus matches

                    Unpacked PE Files

                    No Antivirus matches

                    Domains

                    No Antivirus matches

                    URLs

                    SourceDetectionScannerLabelLink
                    http://tempuri.org/Entity/Id12Response0%URL Reputationsafe
                    http://tempuri.org/0%URL Reputationsafe
                    http://tempuri.org/Entity/Id2Response0%URL Reputationsafe
                    http://ns.adobe.c/g0%URL Reputationsafe
                    http://tempuri.org/Entity/Id21Response0%URL Reputationsafe
                    http://tempuri.org/Entity/Id90%URL Reputationsafe
                    http://tempuri.org/Entity/Id80%URL Reputationsafe
                    http://tempuri.org/Entity/Id50%URL Reputationsafe
                    http://tempuri.org/Entity/Id40%URL Reputationsafe
                    http://tempuri.org/Entity/Id70%URL Reputationsafe
                    http://tempuri.org/Entity/Id60%URL Reputationsafe
                    http://tempuri.org/Entity/Id19Response0%URL Reputationsafe
                    http://tempuri.org/Entity/Id15Response0%URL Reputationsafe
                    http://tempuri.org/Entity/Id6Response0%URL Reputationsafe
                    https://api.ip.sb/ip0%URL Reputationsafe
                    http://tempuri.org/Entity/Id9Response0%URL Reputationsafe
                    http://tempuri.org/Entity/Id200%URL Reputationsafe
                    http://tempuri.org/Entity/Id210%URL Reputationsafe
                    http://tempuri.org/Entity/Id220%URL Reputationsafe
                    http://tempuri.org/Entity/Id230%URL Reputationsafe
                    http://tempuri.org/Entity/Id240%URL Reputationsafe
                    http://tempuri.org/Entity/Id24Response0%URL Reputationsafe
                    http://tempuri.org/Entity/Id1Response0%URL Reputationsafe
                    http://tempuri.org/Entity/Id100%URL Reputationsafe
                    http://tempuri.org/Entity/Id110%URL Reputationsafe
                    http://tempuri.org/Entity/Id120%URL Reputationsafe
                    http://tempuri.org/Entity/Id16Response0%URL Reputationsafe
                    http://tempuri.org/Entity/Id130%URL Reputationsafe
                    http://tempuri.org/Entity/Id140%URL Reputationsafe
                    http://tempuri.org/Entity/Id150%URL Reputationsafe
                    http://tempuri.org/Entity/Id160%URL Reputationsafe
                    http://tempuri.org/Entity/Id160%URL Reputationsafe
                    http://tempuri.org/Entity/Id170%URL Reputationsafe
                    http://tempuri.org/Entity/Id180%URL Reputationsafe
                    http://tempuri.org/Entity/Id5Response0%URL Reputationsafe
                    http://tempuri.org/Entity/Id190%URL Reputationsafe
                    http://tempuri.org/Entity/Id10Response0%URL Reputationsafe
                    http://tempuri.org/Entity/Id10Response0%URL Reputationsafe
                    http://tempuri.org/Entity/Id8Response0%URL Reputationsafe
                    http://tempuri.org/Entity/Id23Response0%URL Reputationsafe
                    http://tempuri.org/Entity/Id19Responseem5d0%Avira URL Cloudsafe

                    Domains and IPs

                    Contacted Domains

                    No contacted domains info

                    URLs from Memory and Binaries

                    NameSourceMaliciousAntivirus DetectionReputation
                    http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Textt1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmpfalse
                      		high
                      http://schemas.xmlsoap.org/ws/2005/02/sc/sctt1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmpfalse
                        		high
                        https://duckduckgo.com/chrome_newtabt1hz2L221F.exe, 00000000.00000002.371382616.00000000025A6000.00000004.00000800.00020000.00000000.sdmp, t1hz2L221F.exe, 00000000.00000002.371832839.0000000002632000.00000004.00000800.00020000.00000000.sdmp, t1hz2L221F.exe, 00000000.00000002.372493483.000000000274B000.00000004.00000800.00020000.00000000.sdmp, t1hz2L221F.exe, 00000000.00000002.372200340.00000000026BF000.00000004.00000800.00020000.00000000.sdmpfalse
                          		high
                          http://schemas.xmlsoap.org/ws/2004/04/security/sc/dkt1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmpfalse
                            		high
                            https://duckduckgo.com/ac/?q=t1hz2L221F.exe, 00000000.00000002.371382616.00000000025A6000.00000004.00000800.00020000.00000000.sdmp, t1hz2L221F.exe, 00000000.00000002.371832839.0000000002632000.00000004.00000800.00020000.00000000.sdmp, t1hz2L221F.exe, 00000000.00000002.372493483.000000000274B000.00000004.00000800.00020000.00000000.sdmp, t1hz2L221F.exe, 00000000.00000002.372200340.00000000026BF000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinaryt1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                http://tempuri.org/Entity/Id12Responset1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmp, t1hz2L221F.exe, 00000000.00000002.370543999.0000000002401000.00000004.00000800.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                http://tempuri.org/t1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmp, t1hz2L221F.exe, 00000000.00000002.370543999.0000000002401000.00000004.00000800.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                http://tempuri.org/Entity/Id2Responset1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmp, t1hz2L221F.exe, 00000000.00000002.370543999.0000000002401000.00000004.00000800.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                http://ns.adobe.c/gt1hz2L221F.exe, 00000000.00000003.364623869.0000000009171000.00000004.00000800.00020000.00000000.sdmp, t1hz2L221F.exe, 00000000.00000003.364699003.0000000009184000.00000004.00000800.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1t1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  http://tempuri.org/Entity/Id21Responset1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmp, t1hz2L221F.exe, 00000000.00000002.370543999.0000000002401000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrapt1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    http://tempuri.org/Entity/Id9t1hz2L221F.exe, 00000000.00000002.370543999.0000000002401000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLIDt1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      http://schemas.xmlsoap.org/ws/2004/08/addressing/faultht1hz2L221F.exe, 00000000.00000002.370543999.0000000002401000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        http://tempuri.org/Entity/Id8t1hz2L221F.exe, 00000000.00000002.370543999.0000000002401000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        http://tempuri.org/Entity/Id5t1hz2L221F.exe, 00000000.00000002.370543999.0000000002401000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        http://schemas.xmlsoap.org/ws/2004/10/wsat/Preparet1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          http://tempuri.org/Entity/Id4t1hz2L221F.exe, 00000000.00000002.370543999.0000000002401000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          http://tempuri.org/Entity/Id7t1hz2L221F.exe, 00000000.00000002.372539361.0000000002758000.00000004.00000800.00020000.00000000.sdmp, t1hz2L221F.exe, 00000000.00000002.370543999.0000000002401000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          http://tempuri.org/Entity/Id6t1hz2L221F.exe, 00000000.00000002.370543999.0000000002401000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecrett1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            http://tempuri.org/Entity/Id19Responset1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#licenset1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issuet1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                http://schemas.xmlsoap.org/ws/2004/10/wsat/Abortedt1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequencet1hz2L221F.exe, 00000000.00000002.370543999.0000000002401000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://schemas.xmlsoap.org/ws/2004/10/wsat/faultt1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://schemas.xmlsoap.org/ws/2004/10/wsatt1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeyt1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://tempuri.org/Entity/Id15Responset1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmp, t1hz2L221F.exe, 00000000.00000002.372750778.00000000027BD000.00000004.00000800.00020000.00000000.sdmp, t1hz2L221F.exe, 00000000.00000002.370543999.0000000002401000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          • URL Reputation: safe
                                                          		unknown
                                                          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namet1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renewt1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://schemas.xmlsoap.org/ws/2004/10/wscoor/Registert1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://tempuri.org/Entity/Id6Responset1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmp, t1hz2L221F.exe, 00000000.00000002.372750778.00000000027BD000.00000004.00000800.00020000.00000000.sdmp, t1hz2L221F.exe, 00000000.00000002.370543999.0000000002401000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                • URL Reputation: safe
                                                                		unknown
                                                                http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKeyt1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://api.ip.sb/ipt1hz2L221F.exefalse
                                                                  • URL Reputation: safe
                                                                  		unknown
                                                                  http://schemas.xmlsoap.org/ws/2004/04/sct1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PCt1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancelt1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://tempuri.org/Entity/Id9Responset1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmp, t1hz2L221F.exe, 00000000.00000002.370543999.0000000002401000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        • URL Reputation: safe
                                                                        		unknown
                                                                        https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=t1hz2L221F.exe, 00000000.00000002.371382616.00000000025A6000.00000004.00000800.00020000.00000000.sdmp, t1hz2L221F.exe, 00000000.00000002.371832839.0000000002632000.00000004.00000800.00020000.00000000.sdmp, t1hz2L221F.exe, 00000000.00000002.372493483.000000000274B000.00000004.00000800.00020000.00000000.sdmp, t1hz2L221F.exe, 00000000.00000002.372200340.00000000026BF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://tempuri.org/Entity/Id20t1hz2L221F.exe, 00000000.00000002.370543999.0000000002401000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          • URL Reputation: safe
                                                                          		unknown
                                                                          http://tempuri.org/Entity/Id21t1hz2L221F.exe, 00000000.00000002.370543999.0000000002401000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          • URL Reputation: safe
                                                                          		unknown
                                                                          http://tempuri.org/Entity/Id22t1hz2L221F.exe, 00000000.00000002.370543999.0000000002401000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          • URL Reputation: safe
                                                                          		unknown
                                                                          http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1t1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://tempuri.org/Entity/Id23t1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmp, t1hz2L221F.exe, 00000000.00000002.370543999.0000000002401000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            • URL Reputation: safe
                                                                            		unknown
                                                                            http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1t1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://tempuri.org/Entity/Id24t1hz2L221F.exe, 00000000.00000002.370543999.0000000002401000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              • URL Reputation: safe
                                                                              		unknown
                                                                              http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/Issuet1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://tempuri.org/Entity/Id24Responset1hz2L221F.exe, 00000000.00000002.370543999.0000000002401000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                • URL Reputation: safe
                                                                                		unknown
                                                                                http://tempuri.org/Entity/Id1Responset1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmp, t1hz2L221F.exe, 00000000.00000002.370543999.0000000002401000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                • URL Reputation: safe
                                                                                		unknown
                                                                                https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=t1hz2L221F.exe, 00000000.00000002.371382616.00000000025A6000.00000004.00000800.00020000.00000000.sdmp, t1hz2L221F.exe, 00000000.00000002.371832839.0000000002632000.00000004.00000800.00020000.00000000.sdmp, t1hz2L221F.exe, 00000000.00000002.372493483.000000000274B000.00000004.00000800.00020000.00000000.sdmp, t1hz2L221F.exe, 00000000.00000002.372200340.00000000026BF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequestedt1hz2L221F.exe, 00000000.00000002.370543999.0000000002401000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnlyt1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://schemas.xmlsoap.org/ws/2004/10/wsat/Replayt1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnegot1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binaryt1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PCt1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKeyt1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                http://schemas.xmlsoap.org/ws/2004/08/addressingt1hz2L221F.exe, 00000000.00000002.370543999.0000000002401000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issuet1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    http://schemas.xmlsoap.org/ws/2004/10/wsat/Completiont1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      http://schemas.xmlsoap.org/ws/2004/04/trustt1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        http://tempuri.org/Entity/Id10t1hz2L221F.exe, 00000000.00000002.370543999.0000000002401000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        • URL Reputation: safe
                                                                                                        		unknown
                                                                                                        http://tempuri.org/Entity/Id11t1hz2L221F.exe, 00000000.00000002.370543999.0000000002401000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        • URL Reputation: safe
                                                                                                        		unknown
                                                                                                        http://tempuri.org/Entity/Id12t1hz2L221F.exe, 00000000.00000002.370543999.0000000002401000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        • URL Reputation: safe
                                                                                                        		unknown
                                                                                                        http://tempuri.org/Entity/Id16Responset1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmp, t1hz2L221F.exe, 00000000.00000002.372750778.00000000027BD000.00000004.00000800.00020000.00000000.sdmp, t1hz2L221F.exe, 00000000.00000002.370543999.0000000002401000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        • URL Reputation: safe
                                                                                                        		unknown
                                                                                                        http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponset1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancelt1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            http://tempuri.org/Entity/Id13t1hz2L221F.exe, 00000000.00000002.370543999.0000000002401000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            • URL Reputation: safe
                                                                                                            		unknown
                                                                                                            http://tempuri.org/Entity/Id14t1hz2L221F.exe, 00000000.00000002.370543999.0000000002401000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            • URL Reputation: safe
                                                                                                            		unknown
                                                                                                            http://tempuri.org/Entity/Id15t1hz2L221F.exe, 00000000.00000002.370543999.0000000002401000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            • URL Reputation: safe
                                                                                                            		unknown
                                                                                                            http://tempuri.org/Entity/Id16t1hz2L221F.exe, 00000000.00000002.370543999.0000000002401000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            • URL Reputation: safe
                                                                                                            • URL Reputation: safe
                                                                                                            		unknown
                                                                                                            http://schemas.xmlsoap.org/ws/2005/02/trust/Noncet1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              http://tempuri.org/Entity/Id17t1hz2L221F.exe, 00000000.00000002.370543999.0000000002401000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              • URL Reputation: safe
                                                                                                              		unknown
                                                                                                              http://tempuri.org/Entity/Id18t1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmp, t1hz2L221F.exe, 00000000.00000002.370543999.0000000002401000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              • URL Reputation: safe
                                                                                                              		unknown
                                                                                                              http://tempuri.org/Entity/Id5Responset1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmp, t1hz2L221F.exe, 00000000.00000002.370543999.0000000002401000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              • URL Reputation: safe
                                                                                                              		unknown
                                                                                                              http://tempuri.org/Entity/Id19t1hz2L221F.exe, 00000000.00000002.370543999.0000000002401000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              • URL Reputation: safe
                                                                                                              		unknown
                                                                                                              http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dnst1hz2L221F.exe, 00000000.00000002.370543999.0000000002401000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                http://tempuri.org/Entity/Id10Responset1hz2L221F.exe, 00000000.00000002.372539361.0000000002758000.00000004.00000800.00020000.00000000.sdmp, t1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmp, t1hz2L221F.exe, 00000000.00000002.370543999.0000000002401000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                • URL Reputation: safe
                                                                                                                • URL Reputation: safe
                                                                                                                		unknown
                                                                                                                http://schemas.xmlsoap.org/ws/2005/02/trust/Renewt1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://tempuri.org/Entity/Id8Responset1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmp, t1hz2L221F.exe, 00000000.00000002.370543999.0000000002401000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  • URL Reputation: safe
                                                                                                                  		unknown
                                                                                                                  http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKeyt1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0t1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionIDt1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCTt1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          http://schemas.xmlsoap.org/ws/2006/02/addressingidentityt1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://schemas.xmlsoap.org/soap/envelope/t1hz2L221F.exe, 00000000.00000002.370543999.0000000002401000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://search.yahoo.com?fr=crmas_sfpft1hz2L221F.exe, 00000000.00000002.371382616.00000000025A6000.00000004.00000800.00020000.00000000.sdmp, t1hz2L221F.exe, 00000000.00000002.371832839.0000000002632000.00000004.00000800.00020000.00000000.sdmp, t1hz2L221F.exe, 00000000.00000002.372493483.000000000274B000.00000004.00000800.00020000.00000000.sdmp, t1hz2L221F.exe, 00000000.00000002.372200340.00000000026BF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKeyt1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1t1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    http://schemas.xmlsoap.org/ws/2005/02/trustt1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      http://schemas.xmlsoap.org/ws/2004/10/wsat/Rollbackt1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        http://tempuri.org/Entity/Id19Responseem5dt1hz2L221F.exe, 00000000.00000002.370543999.0000000002401000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        • Avira URL Cloud: safe
                                                                                                                                        		unknown
                                                                                                                                        http://tempuri.org/Entity/Id23Responset1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmp, t1hz2L221F.exe, 00000000.00000002.370543999.0000000002401000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        • URL Reputation: safe
                                                                                                                                        		unknown
                                                                                                                                        http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCTt1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          http://schemas.xmlsoap.org/ws/2004/06/addressingext1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            http://schemas.xmlsoap.org/ws/2004/10/wscoort1hz2L221F.exe, 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              		high

                                                                                                                                              World Map of Contacted IPs

                                                                                                                                              • No. of IPs < 25%
                                                                                                                                              • 25% < No. of IPs < 50%
                                                                                                                                              • 50% < No. of IPs < 75%
                                                                                                                                              • 75% < No. of IPs

                                                                                                                                              Public IPs

                                                                                                                                              IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                              185.143.223.31
                                                                                                                                              		unknownRussian Federation
                                                                                                                                              		204718INFORMTECH-ASRUtrue

                                                                                                                                              General Information

                                                                                                                                              Joe Sandbox Version:36.0.0 Rainbow Opal
                                                                                                                                              Analysis ID:751341
                                                                                                                                              Start date and time:2022-11-22 04:56:09 +01:00
                                                                                                                                              Joe Sandbox Product:CloudBasic
                                                                                                                                              Overall analysis duration:0h 4m 10s
                                                                                                                                              Hypervisor based Inspection enabled:false
                                                                                                                                              Report type:full
                                                                                                                                              Sample file name:t1hz2L221F.exe
                                                                                                                                              Cookbook file name:default.jbs
                                                                                                                                              Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                                                                              Number of analysed new started processes analysed:1
                                                                                                                                              Number of new started drivers analysed:0
                                                                                                                                              Number of existing processes analysed:0
                                                                                                                                              Number of existing drivers analysed:0
                                                                                                                                              Number of injected processes analysed:0
                                                                                                                                              Technologies:
                                                                                                                                              • HCA enabled
                                                                                                                                              • EGA enabled
                                                                                                                                              • HDC enabled
                                                                                                                                              • AMSI enabled
                                                                                                                                              Analysis Mode:default
                                                                                                                                              Analysis stop reason:Timeout
                                                                                                                                              Detection:MAL
                                                                                                                                              Classification:mal100.troj.spyw.evad.winEXE@1/1@0/1
                                                                                                                                              EGA Information:Failed
                                                                                                                                              HDC Information:Failed
                                                                                                                                              HCA Information:
                                                                                                                                              • Successful, ratio: 100%
                                                                                                                                              • Number of executed functions: 193
                                                                                                                                              • Number of non-executed functions: 17
                                                                                                                                              Cookbook Comments:
                                                                                                                                              • Found application associated with file extension: .exe
                                                                                                                                              • Stop behavior analysis, all processes terminated

                                                                                                                                              Warnings

                                                                                                                                              • Execution Graph export aborted for target t1hz2L221F.exe, PID 1312 because it is empty
                                                                                                                                              • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                              • Report size getting too big, too many NtQueryValueKey calls found.

                                                                                                                                              Simulations

                                                                                                                                              Behavior and APIs

                                                                                                                                              TimeTypeDescription
                                                                                                                                              04:57:23API Interceptor55x Sleep call for process: t1hz2L221F.exe modified

                                                                                                                                              Joe Sandbox View / Context

                                                                                                                                              IPs

                                                                                                                                              No context

                                                                                                                                              Domains

                                                                                                                                              No context

                                                                                                                                              ASNs

                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                              INFORMTECH-ASRUGxc2iCkQEg.exeGet hashmaliciousBrowse
                                                                                                                                              • 185.143.223.72
                                                                                                                                              QYVPYIyjjj.exeGet hashmaliciousBrowse
                                                                                                                                              • 185.143.223.15
                                                                                                                                              A.exeGet hashmaliciousBrowse
                                                                                                                                              • 185.143.223.25
                                                                                                                                              TcGM2SBc5c.exeGet hashmaliciousBrowse
                                                                                                                                              • 185.143.223.25
                                                                                                                                              file.exeGet hashmaliciousBrowse
                                                                                                                                              • 185.143.223.25
                                                                                                                                              M83j7zvU0c.exeGet hashmaliciousBrowse
                                                                                                                                              • 185.143.223.25
                                                                                                                                              WiEG0RUUyT.exeGet hashmaliciousBrowse
                                                                                                                                              • 185.143.223.25
                                                                                                                                              RSg2UWbVWV.exeGet hashmaliciousBrowse
                                                                                                                                              • 185.143.223.52
                                                                                                                                              DABC9BE2F1FBAEBD6338E2DAFF3EFAAB8D17BA8C84241.exeGet hashmaliciousBrowse
                                                                                                                                              • 185.143.223.9
                                                                                                                                              cFcfo1Vmh2YZDZCkR_HdktbRvEqJ62e2BAIPMfRY5o0.exeGet hashmaliciousBrowse
                                                                                                                                              • 185.143.223.25
                                                                                                                                              6ovSXUVD9t.exeGet hashmaliciousBrowse
                                                                                                                                              • 185.143.223.90
                                                                                                                                              uZ6mJyYl4P.exeGet hashmaliciousBrowse
                                                                                                                                              • 185.143.223.90
                                                                                                                                              B0cqt6nIQ0.exeGet hashmaliciousBrowse
                                                                                                                                              • 185.143.223.90
                                                                                                                                              ahL7yCLSLw.exeGet hashmaliciousBrowse
                                                                                                                                              • 185.143.223.90
                                                                                                                                              7HJFokG7Zt.exeGet hashmaliciousBrowse
                                                                                                                                              • 185.143.223.90
                                                                                                                                              DZvIdDTMpX.exeGet hashmaliciousBrowse
                                                                                                                                              • 185.143.223.90
                                                                                                                                              ieYs6dtUta.exeGet hashmaliciousBrowse
                                                                                                                                              • 185.143.223.90
                                                                                                                                              HlllNDBf7G.exeGet hashmaliciousBrowse
                                                                                                                                              • 185.143.223.90
                                                                                                                                              ABUiX7W6OC.exeGet hashmaliciousBrowse
                                                                                                                                              • 185.143.223.90
                                                                                                                                              lT8863Y7Fh.exeGet hashmaliciousBrowse
                                                                                                                                              • 185.143.223.90

                                                                                                                                              JA3 Fingerprints

                                                                                                                                              No context

                                                                                                                                              Dropped Files

                                                                                                                                              No context

                                                                                                                                              Created / dropped Files

                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\t1hz2L221F.exe.log

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Users\user\Desktop\t1hz2L221F.exe
                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):2843
                                                                                                                                              Entropy (8bit):5.3371553026862095
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:48:MxHKXeHKlEHU0YHKhQnouHIWUfHKhBHKdHKBfHK5AHKzvQTHmtHoxHImHKAHKx1N:iqXeqm00YqhQnouOqLqdqNq2qzcGtIxk
                                                                                                                                              MD5:E98C96B912A2252CD91954187BDADB83
                                                                                                                                              SHA1:5271B576C48E2232363D40C6B2A9B615888907EB
                                                                                                                                              SHA-256:12FCA7D4379818526A85AFE3E7022892728C7179E63EC35E329E995230E27D08
                                                                                                                                              SHA-512:B8FA3961B35F53E706804047C270D4A8AC8AC50F0F9B54715BCCAD910E69944BCD78824664A4AA308E6EA1198B65A22ECD4E6C103EF690B8A4FB8136C6C94C17
                                                                                                                                              Malicious:true
                                                                                                                                              Reputation:moderate, very likely benign file
                                                                                                                                              Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..3,"PresentationCore, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\820a27781e8540ca263d835ec155f1a5\PresentationCore.ni.dll",0..3,"PresentationFramework, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\889128adc9a7c9370e5e293f65060164\PresentationFramework.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"WindowsBase, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_32\Wi

                                                                                                                                              Static File Info

                                                                                                                                              General

                                                                                                                                              File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                              Entropy (8bit):5.321530606895407
                                                                                                                                              TrID:
                                                                                                                                              • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                                                                                                                              • Win32 Executable (generic) a (10002005/4) 49.78%
                                                                                                                                              • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                                                                              • Win16/32 Executable Delphi generic (2074/23) 0.01%
                                                                                                                                              • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                                                                              File name:t1hz2L221F.exe
                                                                                                                                              File size:206848
                                                                                                                                              MD5:1a5c0c52cd2e7bb1929b90b191325b64
                                                                                                                                              SHA1:52cdefeec4bccff4e0d0b43e7712aaa0aeaf6ca1
                                                                                                                                              SHA256:8f24e6ddba21d619abef75b15916c8817522cfbd8dfc05dfa0663f1caffee3bc
                                                                                                                                              SHA512:48f48366b205abf6668d6a5aacbf4ff19d5088232f7e11f5d1b66a3fa63d2cfab762b0d8d2be4c865e340467e20990f9249efa44415657db310925961ab71f73
                                                                                                                                              SSDEEP:3072:ZYO/ZMTFKM+XUFrjxnSklTt0EYWF45RXlQhPSS0:ZYMZMBKMEUBTJYLBlQh
                                                                                                                                              TLSH:9F14C20C1F9BF915D6AA4A746760635077B3BD0EA85FE71A0AD02CAD1E32F4CC9131A7
                                                                                                                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....................0..............#... ...@....@.. ....................................@................................

                                                                                                                                              File Icon

                                                                                                                                              Icon Hash:00d6e8b292aa9200

                                                                                                                                              Static PE Info

                                                                                                                                              General

                                                                                                                                              Entrypoint:0x42230a
                                                                                                                                              Entrypoint Section:.text
                                                                                                                                              Digitally signed:false
                                                                                                                                              Imagebase:0x400000
                                                                                                                                              Subsystem:windows gui
                                                                                                                                              Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                              DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                              Time Stamp:0xCC10F70D [Tue Jun 28 17:44:45 2078 UTC]
                                                                                                                                              TLS Callbacks:
                                                                                                                                              CLR (.Net) Version:
                                                                                                                                              OS Version Major:4
                                                                                                                                              OS Version Minor:0
                                                                                                                                              File Version Major:4
                                                                                                                                              File Version Minor:0
                                                                                                                                              Subsystem Version Major:4
                                                                                                                                              Subsystem Version Minor:0
                                                                                                                                              Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                                                                              Entrypoint Preview

                                                                                                                                              Instruction
                                                                                                                                              jmp dword ptr [00402000h]
                                                                                                                                              popad
                                                                                                                                              add byte ptr [ebp+00h], dh
                                                                                                                                              je 00007F6658C0C842h
                                                                                                                                              outsd
                                                                                                                                              add byte ptr [esi+00h], ah
                                                                                                                                              imul eax, dword ptr [eax], 006C006Ch
                                                                                                                                              push eax
                                                                                                                                              add byte ptr [edx+00h], dh
                                                                                                                                              outsd
                                                                                                                                              add byte ptr [esi+00h], ah
                                                                                                                                              imul eax, dword ptr [eax], 0065006Ch
                                                                                                                                              jnc 00007F6658C0C842h
                                                                                                                                              push esp
                                                                                                                                              add byte ptr [edi+00h], ch
                                                                                                                                              je 00007F6658C0C842h
                                                                                                                                              popad
                                                                                                                                              add byte ptr [eax+eax+20h], ch
                                                                                                                                              add byte ptr [edi+00h], ch
                                                                                                                                              add byte ptr [eax], ah
                                                                                                                                              add byte ptr [edx+00h], dl
                                                                                                                                              inc ecx
                                                                                                                                              add byte ptr [ebp+00h], cl
                                                                                                                                              push esi
                                                                                                                                              add byte ptr [eax+00h], dl
                                                                                                                                              inc ebp
                                                                                                                                              add byte ptr [esi+00h], ch
                                                                                                                                              je 00007F6658C0C842h
                                                                                                                                              imul eax, dword ptr [eax], 00790074h
                                                                                                                                              xor dword ptr [eax], eax
                                                                                                                                              xor al, byte ptr [eax]
                                                                                                                                              dec esi
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [ecx+00h], al
                                                                                                                                              jo 00007F6658C0C842h
                                                                                                                                              jo 00007F6658C0C842h
                                                                                                                                              inc esp
                                                                                                                                              add byte ptr [ecx+00h], ah
                                                                                                                                              je 00007F6658C0C842h
                                                                                                                                              popad
                                                                                                                                              add byte ptr [eax+eax+4Ch], bl
                                                                                                                                              add byte ptr [edi+00h], ch
                                                                                                                                              arpl word ptr [eax], ax
                                                                                                                                              popad
                                                                                                                                              add byte ptr [eax+eax+5Ch], ch
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [ebx+00h], bl
                                                                                                                                              pop esi
                                                                                                                                              add byte ptr [eax+eax+75h], bl
                                                                                                                                              add byte ptr [eax], dh
                                                                                                                                              add byte ptr [eax], dh
                                                                                                                                              add byte ptr [edx], dh
                                                                                                                                              add byte ptr [eax], dh
                                                                                                                                              add byte ptr [75005C00h], ch
                                                                                                                                              add byte ptr [eax], dh
                                                                                                                                              add byte ptr [eax], dh
                                                                                                                                              add byte ptr [edi], dh
                                                                                                                                              add byte ptr [esi+00h], al
                                                                                                                                              pop ebp
                                                                                                                                              add byte ptr [ebp+00h], dl
                                                                                                                                              dec esi
                                                                                                                                              add byte ptr [ebx+00h], cl
                                                                                                                                              dec esi
                                                                                                                                              add byte ptr [edi+00h], cl
                                                                                                                                              push edi
                                                                                                                                              add byte ptr [esi+00h], cl
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              dec esp
                                                                                                                                              add byte ptr [edi+00h], ch
                                                                                                                                              arpl word ptr [eax], ax
                                                                                                                                              popad
                                                                                                                                              add byte ptr [eax+eax+20h], ch
                                                                                                                                              add byte ptr [ebx+00h], dl
                                                                                                                                              je 00007F6658C0C842h
                                                                                                                                              popad
                                                                                                                                              add byte ptr [eax+eax+65h], dh
                                                                                                                                              add byte ptr [eax], al
                                                                                                                                              add byte ptr [eax+00h], dl
                                                                                                                                              jc 00007F6658C0C842h
                                                                                                                                              outsd
                                                                                                                                              add byte ptr [ebx+00h], ah
                                                                                                                                              add byte ptr [eax], al

                                                                                                                                              Data Directories

                                                                                                                                              NameVirtual AddressVirtual Size Is in Section
                                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x222b80x4f.text
                                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x240000x10eb0.rsrc
                                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x360000xc.reloc
                                                                                                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x2229c0x1c.text
                                                                                                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                              IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                              Sections

                                                                                                                                              NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                              .text0x20000x20e600x21000False0.4325358072916667data5.907350086335485IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                              .rsrc0x240000x10eb00x11000False0.038559857536764705data2.9736238331403233IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                              .reloc0x360000xc0x400False0.025390625data0.05390218305374581IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                              Resources

                                                                                                                                              NameRVASizeTypeLanguageCountry
                                                                                                                                              RT_ICON0x241600x10828Device independent bitmap graphic, 128 x 256 x 32, image size 65536, resolution 3779 x 3779 px/m
                                                                                                                                              RT_GROUP_ICON0x349880x14data
                                                                                                                                              RT_GROUP_ICON0x3499c0x14data
                                                                                                                                              RT_VERSION0x349b00x314data
                                                                                                                                              RT_MANIFEST0x34cc40x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

                                                                                                                                              Imports

                                                                                                                                              DLLImport
                                                                                                                                              mscoree.dll_CorExeMain

                                                                                                                                              Network Behavior

                                                                                                                                              Snort IDS Alerts

                                                                                                                                              TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                                                              192.168.2.4185.143.223.3149696144332850027 11/22/22-04:57:10.394818TCP2850027ETPRO TROJAN RedLine Stealer TCP CnC net.tcp Init4969614433192.168.2.4185.143.223.31
                                                                                                                                              192.168.2.4185.143.223.3149696144332850286 11/22/22-04:57:30.788857TCP2850286ETPRO TROJAN Redline Stealer TCP CnC Activity4969614433192.168.2.4185.143.223.31
                                                                                                                                              185.143.223.31192.168.2.414433496962850353 11/22/22-04:57:11.905752TCP2850353ETPRO MALWARE Redline Stealer TCP CnC - Id1Response1443349696185.143.223.31192.168.2.4

                                                                                                                                              Network Port Distribution

                                                                                                                                              TCP Packets

                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                              Nov 22, 2022 04:57:10.008730888 CET4969614433192.168.2.4185.143.223.31
                                                                                                                                              Nov 22, 2022 04:57:10.131551981 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:10.131743908 CET4969614433192.168.2.4185.143.223.31
                                                                                                                                              Nov 22, 2022 04:57:10.394818068 CET4969614433192.168.2.4185.143.223.31
                                                                                                                                              Nov 22, 2022 04:57:10.519418001 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:10.570400000 CET4969614433192.168.2.4185.143.223.31
                                                                                                                                              Nov 22, 2022 04:57:11.781265020 CET4969614433192.168.2.4185.143.223.31
                                                                                                                                              Nov 22, 2022 04:57:11.905751944 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:11.961247921 CET4969614433192.168.2.4185.143.223.31
                                                                                                                                              Nov 22, 2022 04:57:21.720896006 CET4969614433192.168.2.4185.143.223.31
                                                                                                                                              Nov 22, 2022 04:57:21.848747969 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:21.848864079 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:21.848926067 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:21.848982096 CET4969614433192.168.2.4185.143.223.31
                                                                                                                                              Nov 22, 2022 04:57:21.899504900 CET4969614433192.168.2.4185.143.223.31
                                                                                                                                              Nov 22, 2022 04:57:23.292238951 CET4969614433192.168.2.4185.143.223.31
                                                                                                                                              Nov 22, 2022 04:57:23.417515993 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:23.462132931 CET4969614433192.168.2.4185.143.223.31
                                                                                                                                              Nov 22, 2022 04:57:24.613953114 CET4969614433192.168.2.4185.143.223.31
                                                                                                                                              Nov 22, 2022 04:57:24.737225056 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:24.790400028 CET4969614433192.168.2.4185.143.223.31
                                                                                                                                              Nov 22, 2022 04:57:24.824254990 CET4969614433192.168.2.4185.143.223.31
                                                                                                                                              Nov 22, 2022 04:57:24.948463917 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:24.993552923 CET4969614433192.168.2.4185.143.223.31
                                                                                                                                              Nov 22, 2022 04:57:25.022694111 CET4969614433192.168.2.4185.143.223.31
                                                                                                                                              Nov 22, 2022 04:57:25.144790888 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:25.145972967 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:25.196711063 CET4969614433192.168.2.4185.143.223.31
                                                                                                                                              Nov 22, 2022 04:57:25.600972891 CET4969614433192.168.2.4185.143.223.31
                                                                                                                                              Nov 22, 2022 04:57:25.723741055 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:25.774883986 CET4969614433192.168.2.4185.143.223.31
                                                                                                                                              Nov 22, 2022 04:57:25.814121962 CET4969614433192.168.2.4185.143.223.31
                                                                                                                                              Nov 22, 2022 04:57:25.937407970 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:25.951908112 CET4969614433192.168.2.4185.143.223.31
                                                                                                                                              Nov 22, 2022 04:57:26.075156927 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:26.099292994 CET4969614433192.168.2.4185.143.223.31
                                                                                                                                              Nov 22, 2022 04:57:26.222131968 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:26.235605955 CET4969614433192.168.2.4185.143.223.31
                                                                                                                                              Nov 22, 2022 04:57:26.359551907 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:26.399993896 CET4969614433192.168.2.4185.143.223.31
                                                                                                                                              Nov 22, 2022 04:57:26.671566010 CET4969614433192.168.2.4185.143.223.31
                                                                                                                                              Nov 22, 2022 04:57:26.793860912 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:26.793932915 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:26.793977022 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:26.794020891 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:26.794109106 CET4969614433192.168.2.4185.143.223.31
                                                                                                                                              Nov 22, 2022 04:57:26.794207096 CET4969614433192.168.2.4185.143.223.31
                                                                                                                                              Nov 22, 2022 04:57:26.794253111 CET4969614433192.168.2.4185.143.223.31
                                                                                                                                              Nov 22, 2022 04:57:26.794253111 CET4969614433192.168.2.4185.143.223.31
                                                                                                                                              Nov 22, 2022 04:57:26.794950008 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:26.795063972 CET4969614433192.168.2.4185.143.223.31
                                                                                                                                              Nov 22, 2022 04:57:26.796824932 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:26.915909052 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:26.915993929 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:26.916044950 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:26.916084051 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:26.916121960 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:26.916174889 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:26.916263103 CET4969614433192.168.2.4185.143.223.31
                                                                                                                                              Nov 22, 2022 04:57:26.916378975 CET4969614433192.168.2.4185.143.223.31
                                                                                                                                              Nov 22, 2022 04:57:26.916378975 CET4969614433192.168.2.4185.143.223.31
                                                                                                                                              Nov 22, 2022 04:57:26.916435003 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:26.916497946 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:26.916549921 CET4969614433192.168.2.4185.143.223.31
                                                                                                                                              Nov 22, 2022 04:57:26.916549921 CET4969614433192.168.2.4185.143.223.31
                                                                                                                                              Nov 22, 2022 04:57:26.916625977 CET4969614433192.168.2.4185.143.223.31
                                                                                                                                              Nov 22, 2022 04:57:26.916697979 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:26.916752100 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:26.916887999 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:26.916924953 CET4969614433192.168.2.4185.143.223.31
                                                                                                                                              Nov 22, 2022 04:57:26.916946888 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:26.917006969 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:26.917063951 CET4969614433192.168.2.4185.143.223.31
                                                                                                                                              Nov 22, 2022 04:57:26.917152882 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:26.917195082 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:26.917237997 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:26.917572021 CET4969614433192.168.2.4185.143.223.31
                                                                                                                                              Nov 22, 2022 04:57:27.038750887 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.038852930 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.038944006 CET4969614433192.168.2.4185.143.223.31
                                                                                                                                              Nov 22, 2022 04:57:27.038949966 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.039015055 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.039072990 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.039118052 CET4969614433192.168.2.4185.143.223.31
                                                                                                                                              Nov 22, 2022 04:57:27.039118052 CET4969614433192.168.2.4185.143.223.31
                                                                                                                                              Nov 22, 2022 04:57:27.039133072 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.039180994 CET4969614433192.168.2.4185.143.223.31
                                                                                                                                              Nov 22, 2022 04:57:27.039194107 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.039227962 CET4969614433192.168.2.4185.143.223.31
                                                                                                                                              Nov 22, 2022 04:57:27.039252043 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.039288044 CET4969614433192.168.2.4185.143.223.31
                                                                                                                                              Nov 22, 2022 04:57:27.039313078 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.039361000 CET4969614433192.168.2.4185.143.223.31
                                                                                                                                              Nov 22, 2022 04:57:27.039407969 CET4969614433192.168.2.4185.143.223.31
                                                                                                                                              Nov 22, 2022 04:57:27.039503098 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.039545059 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.039644003 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.039685965 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.039877892 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.039917946 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.040093899 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.040136099 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.040352106 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.040391922 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.040431023 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.040649891 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.040690899 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.040730000 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.040769100 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.040954113 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.040993929 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.041150093 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.041189909 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.041380882 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.041421890 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.041645050 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.041661978 CET4969614433192.168.2.4185.143.223.31
                                                                                                                                              Nov 22, 2022 04:57:27.041701078 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.041809082 CET4969614433192.168.2.4185.143.223.31
                                                                                                                                              Nov 22, 2022 04:57:27.162694931 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.162744999 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.162808895 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.162837029 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.162867069 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.163037062 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.163067102 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.163094997 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.163121939 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.163150072 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.163177967 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.163207054 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.163350105 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.163414001 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.163439989 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.163465977 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.163675070 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.163702011 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.163727999 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.163882971 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.163908958 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.164037943 CET4969614433192.168.2.4185.143.223.31
                                                                                                                                              Nov 22, 2022 04:57:27.164062977 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.164093971 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.164146900 CET4969614433192.168.2.4185.143.223.31
                                                                                                                                              Nov 22, 2022 04:57:27.164355993 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.164382935 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.164573908 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.164599895 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.164792061 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.164818048 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.165045023 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.165071964 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.165096045 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.165321112 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.165347099 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.165456057 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.165481091 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.165904045 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.208519936 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.210283995 CET4969614433192.168.2.4185.143.223.31
                                                                                                                                              Nov 22, 2022 04:57:27.210366964 CET4969614433192.168.2.4185.143.223.31
                                                                                                                                              Nov 22, 2022 04:57:27.286056995 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.286113024 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.286144018 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.286175013 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.286288977 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.286320925 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.286587954 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.286618948 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.286834955 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.286865950 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.286977053 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.287008047 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.287035942 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.287477016 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.287508965 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.287576914 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.287606955 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.287856102 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.287888050 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.332242012 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.332288027 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.332318068 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.332346916 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.332376003 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.332670927 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.332701921 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.332865953 CET4969614433192.168.2.4185.143.223.31
                                                                                                                                              Nov 22, 2022 04:57:27.332976103 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.333009005 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.333009005 CET4969614433192.168.2.4185.143.223.31
                                                                                                                                              Nov 22, 2022 04:57:27.333134890 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.333168030 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.333345890 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.333374977 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.333583117 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.333611012 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.333638906 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.333667040 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.333874941 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.333904028 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.335745096 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.339252949 CET4969614433192.168.2.4185.143.223.31
                                                                                                                                              Nov 22, 2022 04:57:27.339394093 CET4969614433192.168.2.4185.143.223.31
                                                                                                                                              Nov 22, 2022 04:57:27.455703974 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.455863953 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.455938101 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.455970049 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.456074953 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.456209898 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.456240892 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.456418991 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.456446886 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.456474066 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.456502914 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.456604004 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.456634045 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.456660986 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.456690073 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.456769943 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.456799030 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.456899881 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.457475901 CET4969614433192.168.2.4185.143.223.31
                                                                                                                                              Nov 22, 2022 04:57:27.457640886 CET4969614433192.168.2.4185.143.223.31
                                                                                                                                              Nov 22, 2022 04:57:27.460920095 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.460952044 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.460978985 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.461178064 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.461208105 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.461236000 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.461329937 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.461374044 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.461569071 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.461599112 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.461849928 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.461884975 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.461987019 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.462014914 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.462172985 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.462204933 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.462379932 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.462408066 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.462459087 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.462584972 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.462738037 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.462903023 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.462937117 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.462965965 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.463439941 CET4969614433192.168.2.4185.143.223.31
                                                                                                                                              Nov 22, 2022 04:57:27.463577032 CET4969614433192.168.2.4185.143.223.31
                                                                                                                                              Nov 22, 2022 04:57:27.579490900 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.579544067 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.579576969 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.579605103 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.579633951 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.579663992 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.579691887 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.579720020 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.579818964 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.579849958 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.580051899 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.580080032 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.580203056 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.580343008 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.580609083 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.580636978 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.580773115 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.580801964 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.580926895 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.581023932 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.581161022 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.581248999 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.585078001 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.585107088 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.585251093 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.585462093 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.585494995 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.585515022 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.585534096 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.585683107 CET4969614433192.168.2.4185.143.223.31
                                                                                                                                              Nov 22, 2022 04:57:27.585783958 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.585813999 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.585860014 CET4969614433192.168.2.4185.143.223.31
                                                                                                                                              Nov 22, 2022 04:57:27.585880995 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.586636066 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.586663961 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.586689949 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.586716890 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.586744070 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.586771965 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.586801052 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.586827993 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.586854935 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.586954117 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.586982012 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.587129116 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.587157011 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.587575912 CET4969614433192.168.2.4185.143.223.31
                                                                                                                                              Nov 22, 2022 04:57:27.587714911 CET4969614433192.168.2.4185.143.223.31
                                                                                                                                              Nov 22, 2022 04:57:27.707778931 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.707829952 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.707860947 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.707890034 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.707921982 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.707951069 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.708333015 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.708452940 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.708482027 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.708770037 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.708800077 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.708897114 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.709059954 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.709089994 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.709178925 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.709259987 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.709322929 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.709352016 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.709436893 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.709562063 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.709840059 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.709943056 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.710040092 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.710068941 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.710280895 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.710488081 CET4969614433192.168.2.4185.143.223.31
                                                                                                                                              Nov 22, 2022 04:57:27.710974932 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.711005926 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.711035013 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.711157084 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.711185932 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.711261988 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.711294889 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.711723089 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.711751938 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.711961031 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.711991072 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.712065935 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.712093115 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.832592964 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.832643032 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.832674026 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.832926035 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.832958937 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.832987070 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.833091974 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.833122969 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.833342075 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.833406925 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.833436966 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.833563089 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.833641052 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.836359024 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:27.884496927 CET4969614433192.168.2.4185.143.223.31
                                                                                                                                              Nov 22, 2022 04:57:29.183022022 CET4969614433192.168.2.4185.143.223.31
                                                                                                                                              Nov 22, 2022 04:57:29.305341959 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:29.305928946 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:29.309307098 CET4969614433192.168.2.4185.143.223.31
                                                                                                                                              Nov 22, 2022 04:57:29.432979107 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:29.478346109 CET4969614433192.168.2.4185.143.223.31
                                                                                                                                              Nov 22, 2022 04:57:29.658684015 CET4969614433192.168.2.4185.143.223.31
                                                                                                                                              Nov 22, 2022 04:57:29.781388998 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:29.837698936 CET4969614433192.168.2.4185.143.223.31
                                                                                                                                              Nov 22, 2022 04:57:29.894265890 CET4969614433192.168.2.4185.143.223.31
                                                                                                                                              Nov 22, 2022 04:57:30.016912937 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:30.021023035 CET4969614433192.168.2.4185.143.223.31
                                                                                                                                              Nov 22, 2022 04:57:30.143810987 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:30.145821095 CET4969614433192.168.2.4185.143.223.31
                                                                                                                                              Nov 22, 2022 04:57:30.268217087 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:30.291996956 CET4969614433192.168.2.4185.143.223.31
                                                                                                                                              Nov 22, 2022 04:57:30.414668083 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:30.462709904 CET4969614433192.168.2.4185.143.223.31
                                                                                                                                              Nov 22, 2022 04:57:30.538511992 CET4969614433192.168.2.4185.143.223.31
                                                                                                                                              Nov 22, 2022 04:57:30.660408020 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:30.660814047 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:30.663969040 CET4969614433192.168.2.4185.143.223.31
                                                                                                                                              Nov 22, 2022 04:57:30.786412001 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:30.788856983 CET4969614433192.168.2.4185.143.223.31
                                                                                                                                              Nov 22, 2022 04:57:30.915606022 CET1443349696185.143.223.31192.168.2.4
                                                                                                                                              Nov 22, 2022 04:57:30.962816954 CET4969614433192.168.2.4185.143.223.31
                                                                                                                                              Nov 22, 2022 04:57:31.490112066 CET4969614433192.168.2.4185.143.223.31

                                                                                                                                              Statistics

                                                                                                                                              CPU Usage

                                                                                                                                              Click to jump to process

                                                                                                                                              Memory Usage

                                                                                                                                              Click to jump to process

                                                                                                                                              High Level Behavior Distribution

                                                                                                                                              Click to dive into process behavior distribution

                                                                                                                                              System Behavior

                                                                                                                                              General

                                                                                                                                              Target ID:0
                                                                                                                                              Start time:04:56:58
                                                                                                                                              Start date:22/11/2022
                                                                                                                                              Path:C:\Users\user\Desktop\t1hz2L221F.exe
                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                              Commandline:C:\Users\user\Desktop\t1hz2L221F.exe
                                                                                                                                              Imagebase:0x10000
                                                                                                                                              File size:206848 bytes
                                                                                                                                              MD5 hash:1A5C0C52CD2E7BB1929B90B191325B64
                                                                                                                                              Has elevated privileges:true
                                                                                                                                              Has administrator privileges:true
                                                                                                                                              Programmed in:.Net C# or VB.NET
                                                                                                                                              Yara matches:
                                                                                                                                              • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000000.00000000.293715120.0000000000012000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                                              • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.370781163.0000000002493000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.372750778.00000000027BD000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                              Reputation:low

                                                                                                                                              Disassembly

                                                                                                                                              Reset < >

                                                                                                                                                Executed Functions

                                                                                                                                                Function 06EFC290 Relevance: 2.8, Strings: 2, Instructions: 350COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.379911454.0000000006EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_6ef0000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: 8^ql$8^ql
                                                                                                                                                • API String ID: 0-330939610
                                                                                                                                                • Opcode ID: 327cd0dd895258c7e186665c98282f854f0785e7dfcf6a00a24e940e1ffee77f
                                                                                                                                                • Instruction ID: b150aa5bc110dbbbffd41747d28cf8fcc9b48cfba53482947afef740becbb73e
                                                                                                                                                • Opcode Fuzzy Hash: 327cd0dd895258c7e186665c98282f854f0785e7dfcf6a00a24e940e1ffee77f
                                                                                                                                                • Instruction Fuzzy Hash: C5F1C174A01228CFDB68DF64C850BDEB7B2AF89304F1091E9C509AB754DB31AE85CF51
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 02350908 Relevance: 1.7, Strings: 1, Instructions: 499COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.370332598.0000000002350000.00000040.00000800.00020000.00000000.sdmp, Offset: 02350000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_2350000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: ``]
                                                                                                                                                • API String ID: 0-3350287580
                                                                                                                                                • Opcode ID: 1b03b7068e7459be08ba0f8aa5a6099e19f3b91863468d09bdf0ff4055e95872
                                                                                                                                                • Instruction ID: bbcc8985df6bd524ad6babe8efbc478837d7cdd9e213daaf14eb844a75122cf5
                                                                                                                                                • Opcode Fuzzy Hash: 1b03b7068e7459be08ba0f8aa5a6099e19f3b91863468d09bdf0ff4055e95872
                                                                                                                                                • Instruction Fuzzy Hash: C122F374901228CFDB65DF64C958BD9BBB2FF4A305F4080EAD509AB261DB319E88DF40
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 04E32C88 Relevance: 1.1, Instructions: 1063COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.376712687.0000000004E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E30000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_4e30000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 970a68fc9e04520c34fe17d9779111c932e5e0e29e5fcec1e50782aafb288361
                                                                                                                                                • Instruction ID: ed46a501d5afa959e9d4393fc2126edbd229f52e7f8a9d25b0c5949094bb98cd
                                                                                                                                                • Opcode Fuzzy Hash: 970a68fc9e04520c34fe17d9779111c932e5e0e29e5fcec1e50782aafb288361
                                                                                                                                                • Instruction Fuzzy Hash: 2C92A034B002059FCB15DF64D488AAEB7F2FF88315F558868E91A9B3A1DB35EC45CB90
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 04E30C08 Relevance: .8, Instructions: 750COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.376712687.0000000004E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E30000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_4e30000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 283200858c55fccd7619c685d1c501567c25477b7fd61bcf938892e751b28659
                                                                                                                                                • Instruction ID: f80195f46ff5bc1e66fd53847dc2d6ea00f630cbecc4cafc7aa0cb0ca0fbd12c
                                                                                                                                                • Opcode Fuzzy Hash: 283200858c55fccd7619c685d1c501567c25477b7fd61bcf938892e751b28659
                                                                                                                                                • Instruction Fuzzy Hash: B762FC34B002148FCB25DF64D899BADBBB2EF88305F1484A9E50AA7395DF34AD85CF51
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 04E3E48C Relevance: .5, Instructions: 534COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.376712687.0000000004E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E30000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_4e30000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: e31dc63e5adbd807038f91dc83662e90ff9972676f4e997306e6be28ccc1835b
                                                                                                                                                • Instruction ID: abc06cfe2efcc09f6520c47534ba5d54cb402f1a299417943f5675e75270d9bd
                                                                                                                                                • Opcode Fuzzy Hash: e31dc63e5adbd807038f91dc83662e90ff9972676f4e997306e6be28ccc1835b
                                                                                                                                                • Instruction Fuzzy Hash: C612E030B043019FDB19EB78D858A6E7BE6EFC5209F1488A9D50ADB391DB34ED41C792
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 06EFB3C0 Relevance: .4, Instructions: 385COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.379911454.0000000006EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_6ef0000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: b439b467c3c37232f508bda81edc916925e954d471eb2713168bbf4a1291c9a9
                                                                                                                                                • Instruction ID: 5637b2553bf9a61a15bb53f5101e667439882da2c2c973bf8c2bb87632e65cbe
                                                                                                                                                • Opcode Fuzzy Hash: b439b467c3c37232f508bda81edc916925e954d471eb2713168bbf4a1291c9a9
                                                                                                                                                • Instruction Fuzzy Hash: AF127A74E012288FDB64DF68C994BDDBBB2BB89304F1081EAD509AB351DB319E85CF51
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 04E34B38 Relevance: .3, Instructions: 339COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.376712687.0000000004E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E30000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_4e30000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: cf3912c9c18ff311f27730a307d5186bc7bfbd1708b9db26473369fdeaac29c0
                                                                                                                                                • Instruction ID: 7d84cf01e7afa73e360b4300eafb8d6df8d0ba5b2eadc47530ad031e6a7e6f8b
                                                                                                                                                • Opcode Fuzzy Hash: cf3912c9c18ff311f27730a307d5186bc7bfbd1708b9db26473369fdeaac29c0
                                                                                                                                                • Instruction Fuzzy Hash: B4D11534A002059FCB19DF69D5999ADBBF2FF88305B658468E806DB3A1DB34FD42CB50
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 06EFF5E8 Relevance: .3, Instructions: 271COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.379911454.0000000006EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_6ef0000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 94901f5ebddaa6e46519fe81387f407275274fc2b5b3d8e32841d8c24e2b760a
                                                                                                                                                • Instruction ID: 3b483d630e5db2ecb719405d3e570348fea81d2837f734f199dde5011b184ad7
                                                                                                                                                • Opcode Fuzzy Hash: 94901f5ebddaa6e46519fe81387f407275274fc2b5b3d8e32841d8c24e2b760a
                                                                                                                                                • Instruction Fuzzy Hash: 01C10370E14218CFDB68DFA5C890B9DBBB2BF89304F1091A9C509AB395DB349E85CF41
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 06EFCC20 Relevance: .2, Instructions: 213COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.379911454.0000000006EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_6ef0000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: a4848eacae0bfa1881be5aa14ade31010f1e4d829c322498fce4c748456020b1
                                                                                                                                                • Instruction ID: 27cae4294d6bea8a133de15e4c3368837b08845db0cbd465edd52f6b38a6e7ae
                                                                                                                                                • Opcode Fuzzy Hash: a4848eacae0bfa1881be5aa14ade31010f1e4d829c322498fce4c748456020b1
                                                                                                                                                • Instruction Fuzzy Hash: 28A1D074E01318CFDB68DFA9C984A9DBBB2BF89304F2090A9D509AB354DB309D85CF40
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 06EFF5DA Relevance: .1, Instructions: 129COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.379911454.0000000006EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_6ef0000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 1ccf88f9f2597e5b9e69d910f9a58dbd0c165975dc1aa08d66ca5ced02bd46c8
                                                                                                                                                • Instruction ID: 3ba6a9ca91d13e34da7ac55a0dd1a08e02d36528afdc84981c259fcae4925762
                                                                                                                                                • Opcode Fuzzy Hash: 1ccf88f9f2597e5b9e69d910f9a58dbd0c165975dc1aa08d66ca5ced02bd46c8
                                                                                                                                                • Instruction Fuzzy Hash: CC41E371D05208DBDB18DFA6C9446EEFBB2AF89304F24D16AC409BB2A4DB355A46CF50
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 023599F8 Relevance: 2.0, Instructions: 1993COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.370332598.0000000002350000.00000040.00000800.00020000.00000000.sdmp, Offset: 02350000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_2350000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 8f5de577f842460369cd1c1735768454c430462d87b4d1e1e137a01febae8174
                                                                                                                                                • Instruction ID: 8db25684da4646a695b76b9efbbd6cfea91b9c55e25677c5b08aa3222a9e7d61
                                                                                                                                                • Opcode Fuzzy Hash: 8f5de577f842460369cd1c1735768454c430462d87b4d1e1e137a01febae8174
                                                                                                                                                • Instruction Fuzzy Hash: EB131038A41604DFCB16AB75D460999B772FF4931AB1089ABDD113BB69CB7F8842DF00
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 02359A48 Relevance: 2.0, Instructions: 1973COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.370332598.0000000002350000.00000040.00000800.00020000.00000000.sdmp, Offset: 02350000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_2350000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 2d9fb6205a742127f4aad4b136cd292d175fa426a1dcd5e6e41a92ba3b9b99df
                                                                                                                                                • Instruction ID: b239b80200910475e3c365ec7f5ddd91077ce0860ce4687f734c00e4c1996050
                                                                                                                                                • Opcode Fuzzy Hash: 2d9fb6205a742127f4aad4b136cd292d175fa426a1dcd5e6e41a92ba3b9b99df
                                                                                                                                                • Instruction Fuzzy Hash: CB131F38A41604DFCB16AB75D460999B772FF8931AB10896BDD113BB69CB7F8842DF00
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 0235F4F8 Relevance: 1.6, Strings: 1, Instructions: 388COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.370332598.0000000002350000.00000040.00000800.00020000.00000000.sdmp, Offset: 02350000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_2350000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: #l
                                                                                                                                                • API String ID: 0-3921616260
                                                                                                                                                • Opcode ID: 5503adb3a2433e13e581b1bab58c9f05a372b7d394d0a0d3bfa402a624b8215a
                                                                                                                                                • Instruction ID: 6300e08555e2d634a5c87729d7f48e1fe96c1901a5b26c4f308cb885acfc41a8
                                                                                                                                                • Opcode Fuzzy Hash: 5503adb3a2433e13e581b1bab58c9f05a372b7d394d0a0d3bfa402a624b8215a
                                                                                                                                                • Instruction Fuzzy Hash: 31F17F34B002159FCB14DF64D548AADBBB2FF89314F148469E90ADB7A1DB34EC45CB90
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 0235F4EB Relevance: 1.5, Strings: 1, Instructions: 201COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.370332598.0000000002350000.00000040.00000800.00020000.00000000.sdmp, Offset: 02350000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_2350000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: #l
                                                                                                                                                • API String ID: 0-3921616260
                                                                                                                                                • Opcode ID: 787bfa00b5017e5a6b6d22f52d771481d83abfff04020de85947d2ae2f027538
                                                                                                                                                • Instruction ID: be1330a9cbde564a16cd26e0ba6b87e7781af82a0dd912fdfbb2f452146b27a2
                                                                                                                                                • Opcode Fuzzy Hash: 787bfa00b5017e5a6b6d22f52d771481d83abfff04020de85947d2ae2f027538
                                                                                                                                                • Instruction Fuzzy Hash: 58913A74A00215DFCB14DF64D588AADBBB2FF89314B158568E80AEB761DB34EC46CF90
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 0235E998 Relevance: 1.4, Strings: 1, Instructions: 191COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.370332598.0000000002350000.00000040.00000800.00020000.00000000.sdmp, Offset: 02350000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_2350000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: #l
                                                                                                                                                • API String ID: 0-3921616260
                                                                                                                                                • Opcode ID: 65f5513d04ecc4fd89246baeed0661bd2cd10d0ba1656f07666aa39fba6e907f
                                                                                                                                                • Instruction ID: 14b0a3da35f71236ce71392df229e1fef68bb59841511a808db75800a4e1df14
                                                                                                                                                • Opcode Fuzzy Hash: 65f5513d04ecc4fd89246baeed0661bd2cd10d0ba1656f07666aa39fba6e907f
                                                                                                                                                • Instruction Fuzzy Hash: 43717F70E007198FDB14DFA8C454AAEBBF2EFC9304F248529E80AAB750DB749D46CB41
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 0235359F Relevance: 1.4, Strings: 1, Instructions: 183COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.370332598.0000000002350000.00000040.00000800.00020000.00000000.sdmp, Offset: 02350000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_2350000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: 8cFh
                                                                                                                                                • API String ID: 0-3137371074
                                                                                                                                                • Opcode ID: e4a99987042e76735bcac3317598b8c88ac1b7ac5802603f926b9a5bfec5fe3d
                                                                                                                                                • Instruction ID: 7ad4e5ce97710a97841d13f2b128f207125e90dd0efdd84fafcbf33af2b9fe76
                                                                                                                                                • Opcode Fuzzy Hash: e4a99987042e76735bcac3317598b8c88ac1b7ac5802603f926b9a5bfec5fe3d
                                                                                                                                                • Instruction Fuzzy Hash: B0712A70916208DFCB04EFB8E8548ADBBB2FF8A315B605A6DE415B7290DF359849CB11
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 023535C0 Relevance: 1.4, Strings: 1, Instructions: 169COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.370332598.0000000002350000.00000040.00000800.00020000.00000000.sdmp, Offset: 02350000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_2350000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: 8cFh
                                                                                                                                                • API String ID: 0-3137371074
                                                                                                                                                • Opcode ID: 1d5f2bb8a0bd88af8c8eb108d32bdf90577d25dc78fef2cabc0d678328ae7d86
                                                                                                                                                • Instruction ID: d7d4dd97c968843207d1b8795adc399907788863871729e37f5821236291ad8b
                                                                                                                                                • Opcode Fuzzy Hash: 1d5f2bb8a0bd88af8c8eb108d32bdf90577d25dc78fef2cabc0d678328ae7d86
                                                                                                                                                • Instruction Fuzzy Hash: 58610A70D02208DFCB04EFB8E8548ADBBB6FF8A315B60996DE415B7290DF359885CB51
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 04E3BF09 Relevance: 1.3, Strings: 1, Instructions: 48COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.376712687.0000000004E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E30000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_4e30000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: 8cFh
                                                                                                                                                • API String ID: 0-3137371074
                                                                                                                                                • Opcode ID: 5d217311a787047bc830dd62d863e8cdccbea702d457148641895c635df353ae
                                                                                                                                                • Instruction ID: 4c2687b7e9e9e14ea5b33c229dd64d920e23525134a567bb452489f4075e9734
                                                                                                                                                • Opcode Fuzzy Hash: 5d217311a787047bc830dd62d863e8cdccbea702d457148641895c635df353ae
                                                                                                                                                • Instruction Fuzzy Hash: A4112774601B11AFC724DF29D480906F7F2FF893143108A2AD95A87B10D730F855CBD0
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 04E3970A Relevance: .7, Instructions: 714COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.376712687.0000000004E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E30000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_4e30000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: ed8566b734aacb623c937bc1d2fa4c3c5260cd98a093bf31b20e6223a2677bf9
                                                                                                                                                • Instruction ID: b9525f6fe4b64dc38fe7160b5c4d233730d8ef751077c59600db7473db6822b2
                                                                                                                                                • Opcode Fuzzy Hash: ed8566b734aacb623c937bc1d2fa4c3c5260cd98a093bf31b20e6223a2677bf9
                                                                                                                                                • Instruction Fuzzy Hash: 984292707052068FDF15ABB8C8685AEB7B3EFC8209B258469E502EB395DF74EC05CB51
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 04E30330 Relevance: .4, Instructions: 432COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.376712687.0000000004E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E30000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_4e30000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 33bd29fe7fff11f770a91a1d3763bd2d4da7bc8bfa51e9803a822a62847b11da
                                                                                                                                                • Instruction ID: edfc5d77be58d81e5bc8d71cdf90a296fbf65b491871a44969f2841753efa438
                                                                                                                                                • Opcode Fuzzy Hash: 33bd29fe7fff11f770a91a1d3763bd2d4da7bc8bfa51e9803a822a62847b11da
                                                                                                                                                • Instruction Fuzzy Hash: 5EF1CB747042408FC715EF78C898A6A7BF6EF89315F1584A9E50ACB3A2DB34EC42CB51
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 04E3F7D3 Relevance: .4, Instructions: 353COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.376712687.0000000004E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E30000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_4e30000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 97a7e14eccf4e2525980e8d6c346f3eb9a6ef3b992c5a13b108ce056720c17fe
                                                                                                                                                • Instruction ID: 9b925af1cb5091c2edee95d481a95301e3b60b75cacd5152d0a30431f74613be
                                                                                                                                                • Opcode Fuzzy Hash: 97a7e14eccf4e2525980e8d6c346f3eb9a6ef3b992c5a13b108ce056720c17fe
                                                                                                                                                • Instruction Fuzzy Hash: 52E13A34E00209DFDB15DFA4D49CAADBBF2EF84309F559868D406AB3A1DB75AC46CB40
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 04E3A7F0 Relevance: .3, Instructions: 343COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.376712687.0000000004E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E30000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_4e30000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 8d98327bffaad18a3b1fc246c97e07accd25bdc31e97842240e2d1286cd0fbaf
                                                                                                                                                • Instruction ID: 0755f3e7597cae4f37f0ddaf6f819051f7ef7fc4317afd66792b8ac8a25135f4
                                                                                                                                                • Opcode Fuzzy Hash: 8d98327bffaad18a3b1fc246c97e07accd25bdc31e97842240e2d1286cd0fbaf
                                                                                                                                                • Instruction Fuzzy Hash: F1C18A307012068FDB18AB7898A8A6E77E6EFC8309F544879D546DB781DF38EC46C781
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 04E39FC8 Relevance: .3, Instructions: 332COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.376712687.0000000004E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E30000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_4e30000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 039078c2d025797d81fe7a88817cb1dedd55e6e8e5a4069d8d7f8adc5f8769f5
                                                                                                                                                • Instruction ID: 214bf6ac266b19db9452dd331f36269ddd607fbb43f98111fd5d17a342cb11ef
                                                                                                                                                • Opcode Fuzzy Hash: 039078c2d025797d81fe7a88817cb1dedd55e6e8e5a4069d8d7f8adc5f8769f5
                                                                                                                                                • Instruction Fuzzy Hash: AAC1AB347057018FDB29AB78945C72A77E6ABC9309F188879D486CB781DF38EC86C742
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 04E31231 Relevance: .3, Instructions: 296COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.376712687.0000000004E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E30000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_4e30000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 328f3a2f7539eb07a5abb3b2406ea45112c9b4726390291b7e3b6dee4e22517a
                                                                                                                                                • Instruction ID: b1735d4cb15055d51b4d869e194434cafa541621a262725d41997d16cdf340f4
                                                                                                                                                • Opcode Fuzzy Hash: 328f3a2f7539eb07a5abb3b2406ea45112c9b4726390291b7e3b6dee4e22517a
                                                                                                                                                • Instruction Fuzzy Hash: DCD12834B002158FDB65DF64D848BADBBB2BF88305F1488A9E50AA7350DF359D86CF50
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 06EFEBF8 Relevance: .3, Instructions: 285COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.379911454.0000000006EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_6ef0000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 28e032f9991f9e1d6eec41bbddde654e7bf7b869ddd57d57cd01c6816ff1f554
                                                                                                                                                • Instruction ID: 684afb8e43454651c533b79a5f33c8e486f46dc1fa79f3d15493459d190ed11d
                                                                                                                                                • Opcode Fuzzy Hash: 28e032f9991f9e1d6eec41bbddde654e7bf7b869ddd57d57cd01c6816ff1f554
                                                                                                                                                • Instruction Fuzzy Hash: 79C1E374E00218CFDB54DFA4D884A9DBBB2BF89304F1095A9D519AB361DB34AD86CF84
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 04E3C550 Relevance: .2, Instructions: 246COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.376712687.0000000004E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E30000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_4e30000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: d1e2f3a44e0558265a85a72f2e8b38be7b0647b95aebc6e2cfd763ab53892491
                                                                                                                                                • Instruction ID: 72c849fc9a4bb1475b1e03d3a9c60cc82c672b49330c798f5e78d298ef091dfb
                                                                                                                                                • Opcode Fuzzy Hash: d1e2f3a44e0558265a85a72f2e8b38be7b0647b95aebc6e2cfd763ab53892491
                                                                                                                                                • Instruction Fuzzy Hash: 6F8114357053068FDB28DB78D41866E7BE6EF89219F148879D90ADB340DB38ED02CB91
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 06EF9078 Relevance: .2, Instructions: 244COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.379911454.0000000006EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_6ef0000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 76a0107b68c65635d4b7c792f4b85d54557520b14d5cc1c334a44c372d210cf1
                                                                                                                                                • Instruction ID: 1b52b9ed37e4bcc9ee73c6953c8d7367b5d99428bdc3aac76a111ec141a5bfc7
                                                                                                                                                • Opcode Fuzzy Hash: 76a0107b68c65635d4b7c792f4b85d54557520b14d5cc1c334a44c372d210cf1
                                                                                                                                                • Instruction Fuzzy Hash: C7A16A70E10708DFCB14DFA8C89869EBBF1EF88314F148969D509AB350EB70A945CB91
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 04E3F5F0 Relevance: .2, Instructions: 236COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.376712687.0000000004E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E30000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_4e30000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 9c355a31144f661fcfcb6eaac90eb0b503c1378d07fc25207fe6d4422921a480
                                                                                                                                                • Instruction ID: 3375f458200476aaf8344cde0825d0d2ff50db0101f7c05503dde89e014436c8
                                                                                                                                                • Opcode Fuzzy Hash: 9c355a31144f661fcfcb6eaac90eb0b503c1378d07fc25207fe6d4422921a480
                                                                                                                                                • Instruction Fuzzy Hash: BEA16D74E0420A9FDB15DFA8D498AADBBF2EF88305F145469D40AEB3A1DB34AC45CB50
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 02357870 Relevance: .2, Instructions: 222COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.370332598.0000000002350000.00000040.00000800.00020000.00000000.sdmp, Offset: 02350000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_2350000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 0fc3cd63cd0d2fe14e35b3a423bb0ce55d3f1012e67d718ae3be69d35bcf7c44
                                                                                                                                                • Instruction ID: 7f9e4e84e8cca7c1fd285b2cd17fbd296f8452fbd89f0f5db1f6f1ca73996ab2
                                                                                                                                                • Opcode Fuzzy Hash: 0fc3cd63cd0d2fe14e35b3a423bb0ce55d3f1012e67d718ae3be69d35bcf7c44
                                                                                                                                                • Instruction Fuzzy Hash: DC810275B05215AFDB149B78C4089AEBBF2EFC5314F1484AAE84ADB381DB34DD06CB91
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 06EFC8B7 Relevance: .2, Instructions: 198COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.379911454.0000000006EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_6ef0000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: f363ed90fac947d4b749e5743cc2d563ff7d49e17ecc1b081f942ff5c3e8c9e3
                                                                                                                                                • Instruction ID: 6e8e7f9b968a318d6820b5187d981ad0eb63167dcb3e4d38c124cae77a911f07
                                                                                                                                                • Opcode Fuzzy Hash: f363ed90fac947d4b749e5743cc2d563ff7d49e17ecc1b081f942ff5c3e8c9e3
                                                                                                                                                • Instruction Fuzzy Hash: 32918174A01228CFDB64DF64C894BDEB7B1AF8A305F6095E9D409AB354DB31AE85CF40
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 04E34B29 Relevance: .2, Instructions: 190COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.376712687.0000000004E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E30000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_4e30000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 7056c5213b19714f571bd0b825e131f13be5b83f9123e75818d14b08c6180e9c
                                                                                                                                                • Instruction ID: b0e1d8e96ce538b6fe061c0666a954878bc0ad688ccbfb21ab7d16797616295b
                                                                                                                                                • Opcode Fuzzy Hash: 7056c5213b19714f571bd0b825e131f13be5b83f9123e75818d14b08c6180e9c
                                                                                                                                                • Instruction Fuzzy Hash: BB716834A012059FCB19DF68D499AADBBF2FF88305B658069E805EB391DB34ED42CB40
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 04E37B30 Relevance: .2, Instructions: 161COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.376712687.0000000004E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E30000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_4e30000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 6ac0363f09f1ce45c5c6a84fba78ead4f4865e23e48372fce4e48a3e2239ed36
                                                                                                                                                • Instruction ID: 6fefc007af458daecf3d6833a77e3a9d22a2f818f9cdee9d85a3fb98cb054008
                                                                                                                                                • Opcode Fuzzy Hash: 6ac0363f09f1ce45c5c6a84fba78ead4f4865e23e48372fce4e48a3e2239ed36
                                                                                                                                                • Instruction Fuzzy Hash: C1518174B012048FDB19DB68C458AAE7BF2EF8D319F1594A9D906EB390DB34EC41CB51
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 02351980 Relevance: .2, Instructions: 154COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.370332598.0000000002350000.00000040.00000800.00020000.00000000.sdmp, Offset: 02350000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_2350000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 96b61b590fda780f9e2bb6a9cbdaeae1b2bbea3f60a16f338ac7d791cb3b97a4
                                                                                                                                                • Instruction ID: a1866b41d75daec8f6859fcd0e4b49495147dc0022ac09268fd1212038da7a28
                                                                                                                                                • Opcode Fuzzy Hash: 96b61b590fda780f9e2bb6a9cbdaeae1b2bbea3f60a16f338ac7d791cb3b97a4
                                                                                                                                                • Instruction Fuzzy Hash: B5412A7030C2585FCB166B789819BBF6BA69FC6348F158069E909DF751CF388D0687A1
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 0235E780 Relevance: .2, Instructions: 153COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.370332598.0000000002350000.00000040.00000800.00020000.00000000.sdmp, Offset: 02350000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_2350000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 506996eef2cab769aba6ce2f5a805af139963d6be45748dba9f0de3e70f6d154
                                                                                                                                                • Instruction ID: bf3b0c04b0edd368bab773811c582e83216ebf52fb3047dacefcdc0fc2526673
                                                                                                                                                • Opcode Fuzzy Hash: 506996eef2cab769aba6ce2f5a805af139963d6be45748dba9f0de3e70f6d154
                                                                                                                                                • Instruction Fuzzy Hash: 3751E934E102199FCB14DFA4E895EEDBBB6FF88304F148419E916A7360CB399945CF50
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 0235BCF8 Relevance: .2, Instructions: 152COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.370332598.0000000002350000.00000040.00000800.00020000.00000000.sdmp, Offset: 02350000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_2350000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 3d8d8adb8d12cea4430fc1006150f08f2e5c2e955c52cb84679f403e54476e7b
                                                                                                                                                • Instruction ID: a7cff0cc5c4f9d68f95877aa8ef8a82d373b921ceb6f9d6da29ab3cd29effebe
                                                                                                                                                • Opcode Fuzzy Hash: 3d8d8adb8d12cea4430fc1006150f08f2e5c2e955c52cb84679f403e54476e7b
                                                                                                                                                • Instruction Fuzzy Hash: 5551D374B101096FDB04EB64D8917BE77A7EFC9604F548129D606AF3D4EF30AE028B96
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 04E37A90 Relevance: .2, Instructions: 150COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.376712687.0000000004E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E30000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_4e30000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 59ae1720c9aad25efc477cc602042c5eb592216f6afe6f669587fb9ef861ef91
                                                                                                                                                • Instruction ID: 99793631a002c5eacc751c5d6fb9e49dd6c38ad8045374a52a997e9e213ee094
                                                                                                                                                • Opcode Fuzzy Hash: 59ae1720c9aad25efc477cc602042c5eb592216f6afe6f669587fb9ef861ef91
                                                                                                                                                • Instruction Fuzzy Hash: 8251BE70B052448FDB16CF68C498AAD7BF2EF49315F1590E9D805EB361DB34AC81CB50
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 02352FA1 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.370332598.0000000002350000.00000040.00000800.00020000.00000000.sdmp, Offset: 02350000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_2350000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: fabd2653ac1fa533c66d5d4ce35a50e4ec3fc484f5f98ef00b664cd4838c6f39
                                                                                                                                                • Instruction ID: 8f356dcbe1f8f1213cd571865120eb7a03e135b6041f0b3841c61cde1d3b1802
                                                                                                                                                • Opcode Fuzzy Hash: fabd2653ac1fa533c66d5d4ce35a50e4ec3fc484f5f98ef00b664cd4838c6f39
                                                                                                                                                • Instruction Fuzzy Hash: 2751B174E02218DFDB18DFB5E98859DBBB2FF88305B20892AD805BB354DB356946CF40
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 0235BD08 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.370332598.0000000002350000.00000040.00000800.00020000.00000000.sdmp, Offset: 02350000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_2350000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 093b7be56fb5dbfd436e61eb5f2d5c225eb754c05e7521f6c203fe56228d7e76
                                                                                                                                                • Instruction ID: 8c1e4e8d14b9b93a53f008cd6087214607d6849f24c9b5b2cf90acf9e1a33e9b
                                                                                                                                                • Opcode Fuzzy Hash: 093b7be56fb5dbfd436e61eb5f2d5c225eb754c05e7521f6c203fe56228d7e76
                                                                                                                                                • Instruction Fuzzy Hash: B151C370B001086BDB14EB64D8957BEB7A7EFC9604F548128D606AF394EF70AD028BD6
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 04E351E0 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.376712687.0000000004E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E30000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_4e30000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 0ee9ea02a3624a7e4a88e5dcd81703d1bcb2fd46f6a95fb851998c8d2fcab4b9
                                                                                                                                                • Instruction ID: ef319de099299be468d7571a98a77798ac00a4ff8d6710e59ce177967f457565
                                                                                                                                                • Opcode Fuzzy Hash: 0ee9ea02a3624a7e4a88e5dcd81703d1bcb2fd46f6a95fb851998c8d2fcab4b9
                                                                                                                                                • Instruction Fuzzy Hash: 8B517D35A00104EFDB04DFA5CC88EEABBBAFFC9314B158065EA059B265DB35E811CB50
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 04E3FDC8 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.376712687.0000000004E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E30000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_4e30000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 045f4341a28376b6871e75d3c3183ae2f76985a36f7b014f6464af1413f72b07
                                                                                                                                                • Instruction ID: a36844d20953a416ad88e95a9cabc4a5e553bfbdce7bb16e00ba1c530e49675c
                                                                                                                                                • Opcode Fuzzy Hash: 045f4341a28376b6871e75d3c3183ae2f76985a36f7b014f6464af1413f72b07
                                                                                                                                                • Instruction Fuzzy Hash: FD41F130B063019FDB25AB78E458B6E3BE6AFC5219F24886DD906DB781DF34AC46C741
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 06EFDEA1 Relevance: .1, Instructions: 143COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.379911454.0000000006EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_6ef0000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 0d0167fa2096dcf785e92648a02488468dfe5825417309992ded49befbc7e035
                                                                                                                                                • Instruction ID: d20b281740aca886830f6feb73e02ee62374ef8ed5004f942a41dac44c0ee10e
                                                                                                                                                • Opcode Fuzzy Hash: 0d0167fa2096dcf785e92648a02488468dfe5825417309992ded49befbc7e035
                                                                                                                                                • Instruction Fuzzy Hash: CF51D174E012189FCB18EFA4D9949EDBBB2FF89304F60912AD515BB354DB31A945CF40
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 06EFDEB0 Relevance: .1, Instructions: 141COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.379911454.0000000006EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_6ef0000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 60b5e45892fbe49f0c6b5990b6eb8f9393d03601136a2ff213ef0e80bae8aaa7
                                                                                                                                                • Instruction ID: 9e6ab9e6c6f8f53de29cb8681fd2a5a0be7165b970f500ead8d59910ad57974c
                                                                                                                                                • Opcode Fuzzy Hash: 60b5e45892fbe49f0c6b5990b6eb8f9393d03601136a2ff213ef0e80bae8aaa7
                                                                                                                                                • Instruction Fuzzy Hash: 6451C274E012189FCB18EFA4D8949EDBBB2FF89304F60912AD515BB354DB31A945CF40
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 0235F8B9 Relevance: .1, Instructions: 140COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.370332598.0000000002350000.00000040.00000800.00020000.00000000.sdmp, Offset: 02350000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_2350000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 3abe810068ec998cbf75aea836d7254f7076d6bbc901810208442cd622986438
                                                                                                                                                • Instruction ID: 1c8b8f75bfa03907f82424f83451bbcf367f072af5595b4ed546cba00b2b4e1e
                                                                                                                                                • Opcode Fuzzy Hash: 3abe810068ec998cbf75aea836d7254f7076d6bbc901810208442cd622986438
                                                                                                                                                • Instruction Fuzzy Hash: 9151D634A00219DFCB14DF94D998EADBBB2FF48314F658454E809AB661CB35EC46CF50
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 02352FB0 Relevance: .1, Instructions: 138COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.370332598.0000000002350000.00000040.00000800.00020000.00000000.sdmp, Offset: 02350000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_2350000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 8029ff4dd049409895bdd75ae0004e05e91e27f9930834dd4706bddd08742bb0
                                                                                                                                                • Instruction ID: ffd3dadf281db2929e7f4e724d176ed00a796f0cffc8a6e0c69c5907344a10ff
                                                                                                                                                • Opcode Fuzzy Hash: 8029ff4dd049409895bdd75ae0004e05e91e27f9930834dd4706bddd08742bb0
                                                                                                                                                • Instruction Fuzzy Hash: 7A51B074E02218DFDB18DFB5D94859DBBB2FF88305F10892AE909AB354DB35A846CF40
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 06EFCC12 Relevance: .1, Instructions: 136COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.379911454.0000000006EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_6ef0000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 3f155304ec27421f0e3aae09cc70eba0126ef6885bcaa94e8288af29c11f4df0
                                                                                                                                                • Instruction ID: ae68ac7d16d5e2e2ada488ba5ec2dcb21c25df05d0b8e7eace06f44b5dc3ed77
                                                                                                                                                • Opcode Fuzzy Hash: 3f155304ec27421f0e3aae09cc70eba0126ef6885bcaa94e8288af29c11f4df0
                                                                                                                                                • Instruction Fuzzy Hash: 2451D175E04308CBDB54DFA5D984AEEBBB2EF89300F20946AD409BB354DB31A945CF40
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 04E3F189 Relevance: .1, Instructions: 134COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.376712687.0000000004E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E30000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_4e30000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: c1f3c384861e8b15098d01a9c45bf5d262d1f5ff0bfa8939f0d43825e3e3e6de
                                                                                                                                                • Instruction ID: 12f5ccdfadb093cf0f3b87cbcc5430f681ae76ab8c0b7aabdbe434febd24068f
                                                                                                                                                • Opcode Fuzzy Hash: c1f3c384861e8b15098d01a9c45bf5d262d1f5ff0bfa8939f0d43825e3e3e6de
                                                                                                                                                • Instruction Fuzzy Hash: BB41FB393042019FD724DB78E458A6A77E7EF88319F148439E90987344DB38DC42CB50
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 04E33BA8 Relevance: .1, Instructions: 134COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.376712687.0000000004E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E30000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_4e30000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 388b44f323d15aabc3b8a393ee5f216f82da3f930220b2e2fe24f467a96de705
                                                                                                                                                • Instruction ID: c101a218c00f2891d49c644eb75b88ac6caf4c525743592b5febc421e05c208c
                                                                                                                                                • Opcode Fuzzy Hash: 388b44f323d15aabc3b8a393ee5f216f82da3f930220b2e2fe24f467a96de705
                                                                                                                                                • Instruction Fuzzy Hash: D6519231A006058FCB15DF68C484EAEB7B1FF89705B1584A9E949DB362D734FD52CBA0
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 0235EC78 Relevance: .1, Instructions: 132COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.370332598.0000000002350000.00000040.00000800.00020000.00000000.sdmp, Offset: 02350000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_2350000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 53fcda0d4f1fba1faf667523a82245701e1d5f66f3b1718d674ed7b309020ccb
                                                                                                                                                • Instruction ID: d8457a552ef7128fb9883e8954c7eb33892197d61c97cd25bdb78a1649fa1486
                                                                                                                                                • Opcode Fuzzy Hash: 53fcda0d4f1fba1faf667523a82245701e1d5f66f3b1718d674ed7b309020ccb
                                                                                                                                                • Instruction Fuzzy Hash: F441F070B042048FD719DBA8D858BBEBBF6EB89314F14806AD90ACB390DB349D42C791
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 04E3D310 Relevance: .1, Instructions: 128COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.376712687.0000000004E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E30000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_4e30000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: c8cfa48183e685b3fc5a88ffba40dc4ca9639baf89ad21e5a905fda272a4dcc2
                                                                                                                                                • Instruction ID: 379cab65247a0529653b954e47eee43dd3b926c59f0f7847c248f0ee14cd325e
                                                                                                                                                • Opcode Fuzzy Hash: c8cfa48183e685b3fc5a88ffba40dc4ca9639baf89ad21e5a905fda272a4dcc2
                                                                                                                                                • Instruction Fuzzy Hash: 01413834B005058FD715DF24ED9C97EBBF2EF98606B149028E806C73A1DB38AD06DB61
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 04E366E0 Relevance: .1, Instructions: 124COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.376712687.0000000004E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E30000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_4e30000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 64621712b138bcb2afd0a6c98f878a6795071872cd1b7abee4b6e367164a8993
                                                                                                                                                • Instruction ID: 7a0d1363f2933826f00157c52232d8ba21180c08694bcbb0ceab91c03b5a828e
                                                                                                                                                • Opcode Fuzzy Hash: 64621712b138bcb2afd0a6c98f878a6795071872cd1b7abee4b6e367164a8993
                                                                                                                                                • Instruction Fuzzy Hash: 6341C234B04206AFDB14EF75D458AAE7BE2EFC5208F44C869D5059B352EB30ED06CB91
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 04E3FBD8 Relevance: .1, Instructions: 123COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.376712687.0000000004E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E30000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_4e30000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 24dab2af43d8fcfc85902a7b6b1a65d2b1009be5c61395b86aa1b97dc91fb3f9
                                                                                                                                                • Instruction ID: 9963652cff3b754b4baa443ca30a08ddc651237f22a9d3d29b54d6b35f9f75e3
                                                                                                                                                • Opcode Fuzzy Hash: 24dab2af43d8fcfc85902a7b6b1a65d2b1009be5c61395b86aa1b97dc91fb3f9
                                                                                                                                                • Instruction Fuzzy Hash: 7B511634E00209DFDB05DFA4D89CAADBBB2FF88305F149459D806EB2A5DB34AC49DB50
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 06EFC281 Relevance: .1, Instructions: 114COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.379911454.0000000006EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_6ef0000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 0c00b9ddce6593086449fc479a25c0c5e9d9bdb61693b2a5b5774da4bbb633eb
                                                                                                                                                • Instruction ID: 2cfff443949a3fdb544a8c7341dce4b233d710113f8705a0c373e4c57a275601
                                                                                                                                                • Opcode Fuzzy Hash: 0c00b9ddce6593086449fc479a25c0c5e9d9bdb61693b2a5b5774da4bbb633eb
                                                                                                                                                • Instruction Fuzzy Hash: 39416634A043589BDB64DB65DC10B9ABBB7EB88304F2080A9C94A77354CF756A89CF16
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 06EFA98F Relevance: .1, Instructions: 113COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.379911454.0000000006EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_6ef0000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: c3d5f9db13ba1a0a5773a1fbe59362abb2eeda07d8ba74cf2d5dbe419f0fea82
                                                                                                                                                • Instruction ID: 13b806f9ac627a0a4b33f4d87e029b8540edec6456ed7beba6a9e08765452d64
                                                                                                                                                • Opcode Fuzzy Hash: c3d5f9db13ba1a0a5773a1fbe59362abb2eeda07d8ba74cf2d5dbe419f0fea82
                                                                                                                                                • Instruction Fuzzy Hash: 23414C31D10709DBCB14EF69C8946DEBBF1EF88314F14D669E9097B254EB70A984CB90
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 04E3C840 Relevance: .1, Instructions: 113COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.376712687.0000000004E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E30000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_4e30000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 5bb7ee70819d3372722219f43dc41c01fb4e82c2a301765a216d5cc6b33ab600
                                                                                                                                                • Instruction ID: ec0eda6d246753cfe6b1a1a42f22cc7a5744fa0571e64062aff14672973ad952
                                                                                                                                                • Opcode Fuzzy Hash: 5bb7ee70819d3372722219f43dc41c01fb4e82c2a301765a216d5cc6b33ab600
                                                                                                                                                • Instruction Fuzzy Hash: 4A31D2327056018FD3199B38DD58A2A7BE6EFC93097198879DA4AD7355DF38EC06C740
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 04E35197 Relevance: .1, Instructions: 112COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.376712687.0000000004E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E30000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_4e30000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 52b5d182f364a9abf0ff557fc64db1c43ee53f6dd79ccd7cfaedcdd99428883e
                                                                                                                                                • Instruction ID: d0d0eda4cb560394ba7ac346c18937efc50352774b525b72200c2bb6ded34fdb
                                                                                                                                                • Opcode Fuzzy Hash: 52b5d182f364a9abf0ff557fc64db1c43ee53f6dd79ccd7cfaedcdd99428883e
                                                                                                                                                • Instruction Fuzzy Hash: BC419F75A00209EFDB05DFB4C888AAEBBB6FF89305F158469E9159B360DB35E841CB50
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 0235BAB8 Relevance: .1, Instructions: 111COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.370332598.0000000002350000.00000040.00000800.00020000.00000000.sdmp, Offset: 02350000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_2350000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 9c0598669bce90ce9fbed4d5eb0aae0b8078cafecdbda5e894ac8dc34ffc9768
                                                                                                                                                • Instruction ID: 8091004b131def5e0817c1cda2997f556a2ec5588ee49c37a78c1d6ccd888f8c
                                                                                                                                                • Opcode Fuzzy Hash: 9c0598669bce90ce9fbed4d5eb0aae0b8078cafecdbda5e894ac8dc34ffc9768
                                                                                                                                                • Instruction Fuzzy Hash: 9E411971B002189FEB14EBB8D8157AEBBF2EF85308F008465D505EB399DB789D05CB91
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 04E390B8 Relevance: .1, Instructions: 111COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.376712687.0000000004E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E30000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_4e30000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 2b61056e85404251f8a04a62a9e6c10d7dd199dce71ca6387be6b16eecce5c27
                                                                                                                                                • Instruction ID: 895087dc367b13d38b1531c03bce39b3448f5d794d61bf419ccba292fbbec0f4
                                                                                                                                                • Opcode Fuzzy Hash: 2b61056e85404251f8a04a62a9e6c10d7dd199dce71ca6387be6b16eecce5c27
                                                                                                                                                • Instruction Fuzzy Hash: F83100307052059FC714ABB8E45CBAE7BE6EF88304F144869E50ADB381DF79AD42CB91
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 04E39248 Relevance: .1, Instructions: 110COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.376712687.0000000004E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E30000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_4e30000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 908c661a133bfa2c13c6fc7ed1ad468cc2dd596a09126d49d50d84580fad2957
                                                                                                                                                • Instruction ID: c0b67e3c52195d6054478bd8c74bf70c1437a147ec5ef100bf164c0cb32bca3c
                                                                                                                                                • Opcode Fuzzy Hash: 908c661a133bfa2c13c6fc7ed1ad468cc2dd596a09126d49d50d84580fad2957
                                                                                                                                                • Instruction Fuzzy Hash: 0241C270B053069FDB19ABB8941C66E7BE2EF86309F144869D406DBBC1DB389C41C782
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 04E38157 Relevance: .1, Instructions: 106COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.376712687.0000000004E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E30000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_4e30000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: bf42f435698c2aa6b57afba72040550ce081e304f1ce7fc6610455670a4c20ea
                                                                                                                                                • Instruction ID: c3552ae0ec65865d40e84bbe1cd36a7f2836e798ccd8f33a819215aa45f0b7cd
                                                                                                                                                • Opcode Fuzzy Hash: bf42f435698c2aa6b57afba72040550ce081e304f1ce7fc6610455670a4c20ea
                                                                                                                                                • Instruction Fuzzy Hash: B941F874A01504CFDB05EBA8D958EADBBF2FF88305F1584A9E506AB371DB34AD45CB40
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 06EFB3B0 Relevance: .1, Instructions: 104COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.379911454.0000000006EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_6ef0000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 7ce8b0d7aefb0985d191aa134d7db8434c343dc4ee4bf563d4b7181d4ce8fb7d
                                                                                                                                                • Instruction ID: e52e2fa6d52f1f7bc17db88a4f737ff893633ac2743480e4ef29d90d93b05734
                                                                                                                                                • Opcode Fuzzy Hash: 7ce8b0d7aefb0985d191aa134d7db8434c343dc4ee4bf563d4b7181d4ce8fb7d
                                                                                                                                                • Instruction Fuzzy Hash: 9F41EC74E003288FDB64DF69C954B9ABBB2AF8A304F4090EAC40CA7351DB315E85CF12
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 02358D88 Relevance: .1, Instructions: 102COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.370332598.0000000002350000.00000040.00000800.00020000.00000000.sdmp, Offset: 02350000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_2350000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: bba7cf31592eb93bca7321d4396b61eab4293d7fb5fcdf722b5e26233d4e609f
                                                                                                                                                • Instruction ID: 56197a03e89c01a288d6e5ca512447f05d64aa437c9d0f4f70f736b7870467b1
                                                                                                                                                • Opcode Fuzzy Hash: bba7cf31592eb93bca7321d4396b61eab4293d7fb5fcdf722b5e26233d4e609f
                                                                                                                                                • Instruction Fuzzy Hash: C6316D347022148FD718DF68D498AAE7BF6EF88705F2444A8E906EB3A0CF359C81CB51
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 06EFC0B2 Relevance: .1, Instructions: 96COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.379911454.0000000006EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_6ef0000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: bb011beb32e915da5f4130593762e3609e4437e60fded317361af396824a33b1
                                                                                                                                                • Instruction ID: e113c51e624a1d18f7381c2287cd5aa4859a04f70129c1aa1653b6dc78d2c8d7
                                                                                                                                                • Opcode Fuzzy Hash: bb011beb32e915da5f4130593762e3609e4437e60fded317361af396824a33b1
                                                                                                                                                • Instruction Fuzzy Hash: 0E310671D11218AFCB08DFA9D8587EEBBB1FF89305F60842AE511B7290DB755A44CF90
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 04E32C7B Relevance: .1, Instructions: 96COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.376712687.0000000004E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E30000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_4e30000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: ab19b0bc163dc7862937a511f0fccc28dcd2974678b246a3f795f91f0ea2b733
                                                                                                                                                • Instruction ID: 0414d1aa8bbf3bb3fe29fab294c868803b2327806bf7e5587b2a47973e7a1025
                                                                                                                                                • Opcode Fuzzy Hash: ab19b0bc163dc7862937a511f0fccc28dcd2974678b246a3f795f91f0ea2b733
                                                                                                                                                • Instruction Fuzzy Hash: D631D075A00201DFCB15DF65C588AADBBB2FF88315F1188A8EA569B361DB30FC51CB90
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 06EFD060 Relevance: .1, Instructions: 95COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.379911454.0000000006EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_6ef0000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 3e25e465a41648e80f409dda46dcf50591092bccd111addf4675b34bc61d9909
                                                                                                                                                • Instruction ID: f1296db1ef99d5a3c84786b363259de85da30672510cbff6dc062925c9434748
                                                                                                                                                • Opcode Fuzzy Hash: 3e25e465a41648e80f409dda46dcf50591092bccd111addf4675b34bc61d9909
                                                                                                                                                • Instruction Fuzzy Hash: 1641CE74E012189FCB18DFA8E9986EDBBB2FF89301F10902AE506B7350EB355946CF50
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 04E351D8 Relevance: .1, Instructions: 95COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.376712687.0000000004E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E30000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_4e30000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: e472eb5621503bf98fe42f172199b5ebaa8afd88b33f50468a7e7a1c6515d9ef
                                                                                                                                                • Instruction ID: 98a4a85e734288a6c45c495615aebe2c624e69cbfec7c493048ec08b8e26c407
                                                                                                                                                • Opcode Fuzzy Hash: e472eb5621503bf98fe42f172199b5ebaa8afd88b33f50468a7e7a1c6515d9ef
                                                                                                                                                • Instruction Fuzzy Hash: 73318D75A00209EFDB04DFA4D888AEEBBB6FF89304F158065EA159B360DB31E901CB50
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 0235E987 Relevance: .1, Instructions: 94COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.370332598.0000000002350000.00000040.00000800.00020000.00000000.sdmp, Offset: 02350000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_2350000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 41ca6d1becfbec0c108ac1ef1d70e68ec0ddc31a1750464f2403f3bcfd3e3a58
                                                                                                                                                • Instruction ID: eda2e159f1fdbb80d38023aeabe9469b2ed673283ff103d9546476868ba759de
                                                                                                                                                • Opcode Fuzzy Hash: 41ca6d1becfbec0c108ac1ef1d70e68ec0ddc31a1750464f2403f3bcfd3e3a58
                                                                                                                                                • Instruction Fuzzy Hash: 7531E476E00228DBDF14DB94D849FEDBB72EF88705F104016E819FB261CB395A05CB90
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 0235C217 Relevance: .1, Instructions: 93COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.370332598.0000000002350000.00000040.00000800.00020000.00000000.sdmp, Offset: 02350000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_2350000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 0a28d441dc4577335fee574059516a888b855d53c67e4f77f90b68bb0197ccc8
                                                                                                                                                • Instruction ID: e451eb4e06428366132f6ccde4c7d734fd9c081b724b9569ced8467a0eab083f
                                                                                                                                                • Opcode Fuzzy Hash: 0a28d441dc4577335fee574059516a888b855d53c67e4f77f90b68bb0197ccc8
                                                                                                                                                • Instruction Fuzzy Hash: 64318B31D20B468BCB11AFB8C8402D9B7B0FF99324F258716E1597B640EB30B5D5CB84
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 06EFD070 Relevance: .1, Instructions: 92COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.379911454.0000000006EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_6ef0000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: b47c1272e5154964e46972fb4d6778569ac8114be586aaa23f74712f34c5a823
                                                                                                                                                • Instruction ID: 1b94104f13b07b1a74ab68f8b747e4f1457f1043d5fc29b7a48d26d7a89eec3c
                                                                                                                                                • Opcode Fuzzy Hash: b47c1272e5154964e46972fb4d6778569ac8114be586aaa23f74712f34c5a823
                                                                                                                                                • Instruction Fuzzy Hash: 3841B174E01218AFCB14DFA8E8986EDBBB2FF89301F10502AE506B7350DB356945CF54
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 06EFE930 Relevance: .1, Instructions: 92COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.379911454.0000000006EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_6ef0000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 99a8ea18a51e0b7a1b3c6cd2e4e75b891b72c24da36b805b32bf6a05a0749eb0
                                                                                                                                                • Instruction ID: 82fa51ba13c7bfbb31d79df7666e0dcbc841ec4a76a917323373ac85b68de006
                                                                                                                                                • Opcode Fuzzy Hash: 99a8ea18a51e0b7a1b3c6cd2e4e75b891b72c24da36b805b32bf6a05a0749eb0
                                                                                                                                                • Instruction Fuzzy Hash: 2141CE75D12228EFCB14DFA4D5486EEBBF1BB49305F10946AE511B33A0DB386A45CFA0
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 06EFC0C0 Relevance: .1, Instructions: 91COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.379911454.0000000006EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_6ef0000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 042bc28e60c43462e7cc350eb7698f4cf76ea01a6d3d7cd12d76dbb9e59e4faf
                                                                                                                                                • Instruction ID: 737a9204e3379b5501ef87f142dc3f192cef50f5a2d3c23b5acb154041543b3e
                                                                                                                                                • Opcode Fuzzy Hash: 042bc28e60c43462e7cc350eb7698f4cf76ea01a6d3d7cd12d76dbb9e59e4faf
                                                                                                                                                • Instruction Fuzzy Hash: EE311870D11218AFCB08DFA5D5586EEBBB1FF89305F20846AE511B72A0DB755A48CF90
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 06EFE91F Relevance: .1, Instructions: 91COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.379911454.0000000006EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_6ef0000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 5fd62ee548cc483da45723010966bf8b49b77f7d0a35dbbb150d6b5ab99e7554
                                                                                                                                                • Instruction ID: f2c0a697c80cfe5f65018fce9ede70bf0c45da1ead8658edf603c45be1eeec86
                                                                                                                                                • Opcode Fuzzy Hash: 5fd62ee548cc483da45723010966bf8b49b77f7d0a35dbbb150d6b5ab99e7554
                                                                                                                                                • Instruction Fuzzy Hash: 0831F075D02228DFCB15CFA4D9586EEBBF1BF49305F14946AE401B32A0DB385A49CFA0
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 02356078 Relevance: .1, Instructions: 89COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.370332598.0000000002350000.00000040.00000800.00020000.00000000.sdmp, Offset: 02350000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_2350000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: f5bbd64179f2862e08840ff63c11a2f5fa9708ee6a5b6a499e67e37284f12ca0
                                                                                                                                                • Instruction ID: 9202c2c4a6dfbe5d8a701af8f898c70eff2728cc3679e86598529bc2290b6f1c
                                                                                                                                                • Opcode Fuzzy Hash: f5bbd64179f2862e08840ff63c11a2f5fa9708ee6a5b6a499e67e37284f12ca0
                                                                                                                                                • Instruction Fuzzy Hash: 8E414835A02209EFCF01EFA0E94889CBFB2FF48308B058859EA15BB2A5D7756D55DF10
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 0235C228 Relevance: .1, Instructions: 85COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.370332598.0000000002350000.00000040.00000800.00020000.00000000.sdmp, Offset: 02350000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_2350000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 6350ec7e88bc1b63562ed30c171fed6c073e764849e4ba131b5aa5077bc9fd39
                                                                                                                                                • Instruction ID: d4dd1a75c304f60651f40d61f5d9c4011239d8239673dfc55be47b6d1633ff64
                                                                                                                                                • Opcode Fuzzy Hash: 6350ec7e88bc1b63562ed30c171fed6c073e764849e4ba131b5aa5077bc9fd39
                                                                                                                                                • Instruction Fuzzy Hash: 4C317831D10B0A9ACB10AFB9C8006D9B3B1FFD9324F25872AE5597B640EB30B5D4CB84
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 02356090 Relevance: .1, Instructions: 83COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.370332598.0000000002350000.00000040.00000800.00020000.00000000.sdmp, Offset: 02350000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_2350000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 88c7a3c33677cfb8a7f115080d40abf613e7e549a9afe77ac8b31c0142bd946e
                                                                                                                                                • Instruction ID: 5c9734a5b8332ccd1a1f1dbb42c070300473457af51f722fabd54838e3fda59f
                                                                                                                                                • Opcode Fuzzy Hash: 88c7a3c33677cfb8a7f115080d40abf613e7e549a9afe77ac8b31c0142bd946e
                                                                                                                                                • Instruction Fuzzy Hash: 6B313834A02109EFCF05EFA0EA4899CBFB2FB48308F118814EA11BB2A5DB756D54DF50
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 0235EC6B Relevance: .1, Instructions: 83COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.370332598.0000000002350000.00000040.00000800.00020000.00000000.sdmp, Offset: 02350000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_2350000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: a40d3c4babe38e8a260b6effc632d12e06ff3c5e4d884fcf7d63223a7e8a121f
                                                                                                                                                • Instruction ID: e6b5e1282f9db73fd6076fab32b308557c8371766f4baf5f902790e6153f9d5a
                                                                                                                                                • Opcode Fuzzy Hash: a40d3c4babe38e8a260b6effc632d12e06ff3c5e4d884fcf7d63223a7e8a121f
                                                                                                                                                • Instruction Fuzzy Hash: 05212371B082044FD714DB68C898B6EBBF6EFC9314F15446AD50ADB392DB348D46C751
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 04E3D5B0 Relevance: .1, Instructions: 82COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.376712687.0000000004E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E30000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_4e30000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: c5a05e441373b52c01049183d4dfed97d53c5b70ad801417fba9612a9966a291
                                                                                                                                                • Instruction ID: b21497eaef69fe77231911f6dfafb6ce2a55e20ba483551b88906adce40a33dc
                                                                                                                                                • Opcode Fuzzy Hash: c5a05e441373b52c01049183d4dfed97d53c5b70ad801417fba9612a9966a291
                                                                                                                                                • Instruction Fuzzy Hash: D6316B34700106CBCB15EB25DD5CAAA7BFAEF89705F1414A8E00AEB3A1DB75AC01CB90
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 06EFBD32 Relevance: .1, Instructions: 80COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.379911454.0000000006EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_6ef0000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: f530dc92ada8a3285452fb020352614004de2f7335acde4605c90c8f4d287b58
                                                                                                                                                • Instruction ID: f102771c979261ee728a735796795efce908f84758912fb11285c8d27cd1e1ec
                                                                                                                                                • Opcode Fuzzy Hash: f530dc92ada8a3285452fb020352614004de2f7335acde4605c90c8f4d287b58
                                                                                                                                                • Instruction Fuzzy Hash: 61310E75C02218DFCB14DFA4D9587EEBBB1BF4930AF50546AE501B2290D7795A88CFA0
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 02359518 Relevance: .1, Instructions: 79COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.370332598.0000000002350000.00000040.00000800.00020000.00000000.sdmp, Offset: 02350000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_2350000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: f7a8178f9934723a1c7d01eb63371504325814ab230665bfd20a7d44690a0735
                                                                                                                                                • Instruction ID: 5c72239100ce1eab46354cf614546d10d1e313f76ff3729b56a9e0b8cffa8ff4
                                                                                                                                                • Opcode Fuzzy Hash: f7a8178f9934723a1c7d01eb63371504325814ab230665bfd20a7d44690a0735
                                                                                                                                                • Instruction Fuzzy Hash: D3318131E01706CBDB15AF78D4141ADB7B1FF85304B108A2ADA5AF7241EB34AA56CBD0
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 04E3D301 Relevance: .1, Instructions: 79COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.376712687.0000000004E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E30000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_4e30000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 9aa5702806d3339dd5b642ea9ba0d17411d5087b6531ec909fded32d84064fed
                                                                                                                                                • Instruction ID: 79f04e94dd6c4554b58b1169199fc9ed49679fc8c82f85dd6df0b48e7ef5bb8a
                                                                                                                                                • Opcode Fuzzy Hash: 9aa5702806d3339dd5b642ea9ba0d17411d5087b6531ec909fded32d84064fed
                                                                                                                                                • Instruction Fuzzy Hash: B7218C35B005018FD715DF25EC9C97EBBB2FF84606B149029E516C7291EB38AD05CBA0
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 04E3D5C0 Relevance: .1, Instructions: 78COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.376712687.0000000004E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E30000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_4e30000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 9cfbfbffc1134c6271396ce0c836ab454eef254dd8935c212569f5b4661d186c
                                                                                                                                                • Instruction ID: cc043cdab0d8909366b070013be864e75931f71b512c97a274494dd86892d94f
                                                                                                                                                • Opcode Fuzzy Hash: 9cfbfbffc1134c6271396ce0c836ab454eef254dd8935c212569f5b4661d186c
                                                                                                                                                • Instruction Fuzzy Hash: 49212A34700105CFCB19EB65D958AAA77FAEF89706F141468E50AE73A1DF75AC00CB50
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 02359528 Relevance: .1, Instructions: 77COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.370332598.0000000002350000.00000040.00000800.00020000.00000000.sdmp, Offset: 02350000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_2350000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: fd3cb7e7d451c35eb4d143fd3e36e38a7b11e2537a09d6f401775d46b77d0abe
                                                                                                                                                • Instruction ID: 98669aab155da56e8f9bdc09d42f694c86b93aba8e872f61e51a11c2b5a91906
                                                                                                                                                • Opcode Fuzzy Hash: fd3cb7e7d451c35eb4d143fd3e36e38a7b11e2537a09d6f401775d46b77d0abe
                                                                                                                                                • Instruction Fuzzy Hash: 13318431E01606CBDB11AF79D4141AEB7B1FF85304B108A2ADA5AF7340EB35AA55CBD0
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 02351971 Relevance: .1, Instructions: 76COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.370332598.0000000002350000.00000040.00000800.00020000.00000000.sdmp, Offset: 02350000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_2350000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: c900e2777dbae9e03a1ce9b5615acad2b28b19a964f81dc8a7db5994b95fb574
                                                                                                                                                • Instruction ID: baf287be56f0a5824d0a6e092f962042359d5490dd0aa74ac5ca04b97d4e5d13
                                                                                                                                                • Opcode Fuzzy Hash: c900e2777dbae9e03a1ce9b5615acad2b28b19a964f81dc8a7db5994b95fb574
                                                                                                                                                • Instruction Fuzzy Hash: F821C3313002155FD7158E68DC54BBB7BAAEFC9314F04452AF91AC7751CB759C0A87A1
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 06EFB2D8 Relevance: .1, Instructions: 76COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.379911454.0000000006EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_6ef0000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: bc3c210c79e30f8d6f06d136c99c31b92b20216b651c6816467c87b34c5842e7
                                                                                                                                                • Instruction ID: 1a5af4ca111548f8e47987220f0bfac5aeedece2206e65212b808b6f0341f9cb
                                                                                                                                                • Opcode Fuzzy Hash: bc3c210c79e30f8d6f06d136c99c31b92b20216b651c6816467c87b34c5842e7
                                                                                                                                                • Instruction Fuzzy Hash: 203156B1C06219DFCB10DFA8C9487EEBBF0FB09305F6445AAD051A7290D7784A46CFA1
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 06EFBD40 Relevance: .1, Instructions: 75COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.379911454.0000000006EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_6ef0000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: fb936e4cf59951bbd75ab71f70e3ace578785c7fea2932ceaa882a5dd7345d26
                                                                                                                                                • Instruction ID: fc920cb810bf9f61fcb942589d638a99a9233a97f9a5d4ff9c6449a1178999c9
                                                                                                                                                • Opcode Fuzzy Hash: fb936e4cf59951bbd75ab71f70e3ace578785c7fea2932ceaa882a5dd7345d26
                                                                                                                                                • Instruction Fuzzy Hash: B6311D74D02218DFCB14DFA4D9587EEBBB1BF4930AF10546AE501B3290DB795A88CFA0
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 0235C5CF Relevance: .1, Instructions: 74COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.370332598.0000000002350000.00000040.00000800.00020000.00000000.sdmp, Offset: 02350000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_2350000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 963e31cffae3f86069791ab80845efeccb4a9cd1d6d30e15b2e3eeb248698e11
                                                                                                                                                • Instruction ID: 4a60f3719a690d4f3e3081bd3caa575e6abb64b32f1a8630f2a340ce690ff764
                                                                                                                                                • Opcode Fuzzy Hash: 963e31cffae3f86069791ab80845efeccb4a9cd1d6d30e15b2e3eeb248698e11
                                                                                                                                                • Instruction Fuzzy Hash: 552171703073608BD72D6B35A06A7793BE5DB44609B182C2AE98BC6681DF2D8E02C751
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 04E303B9 Relevance: .1, Instructions: 74COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.376712687.0000000004E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E30000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_4e30000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 19582863f4a56d897079a917d000184906bb9baab0835dc9ec982d6a53bc81f7
                                                                                                                                                • Instruction ID: bfe7ad70bd0926d89fa5d35a2e672d89287495a0b8998ed8fa5b5a18dfc259cd
                                                                                                                                                • Opcode Fuzzy Hash: 19582863f4a56d897079a917d000184906bb9baab0835dc9ec982d6a53bc81f7
                                                                                                                                                • Instruction Fuzzy Hash: FC21B075A00205DFDB12DF64D898AAE7BB1FF88315F1584A9E9058B366DB30ED41CB90
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 04E3BE30 Relevance: .1, Instructions: 74COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.376712687.0000000004E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E30000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_4e30000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 4e937aae7f640d2ac79cc0de50203e819e39894f41cc33aad6c2f4052fd0cb87
                                                                                                                                                • Instruction ID: c256f69ef5209ef757ed154c0b8f0d4c2145ced092f00fc1185eb1de67eb6f07
                                                                                                                                                • Opcode Fuzzy Hash: 4e937aae7f640d2ac79cc0de50203e819e39894f41cc33aad6c2f4052fd0cb87
                                                                                                                                                • Instruction Fuzzy Hash: B721ED347057418FC315EB39D414A6ABBF6EF89215B04C8AAE59AC7751DA34EC02CB50
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 02356270 Relevance: .1, Instructions: 73COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.370332598.0000000002350000.00000040.00000800.00020000.00000000.sdmp, Offset: 02350000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_2350000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: a2f4a52b73b779eeeab58c4d3e1342970b69fcef84538be1a06a2804e48a702e
                                                                                                                                                • Instruction ID: ab81e2746123e37c8ac6e960b537892d4e514fcde25ca85fcf5039b81ada4070
                                                                                                                                                • Opcode Fuzzy Hash: a2f4a52b73b779eeeab58c4d3e1342970b69fcef84538be1a06a2804e48a702e
                                                                                                                                                • Instruction Fuzzy Hash: 1721623160874A4FCB21DF24D48188A77E2EF852487018EA9E54A8B676EB70ED1AC785
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 02353C57 Relevance: .1, Instructions: 71COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.370332598.0000000002350000.00000040.00000800.00020000.00000000.sdmp, Offset: 02350000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_2350000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: ad2e17f7bc1664633fa567273fc6fc65d115ea6dc068ee9c65bfec26c78f4da8
                                                                                                                                                • Instruction ID: 3979de6d14ba2a6beff3d06ccb8af0fed0e45a9eefa3b72095ed9145ef44420a
                                                                                                                                                • Opcode Fuzzy Hash: ad2e17f7bc1664633fa567273fc6fc65d115ea6dc068ee9c65bfec26c78f4da8
                                                                                                                                                • Instruction Fuzzy Hash: F311553130B2515FD7052768F44C5AD3FE6EFC521430408BAE20ED7252DE242D0A83A5
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 06EFA3B0 Relevance: .1, Instructions: 71COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.379911454.0000000006EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_6ef0000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 40a768dd257f361e01b5513a765cdc2f3a8b04df9c40632b42f0ca666f2be59b
                                                                                                                                                • Instruction ID: 5b87f7cc47711d1c6b0f2ecfc18ae1dfde0dd0c476fdf7fee3ec09ba2b8521bd
                                                                                                                                                • Opcode Fuzzy Hash: 40a768dd257f361e01b5513a765cdc2f3a8b04df9c40632b42f0ca666f2be59b
                                                                                                                                                • Instruction Fuzzy Hash: 9831E0B0D11218DFDB20CF99C588BDEBBB4AB48318F14842AE508BB250C7B59845CFA1
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 06EFE651 Relevance: .1, Instructions: 70COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.379911454.0000000006EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_6ef0000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 03351d04439fd80013a871cad61be1ea4efe55810a15376452bde7caf4cb37c6
                                                                                                                                                • Instruction ID: 777241030964c16b9cbd3aa803571d75459521900dbcf902ea8a3c028846df0e
                                                                                                                                                • Opcode Fuzzy Hash: 03351d04439fd80013a871cad61be1ea4efe55810a15376452bde7caf4cb37c6
                                                                                                                                                • Instruction Fuzzy Hash: FC119D36D083589FCB01CBA5A8046EDFBB0EF89320F0582ABD144F7292C3350908CBA5
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 06EFABEE Relevance: .1, Instructions: 70COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.379911454.0000000006EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_6ef0000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 4f8748910e83b880607e958a4a3edb6b962942bf3b1bc286dbdd7393611521ad
                                                                                                                                                • Instruction ID: 714e1bfb037c20d97d0ac5d21700730e811dcd914831b8cde8411129526f82e9
                                                                                                                                                • Opcode Fuzzy Hash: 4f8748910e83b880607e958a4a3edb6b962942bf3b1bc286dbdd7393611521ad
                                                                                                                                                • Instruction Fuzzy Hash: 6231F1B0D11218DFDB20CF99C988BDEBBB4AF48318F15842AE508BB350C7B59845CFA1
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 04E3F0D0 Relevance: .1, Instructions: 70COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.376712687.0000000004E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E30000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_4e30000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: a683ed75f543e85c9dcdc0f60da9cdc45c6525f35cbb1dd4085568a068e07210
                                                                                                                                                • Instruction ID: 5d20e9b0640fe3887bf2d75083596864070151553c5a81086d938e5e287aee02
                                                                                                                                                • Opcode Fuzzy Hash: a683ed75f543e85c9dcdc0f60da9cdc45c6525f35cbb1dd4085568a068e07210
                                                                                                                                                • Instruction Fuzzy Hash: 5511B2727012165FC7159BA9E85C97E7BEBEFC82297148839EA0DD7700DE35EC028B90
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 04E366D0 Relevance: .1, Instructions: 68COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.376712687.0000000004E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E30000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_4e30000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 5cd187ddbe9339f2667f180f02e85daa2a8cd7d43b2f5abe03cc1572c9c9be35
                                                                                                                                                • Instruction ID: ba9b7d6362f6ef6fb4f3043f4422234d34ad1dbe5e13cd43ba38498c7139ad09
                                                                                                                                                • Opcode Fuzzy Hash: 5cd187ddbe9339f2667f180f02e85daa2a8cd7d43b2f5abe03cc1572c9c9be35
                                                                                                                                                • Instruction Fuzzy Hash: 9821A434A0420AAFDB14DF35D448A9EBBA2EF85318F14C4A9D4099B252DB71F916CB90
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 04E3FC74 Relevance: .1, Instructions: 67COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.376712687.0000000004E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E30000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_4e30000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: d73e6dc3f6df5a570d2fafe72f10868fc43da26f580bd2c506d64f6985933ed2
                                                                                                                                                • Instruction ID: f464591b32e56b1801b288edda56c84ecf6f5ef2dbfd23cbab9e7a347204ccba
                                                                                                                                                • Opcode Fuzzy Hash: d73e6dc3f6df5a570d2fafe72f10868fc43da26f580bd2c506d64f6985933ed2
                                                                                                                                                • Instruction Fuzzy Hash: 61110231A082079FDB156778942857D3AE7EFC9A14729886DE20EDB395DF34BC068381
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 02354BE0 Relevance: .1, Instructions: 66COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.370332598.0000000002350000.00000040.00000800.00020000.00000000.sdmp, Offset: 02350000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_2350000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 9ff74720b1047b40e8ab8accfc537212937647fed20336faa2a09e6ec857bf45
                                                                                                                                                • Instruction ID: a2e00cf81e158f683fb5ac92da1bba1ab2a1720cf5180a4e85c1ba87c8ef5aa3
                                                                                                                                                • Opcode Fuzzy Hash: 9ff74720b1047b40e8ab8accfc537212937647fed20336faa2a09e6ec857bf45
                                                                                                                                                • Instruction Fuzzy Hash: DE21047010BB408FD316AF35E548596BFF1FF85304B00886AD08AC7A56DB74690ACF51
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 02357709 Relevance: .1, Instructions: 62COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.370332598.0000000002350000.00000040.00000800.00020000.00000000.sdmp, Offset: 02350000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_2350000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: e583cbae121e800ad2d927c1d0fca6cafe5186fb1b6083b56c79ac7bf5feb959
                                                                                                                                                • Instruction ID: f8b0b44e658ffb87b7cc6befb4263f5d505691cd63485c580f3d24c0cc346284
                                                                                                                                                • Opcode Fuzzy Hash: e583cbae121e800ad2d927c1d0fca6cafe5186fb1b6083b56c79ac7bf5feb959
                                                                                                                                                • Instruction Fuzzy Hash: 1711E175A093448FC7159F38E4088A97FB7EF8521571584EBDD48CB212EB358916CB91
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 06EFF4FF Relevance: .1, Instructions: 62COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.379911454.0000000006EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_6ef0000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 9a4d6c6126276c190471bfc587fb9855a127b4b1b6b2ae85ec2feba73c1c1a46
                                                                                                                                                • Instruction ID: 66b4ac03264a74bab0bd5ac77d77ff95470a7c7e459fe9b1e94260796a18e91c
                                                                                                                                                • Opcode Fuzzy Hash: 9a4d6c6126276c190471bfc587fb9855a127b4b1b6b2ae85ec2feba73c1c1a46
                                                                                                                                                • Instruction Fuzzy Hash: 552123B5D05218DFCB15DFA4C5086EEBFB0FB0A309F6095AAD411B32A0D7390A85DF60
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 04E3AB78 Relevance: .1, Instructions: 61COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.376712687.0000000004E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E30000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_4e30000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: e31a8e142ce3dfe49e7ff704b072b2a125f5c266b4509df0f0dc260e38145254
                                                                                                                                                • Instruction ID: ac9d4218f15b42460999b71c5cb1b75550b50f16a946e630dbf1bcde5c49e74d
                                                                                                                                                • Opcode Fuzzy Hash: e31a8e142ce3dfe49e7ff704b072b2a125f5c266b4509df0f0dc260e38145254
                                                                                                                                                • Instruction Fuzzy Hash: E91137307026169BC709AB34D8A89AE77A6BFC87057D4446CD54687B40CF38FC16CBC4
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 0235CE98 Relevance: .1, Instructions: 60COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.370332598.0000000002350000.00000040.00000800.00020000.00000000.sdmp, Offset: 02350000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_2350000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 352648b8329e9c5a5d78a1e41ddb859bf59f314228e921cf92309e44eaabe94d
                                                                                                                                                • Instruction ID: d4330a66ed2ec5d103c52ca20fa497c47fc2d1e4bba5e96c6682635fcec0b21f
                                                                                                                                                • Opcode Fuzzy Hash: 352648b8329e9c5a5d78a1e41ddb859bf59f314228e921cf92309e44eaabe94d
                                                                                                                                                • Instruction Fuzzy Hash: 9E117230B047169FCB10EF34D495A5EB7B2FF85208B504D29D10AAB761EB70B91687D5
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 04E379D8 Relevance: .1, Instructions: 60COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.376712687.0000000004E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E30000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_4e30000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 0ee23676b1b9d4a3f81520fbd7e6642fbe74d4402de295bc829a28f09a1638dd
                                                                                                                                                • Instruction ID: 3ceed0d7c76e1e78324546d19bc3057df3c4dbcda594a241eb86a87c50b7ea7d
                                                                                                                                                • Opcode Fuzzy Hash: 0ee23676b1b9d4a3f81520fbd7e6642fbe74d4402de295bc829a28f09a1638dd
                                                                                                                                                • Instruction Fuzzy Hash: 9A112270B062459FEB05EBB8D459AAD7FF1EF46208F2044EAE405DB781DA349D46CB42
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 06EFF510 Relevance: .1, Instructions: 59COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.379911454.0000000006EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_6ef0000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 1fe9e26d0714537dccd568eaefde92243311888de57fe8837f1e313c9b9b93df
                                                                                                                                                • Instruction ID: 274142ea62f1e3f18a4cd0e0b4fa18d32257420bf215f61c37a8560a4432b95a
                                                                                                                                                • Opcode Fuzzy Hash: 1fe9e26d0714537dccd568eaefde92243311888de57fe8837f1e313c9b9b93df
                                                                                                                                                • Instruction Fuzzy Hash: FF21E0B5C05218EFCB14DFA4D5486EEBBF0BF09305F6085AAD405B3290D7395A85DF64
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 06EFB2E8 Relevance: .1, Instructions: 59COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.379911454.0000000006EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_6ef0000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 98450f0c98e0cd677644974f3defea22b15220c025a8d60c2e25a8c2e3a76a01
                                                                                                                                                • Instruction ID: 4280a41dee87190298eb4c3a2c1288b1b1d185605912a9a4922013692bf3f544
                                                                                                                                                • Opcode Fuzzy Hash: 98450f0c98e0cd677644974f3defea22b15220c025a8d60c2e25a8c2e3a76a01
                                                                                                                                                • Instruction Fuzzy Hash: F521DEB4C16218DFCB14DFA4C9486EEBBF0BF49305F2084AAD405B3290D7794A88DFA0
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 06EFFD00 Relevance: .1, Instructions: 59COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.379911454.0000000006EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_6ef0000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: d02156bec1b9bcd9c6a5089cb88cbc12bdcfd0e2e2a215b05c6d92b5ffda5d22
                                                                                                                                                • Instruction ID: 96d40b5f2aab8d32800c86b5b8f1eb4279939ea4b0f8dff853234f1c6fc970f6
                                                                                                                                                • Opcode Fuzzy Hash: d02156bec1b9bcd9c6a5089cb88cbc12bdcfd0e2e2a215b05c6d92b5ffda5d22
                                                                                                                                                • Instruction Fuzzy Hash: BA21AD76910218AFCB468F94D944ED9BBB6FF4C310F0691A6E604AB271C7329861EF50
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 04E3B7C8 Relevance: .1, Instructions: 56COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.376712687.0000000004E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E30000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_4e30000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 0d3733fc11fd0934955ca51dba233025cb6ed4ed8963c761682c967ddaf08c41
                                                                                                                                                • Instruction ID: 8c3a35ace30c633b1f56f6ae79dd3d2287fcdedc9dfb8af0af0c41b2af0550c2
                                                                                                                                                • Opcode Fuzzy Hash: 0d3733fc11fd0934955ca51dba233025cb6ed4ed8963c761682c967ddaf08c41
                                                                                                                                                • Instruction Fuzzy Hash: 9C112B75201210CFDB169F68E4085B67BD5EF4536B70884BAD54AC7311DB39F811CB50
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 04E37DE8 Relevance: .1, Instructions: 56COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.376712687.0000000004E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E30000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_4e30000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: e3eac4b1ff7177cdc2039ffb355214d68f8e950ca72f19ed4e2e9ee9d77aced6
                                                                                                                                                • Instruction ID: bc97597b0008653f64381c5e8f2fc61b9ff1f1997e3c295de1c553f6656e1752
                                                                                                                                                • Opcode Fuzzy Hash: e3eac4b1ff7177cdc2039ffb355214d68f8e950ca72f19ed4e2e9ee9d77aced6
                                                                                                                                                • Instruction Fuzzy Hash: C911B171A04618CFCB15DF69D4085EDBBF2AF8D316F008569C506B72A0DB74AD48CBA0
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 0235DE53 Relevance: .1, Instructions: 54COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.370332598.0000000002350000.00000040.00000800.00020000.00000000.sdmp, Offset: 02350000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_2350000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: ee321cdc587b3db0917feecc6ab63753982f33a91cdb6c16032efbbe1e918b83
                                                                                                                                                • Instruction ID: 6604746440bba1a63baa5dc43a703151893950ccc6033fb677514fe9327c1540
                                                                                                                                                • Opcode Fuzzy Hash: ee321cdc587b3db0917feecc6ab63753982f33a91cdb6c16032efbbe1e918b83
                                                                                                                                                • Instruction Fuzzy Hash: 991191307057149FC725AB30E44976E7BA2FFC9209B544C6DEA4787641CF79BD0A8B40
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 04E3F558 Relevance: .1, Instructions: 52COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.376712687.0000000004E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E30000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_4e30000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 452637b507089538025565437617a0d8cc3131e961f7f841f45bfce798ff2507
                                                                                                                                                • Instruction ID: af06294e045715508b9ee7073fa02c36ee67bba6ec6ecdcbef1243ca4bbf6b3f
                                                                                                                                                • Opcode Fuzzy Hash: 452637b507089538025565437617a0d8cc3131e961f7f841f45bfce798ff2507
                                                                                                                                                • Instruction Fuzzy Hash: FB11577160420AEFD726CFA5D448AA6BBE1FF85756F00C029E90A8F350DB36EC41CB64
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 0235DE60 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.370332598.0000000002350000.00000040.00000800.00020000.00000000.sdmp, Offset: 02350000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_2350000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: e17ce3651638e9318f0d30c2710337b41827051e652e85118b3a94d514626aa9
                                                                                                                                                • Instruction ID: 88502464ec258f6dc1966d9426db374ecc82f890b788f19457af1624ebe4861b
                                                                                                                                                • Opcode Fuzzy Hash: e17ce3651638e9318f0d30c2710337b41827051e652e85118b3a94d514626aa9
                                                                                                                                                • Instruction Fuzzy Hash: D7017C303013149BC721AA25D44966EBBA7EBC4209B544C6DEA4B87241CFB9FC068B40
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 04E3C291 Relevance: .0, Instructions: 50COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.376712687.0000000004E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E30000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_4e30000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: fb4059b75590fdeb3b07bffd4b6747563e62cefc768bd4aa602f3b8f08914bad
                                                                                                                                                • Instruction ID: 4f4db73f3061b8e3c1dadddf63ec81abc81316bb4f540135db902fb0990e099d
                                                                                                                                                • Opcode Fuzzy Hash: fb4059b75590fdeb3b07bffd4b6747563e62cefc768bd4aa602f3b8f08914bad
                                                                                                                                                • Instruction Fuzzy Hash: 5001D4727041076FD7049B6CE8A8A6E7BEEEBC8765B14405AF905DB380DA74FC018BA1
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 02354ACD Relevance: .0, Instructions: 48COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.370332598.0000000002350000.00000040.00000800.00020000.00000000.sdmp, Offset: 02350000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_2350000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: d8db399662578c4cc11ab3336c13625dee7005784864941be97b936ed8fd5a15
                                                                                                                                                • Instruction ID: cf10070db901b50f826e3a37668eebf44cc04f257bfc334e26360df69337f767
                                                                                                                                                • Opcode Fuzzy Hash: d8db399662578c4cc11ab3336c13625dee7005784864941be97b936ed8fd5a15
                                                                                                                                                • Instruction Fuzzy Hash: 5001CE3520A2065FD784B731E45806D3BA3EFC42183494E68D25BDB261DE34BD0A8745
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 06EFB008 Relevance: .0, Instructions: 48COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.379911454.0000000006EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_6ef0000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 1788d734581b2e99c45535f398b38a1ec5e37a7a576b9c2e1636780a4204cd94
                                                                                                                                                • Instruction ID: 492f8e7b83e2647f6b219980598b2c2b384dd5514bfe64296c0ff28beffaec4b
                                                                                                                                                • Opcode Fuzzy Hash: 1788d734581b2e99c45535f398b38a1ec5e37a7a576b9c2e1636780a4204cd94
                                                                                                                                                • Instruction Fuzzy Hash: AEF0AF73610610ABC224864EECC5F47FBDCEB99675B14406AF65EC7721E961E80282A0
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 06EFE899 Relevance: .0, Instructions: 48COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.379911454.0000000006EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_6ef0000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 2058f750063c330c020db9c1ec6ae689000bfc1fa2e21cd938f65455ae304017
                                                                                                                                                • Instruction ID: a4fb0f18f2217c8bf9caf0322b4015dce18d92ae8cad0cb856d4bbcacde53278
                                                                                                                                                • Opcode Fuzzy Hash: 2058f750063c330c020db9c1ec6ae689000bfc1fa2e21cd938f65455ae304017
                                                                                                                                                • Instruction Fuzzy Hash: 05017839E082188FCF04CFA9E8056EDBBF0AB8C311F04912AD444B7791C7355909CFA5
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 04E3FDB8 Relevance: .0, Instructions: 47COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.376712687.0000000004E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E30000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_4e30000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 0d049be18d4afc35c359e4a7870c1733f647cbe01abc0e4f5ced5b48ff839c77
                                                                                                                                                • Instruction ID: 0dd5d485a609f5d2ce686e61a48b7ab5da8a3552079f99bf6e9a702b1ee38ed8
                                                                                                                                                • Opcode Fuzzy Hash: 0d049be18d4afc35c359e4a7870c1733f647cbe01abc0e4f5ced5b48ff839c77
                                                                                                                                                • Instruction Fuzzy Hash: 36017631B063406FD3028B36D894A677BAADFC1229B54803CD90A87712CF35FC0AC310
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 02354AE0 Relevance: .0, Instructions: 46COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.370332598.0000000002350000.00000040.00000800.00020000.00000000.sdmp, Offset: 02350000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_2350000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: ca987cb2a020de04385e4f4b75fef56dc882167ea0558ce242d82f1feb9237e3
                                                                                                                                                • Instruction ID: 220f01f0fc3b830d543055c2b21a47a4d9efeb44e0bc2c92d1526314bd99c0c9
                                                                                                                                                • Opcode Fuzzy Hash: ca987cb2a020de04385e4f4b75fef56dc882167ea0558ce242d82f1feb9237e3
                                                                                                                                                • Instruction Fuzzy Hash: 0B01B1312071066BE784BB35E44846E37E3FFC82183854E28D21BEB651DE34BD0A8795
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 0235CE88 Relevance: .0, Instructions: 46COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.370332598.0000000002350000.00000040.00000800.00020000.00000000.sdmp, Offset: 02350000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_2350000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: b2850c8be7abc48e2fb58c485a519b1a374f68d5bf98201c9d63168a46057e4e
                                                                                                                                                • Instruction ID: f276002c8077d232c63b5105ec98d2554648e4b7aecf3ca742543b5e6c15870f
                                                                                                                                                • Opcode Fuzzy Hash: b2850c8be7abc48e2fb58c485a519b1a374f68d5bf98201c9d63168a46057e4e
                                                                                                                                                • Instruction Fuzzy Hash: D3014E31B043169FCB00EF74D89659DBBB1FF862087004D65D149AB652EB70F81787D5
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 04E3C2A0 Relevance: .0, Instructions: 46COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.376712687.0000000004E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E30000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_4e30000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 574c9a772bb35fb9cd6bcebcc8e2a289e3068a263d78a6141544db1675c67fb7
                                                                                                                                                • Instruction ID: 3e40dcbf3a730dcbc061953397f577a379723bd6a1b3158ae020a395507282f5
                                                                                                                                                • Opcode Fuzzy Hash: 574c9a772bb35fb9cd6bcebcc8e2a289e3068a263d78a6141544db1675c67fb7
                                                                                                                                                • Instruction Fuzzy Hash: 7D01D6713041166FD704AB59E85CA6E7BEEEBC8665B148019F909DB340DE70EC018BA4
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 04E36C50 Relevance: .0, Instructions: 46COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.376712687.0000000004E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E30000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_4e30000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: d829504e37b34c3f0c274b0309b76179eda7a4e94d88c1740620b3e068186e39
                                                                                                                                                • Instruction ID: 16bec686824273526ef522edfcc1f1ea06fdbbde4fa7a182400a01ca69645f10
                                                                                                                                                • Opcode Fuzzy Hash: d829504e37b34c3f0c274b0309b76179eda7a4e94d88c1740620b3e068186e39
                                                                                                                                                • Instruction Fuzzy Hash: 7E012431704206AFCB209F30F5986AE7BB2EFC4711B054899E14A8B391DF35A80FCB40
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 04E3C988 Relevance: .0, Instructions: 45COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.376712687.0000000004E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E30000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_4e30000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 3872a5e46f63df881ac8f8f6f09c888fb6071f418b38cae6d9196a980b85dc9e
                                                                                                                                                • Instruction ID: 1a1076d5fa54a064fac4120807b9de246754487990860343572e27ea90f2dc79
                                                                                                                                                • Opcode Fuzzy Hash: 3872a5e46f63df881ac8f8f6f09c888fb6071f418b38cae6d9196a980b85dc9e
                                                                                                                                                • Instruction Fuzzy Hash: A201D6367001159F8B159F69E80899EF7F9EFC8225701857AD91DD3340EB30ED04CB91
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 06EFCFD9 Relevance: .0, Instructions: 42COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.379911454.0000000006EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_6ef0000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 4ab75e7a2a59b6fe6396b93ddcdac7afdd859f378c578de15f1a8e5ec6d470b7
                                                                                                                                                • Instruction ID: dc995af9d2e1b67b3d493717550d44fbe480ed598b9f1642af88052dd584acc5
                                                                                                                                                • Opcode Fuzzy Hash: 4ab75e7a2a59b6fe6396b93ddcdac7afdd859f378c578de15f1a8e5ec6d470b7
                                                                                                                                                • Instruction Fuzzy Hash: F0012835E042188FDF04CFA9E8486EDBBF1EB8D311F04916AD504B7290D7755949CB64
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 06EFDDE2 Relevance: .0, Instructions: 42COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.379911454.0000000006EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_6ef0000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 71b4f0fdd67d791ffe11cf2effab6c1da6fc696018d0b4f098e30aee489f3866
                                                                                                                                                • Instruction ID: 52319c904be63423529b3ef1582c8a05a6b7e17d0021dd09dcdd5c70c7dea63d
                                                                                                                                                • Opcode Fuzzy Hash: 71b4f0fdd67d791ffe11cf2effab6c1da6fc696018d0b4f098e30aee489f3866
                                                                                                                                                • Instruction Fuzzy Hash: B2011639E152188FCF04CFA9E8046EDBBF1EF8D315F14916AE405B3250C7754945CBA9
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 02354C58 Relevance: .0, Instructions: 41COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.370332598.0000000002350000.00000040.00000800.00020000.00000000.sdmp, Offset: 02350000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_2350000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: bf97e3319e29eb9a130ba00fc6d7d267f6ebeb21ed1cfc8a4695725ba9a4fbcd
                                                                                                                                                • Instruction ID: 9548ef65f5ee2f3863401379df78cf3e285381d6efa37146fcc36f11cb8e0e5a
                                                                                                                                                • Opcode Fuzzy Hash: bf97e3319e29eb9a130ba00fc6d7d267f6ebeb21ed1cfc8a4695725ba9a4fbcd
                                                                                                                                                • Instruction Fuzzy Hash: F60152B4502B008FE319DF21D548752BBF1FB49309F14C95DD48A86A56D7B9954BCF40
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 06EFB0C0 Relevance: .0, Instructions: 41COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.379911454.0000000006EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_6ef0000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 39bdcfa2681a8b3444209e4956ff630833839f844c9c2a0c35bc310ad9e0165f
                                                                                                                                                • Instruction ID: 99c2c367502fa0502f52acffe9a8ddae910fdabe7099bfb1b1983171166fa03d
                                                                                                                                                • Opcode Fuzzy Hash: 39bdcfa2681a8b3444209e4956ff630833839f844c9c2a0c35bc310ad9e0165f
                                                                                                                                                • Instruction Fuzzy Hash: 4B018C35E142189BCF04CFA9E9546EDBBF5FB8D319F04A02AE504B3350D7755909CBA4
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 06EFBCAA Relevance: .0, Instructions: 40COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.379911454.0000000006EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_6ef0000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 9244503e3483a77fb4bb453e40c6a514f4c8606b2b1cc6c02322dacac07f0537
                                                                                                                                                • Instruction ID: ae87723f13522044ac8569c7d05951c869458118914c89ae42a22ec9bbed58ad
                                                                                                                                                • Opcode Fuzzy Hash: 9244503e3483a77fb4bb453e40c6a514f4c8606b2b1cc6c02322dacac07f0537
                                                                                                                                                • Instruction Fuzzy Hash: 04012435E042188BCB14CFAAE8446EEBBF5FB89315F04A02AE504B7340DB345944CBA5
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 0235D5D0 Relevance: .0, Instructions: 39COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.370332598.0000000002350000.00000040.00000800.00020000.00000000.sdmp, Offset: 02350000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_2350000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: aed310451ee078e9d500d10588d9de6f10cdb6eb5d961ad7f6409f0a7a84b199
                                                                                                                                                • Instruction ID: 6678bf54ccbb92a11a2ece68fb3dc4d5793ac3f30da62d8613dd9641e7b3fde3
                                                                                                                                                • Opcode Fuzzy Hash: aed310451ee078e9d500d10588d9de6f10cdb6eb5d961ad7f6409f0a7a84b199
                                                                                                                                                • Instruction Fuzzy Hash: 9E0178342046158FCB04CF28E144D9AB7F2FF8825971688AAE94ACB672DB70E906CB40
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 02351908 Relevance: .0, Instructions: 39COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.370332598.0000000002350000.00000040.00000800.00020000.00000000.sdmp, Offset: 02350000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_2350000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 6bef093e9c8c4802c51befed5e0fa4d6a54e25f58d3e72b2805a0e86730ef16d
                                                                                                                                                • Instruction ID: 22fedeb8ed2d0c03a35892a5538f4a085f74086de434b98676d67205b81e3319
                                                                                                                                                • Opcode Fuzzy Hash: 6bef093e9c8c4802c51befed5e0fa4d6a54e25f58d3e72b2805a0e86730ef16d
                                                                                                                                                • Instruction Fuzzy Hash: 18F022727043009FD314CB64DC40AAB77AEEBC9304F11046BE119D73A2CB71AC0A87A0
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 04E3D53B Relevance: .0, Instructions: 39COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.376712687.0000000004E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E30000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_4e30000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 7c6016065d21b4650b2ed1b7467d86328df3b0df08d19c27b5dae65f0356d5c4
                                                                                                                                                • Instruction ID: 868054221031eddbeaf842cc1bc306666e74a3f77099178afa4ba6bfacb1b2b9
                                                                                                                                                • Opcode Fuzzy Hash: 7c6016065d21b4650b2ed1b7467d86328df3b0df08d19c27b5dae65f0356d5c4
                                                                                                                                                • Instruction Fuzzy Hash: 7801DB7060E381CFC747DB34C8585697BB1EF4720971944FEC085CB296DB389905CB12
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 0235CD58 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.370332598.0000000002350000.00000040.00000800.00020000.00000000.sdmp, Offset: 02350000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_2350000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 09a532d33df080b4b4f75a8b79f4b83181582c00440f39ace78274a532aadba1
                                                                                                                                                • Instruction ID: a25ac7b6ef426e3e08d9a886719cbe7fb2f3cac7a8b9ad24f8da0a76cba17ea5
                                                                                                                                                • Opcode Fuzzy Hash: 09a532d33df080b4b4f75a8b79f4b83181582c00440f39ace78274a532aadba1
                                                                                                                                                • Instruction Fuzzy Hash: 87016974E11218CFCB50DF69D4191DEBBF0EF48311B10892AE84AE7600EB34660B8B84
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 0235D5E0 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.370332598.0000000002350000.00000040.00000800.00020000.00000000.sdmp, Offset: 02350000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_2350000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 8862bdbcfefd09ac82147627341c676888f6c130c7f9202a47369efc53288f7f
                                                                                                                                                • Instruction ID: e122705edd4f9aabfb86c4c3ab4f818cd6e0e39b57afdb70c8a697cc270a184b
                                                                                                                                                • Opcode Fuzzy Hash: 8862bdbcfefd09ac82147627341c676888f6c130c7f9202a47369efc53288f7f
                                                                                                                                                • Instruction Fuzzy Hash: B50169343006158FC754CF29E444C9AB7E6FF8821575284A9E90ACB721DBB0FD02CB90
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 04E36CE0 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.376712687.0000000004E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E30000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_4e30000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: a2cd7575692ac4fe927df69e289889621aa0839b4430915685b095afa4dafa48
                                                                                                                                                • Instruction ID: 63431291986e8c1b5a3fe811ca6f3730c5450068548aa98cecc56b8facab00cf
                                                                                                                                                • Opcode Fuzzy Hash: a2cd7575692ac4fe927df69e289889621aa0839b4430915685b095afa4dafa48
                                                                                                                                                • Instruction Fuzzy Hash: 9EF0BB317011246BD7367774A8287BA3796D78470AF44102AE70A9F2C4DEA5BC40D795
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 04E30BE8 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.376712687.0000000004E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E30000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_4e30000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 1c859ba5bfe87b0ac24ffd3b4e808161e40577b3a70bf79beed27196d99f5c90
                                                                                                                                                • Instruction ID: 45cb96e5f52ad81f599dd447a1617463c52ff228e9346d910e9cc725fd9849b6
                                                                                                                                                • Opcode Fuzzy Hash: 1c859ba5bfe87b0ac24ffd3b4e808161e40577b3a70bf79beed27196d99f5c90
                                                                                                                                                • Instruction Fuzzy Hash: FEF0D172A040298BC722CF24E8947E9BBB4AB48240F0144EAD185E7191DB348454CBA0
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 02351E60 Relevance: .0, Instructions: 37COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.370332598.0000000002350000.00000040.00000800.00020000.00000000.sdmp, Offset: 02350000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_2350000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 734ab6bb0b171609e2fc44b32ff51e73b1783082da5a8bfe067704062909eb5f
                                                                                                                                                • Instruction ID: a0b3c410a51f1178af07cfa73ff10f7f1aac3674749cfa33d3d6b0a353c88d03
                                                                                                                                                • Opcode Fuzzy Hash: 734ab6bb0b171609e2fc44b32ff51e73b1783082da5a8bfe067704062909eb5f
                                                                                                                                                • Instruction Fuzzy Hash: E101D2B4D05219EFCB14DFA9D944AAEFBF4BB48305F2085AAD819B3350E7740A44DF91
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 02351918 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.370332598.0000000002350000.00000040.00000800.00020000.00000000.sdmp, Offset: 02350000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_2350000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: e37a185609afe4a99f7cadbc56b5071bb85c0354d1a8ecbef6c330d79d105297
                                                                                                                                                • Instruction ID: cf999fe4872502af9bb9861e631ef4222f1e742400ea47e802a464c009e18f9b
                                                                                                                                                • Opcode Fuzzy Hash: e37a185609afe4a99f7cadbc56b5071bb85c0354d1a8ecbef6c330d79d105297
                                                                                                                                                • Instruction Fuzzy Hash: 07F05E727002196FD714CAA5DC44EABB7EEEBC8314F10493AE11AC7751DBB5AC0587A0
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 06EFE680 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.379911454.0000000006EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_6ef0000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: c0dccdfaafa0657468c29a2fe1139474ac67aa5090b1cc207ee34cf5300de224
                                                                                                                                                • Instruction ID: cb8ba4f4666d9f473fd69edc6bb956cd68bf3367446a83a88cf55cac37c10e00
                                                                                                                                                • Opcode Fuzzy Hash: c0dccdfaafa0657468c29a2fe1139474ac67aa5090b1cc207ee34cf5300de224
                                                                                                                                                • Instruction Fuzzy Hash: 41F01474E142189BCB04CFA9E804AEDBBF5FB8D311F04916AE504B3290CB345904CBA9
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 06EFF488 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.379911454.0000000006EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_6ef0000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 7606cb745bb01d052c506bec786a7fb663458538ddea0c86e2101327000701ed
                                                                                                                                                • Instruction ID: e022bdf05f3fd0d3a92006e5de7a644cde7780929eeca82d574f6283adc8efeb
                                                                                                                                                • Opcode Fuzzy Hash: 7606cb745bb01d052c506bec786a7fb663458538ddea0c86e2101327000701ed
                                                                                                                                                • Instruction Fuzzy Hash: 4CF03735E042188BCF04CFA9E944AEDBBF5FB8D315F04912AE504B3351CB745905CBA4
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 06EFB0D0 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.379911454.0000000006EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_6ef0000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: b0a1d21e90e3cd4e958416c6830d10a8baf6933ef9b6a95caedbc30424db505a
                                                                                                                                                • Instruction ID: 9f5f50c32615eebe52b0db5103cebeb954978d88e0091e2b8ed831f0da12cf07
                                                                                                                                                • Opcode Fuzzy Hash: b0a1d21e90e3cd4e958416c6830d10a8baf6933ef9b6a95caedbc30424db505a
                                                                                                                                                • Instruction Fuzzy Hash: 29F03734E042189BCF04CFAAE9046EDBBF5FB8D315F04A12AE504B3340DB745948CBA4
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 06EFC038 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.379911454.0000000006EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_6ef0000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 7f981c34322b2c965d07548f138a5fb0f32b57eb152dcac3b33235913b2aebd9
                                                                                                                                                • Instruction ID: ff8a12001182d9f780a826014a24599f747c6de3fce31237ca5643fe3a1c6525
                                                                                                                                                • Opcode Fuzzy Hash: 7f981c34322b2c965d07548f138a5fb0f32b57eb152dcac3b33235913b2aebd9
                                                                                                                                                • Instruction Fuzzy Hash: 5FF03774E042188BCF04CFA9E9046EDBBF5FB8D311F14A16AE504B3340DB755945CBA4
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 06EFCFE8 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.379911454.0000000006EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_6ef0000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 96e9ab22d3e89e3bfc94b84d2880999dfa0049954c56ddb796a212cec4ff6b20
                                                                                                                                                • Instruction ID: ffbeee51ec46f784644defc9e6fab6010f1c876bb08b9d4be0eba5f4e00a4983
                                                                                                                                                • Opcode Fuzzy Hash: 96e9ab22d3e89e3bfc94b84d2880999dfa0049954c56ddb796a212cec4ff6b20
                                                                                                                                                • Instruction Fuzzy Hash: C9F01434E042188BCF04CFA9E8446EDBBF6FB8D311F04916AE504B3250DB755949CBA4
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 06EFAF1E Relevance: .0, Instructions: 36COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.379911454.0000000006EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_6ef0000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 500c89cd27406e402ed32f838d316ef6a8620720ac08a801bf6c9d76d32c3e91
                                                                                                                                                • Instruction ID: f16048479621b4438d45220281ac262349b19ee2c2806030308b4079ea5e671d
                                                                                                                                                • Opcode Fuzzy Hash: 500c89cd27406e402ed32f838d316ef6a8620720ac08a801bf6c9d76d32c3e91
                                                                                                                                                • Instruction Fuzzy Hash: D90108B2D10219DFDB94CFA9C4043EE7BB1FB44324F248625E428AE290D7744A45CB90
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 06EFBCB8 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.379911454.0000000006EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_6ef0000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 01b2565949029f120cacf830a9bec7630bff1fbf8868de1ab250078551e442a0
                                                                                                                                                • Instruction ID: 2c844c335d060064046b1afb95d05f75f5f491d7567b94e4d7f995e89f940f1a
                                                                                                                                                • Opcode Fuzzy Hash: 01b2565949029f120cacf830a9bec7630bff1fbf8868de1ab250078551e442a0
                                                                                                                                                • Instruction Fuzzy Hash: 96F01434E042188BCF04CFAAE9046EDBBF5FB8D311F04A16AE504B3240CB355904CFA5
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 06EFDDF0 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.379911454.0000000006EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_6ef0000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 7fd0a5e482d7ec9d80c6cd6ceba988114236bdea467c03380cc2f2d2802f0bae
                                                                                                                                                • Instruction ID: 5785dd5173c27b2f23baada6c0f441619d62f193baffffa41de799400a30b3d2
                                                                                                                                                • Opcode Fuzzy Hash: 7fd0a5e482d7ec9d80c6cd6ceba988114236bdea467c03380cc2f2d2802f0bae
                                                                                                                                                • Instruction Fuzzy Hash: 7CF01435E042188BCF04CFA9E8046EDFBF5FB8D315F04912AE504B3240CB345904CBA4
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 06EFFB28 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.379911454.0000000006EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_6ef0000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 5e4a97981099565d5cb2820701652787fe491fa3d622bba31636796cb8021620
                                                                                                                                                • Instruction ID: 23c944350c64199addf452636a233ed97962717d26e55c3d932cdb3b2e3545ec
                                                                                                                                                • Opcode Fuzzy Hash: 5e4a97981099565d5cb2820701652787fe491fa3d622bba31636796cb8021620
                                                                                                                                                • Instruction Fuzzy Hash: 2DF03734E042188BCF04CFA9E9546EDBBF5FB8D311F04912AE504B3344DB345908CBA4
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 06EFE8A8 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.379911454.0000000006EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_6ef0000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 6eaad47384604d011f37302a12a39074b8e2bfae6767f38348511ba92b528030
                                                                                                                                                • Instruction ID: 490d7930e5efd585edfa530879943081fc0117970230b8b9d85af9cb21af273f
                                                                                                                                                • Opcode Fuzzy Hash: 6eaad47384604d011f37302a12a39074b8e2bfae6767f38348511ba92b528030
                                                                                                                                                • Instruction Fuzzy Hash: 4CF01434E042189BCF04CFA9E9046EDBBF5FB8D311F04916AE504B3250CB345904CBA5
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 06EFFBB0 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.379911454.0000000006EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_6ef0000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 3d79d01f57c312f22cd7ab6e99c6a7dcfcfde6f89cb342af87f5e7c6683c4be6
                                                                                                                                                • Instruction ID: 8d4d3f1202f32921c69cdc2b62d2d93ccb198cfb84886604acd0f464a90d0bbf
                                                                                                                                                • Opcode Fuzzy Hash: 3d79d01f57c312f22cd7ab6e99c6a7dcfcfde6f89cb342af87f5e7c6683c4be6
                                                                                                                                                • Instruction Fuzzy Hash: 08F09031E142188BDF04CFA9E8047DDBBF5FB89311F049076D505B7240CB755844CBA4
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 04E3F4E0 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.376712687.0000000004E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E30000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_4e30000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 2642b360cac9ebcb0e6994b9776fdaaf368ad47f148bae2857837c34950c6127
                                                                                                                                                • Instruction ID: 9516a0efba4dd1c4c586822ad0cb3f84d6064b248264c985c190fba952c33b73
                                                                                                                                                • Opcode Fuzzy Hash: 2642b360cac9ebcb0e6994b9776fdaaf368ad47f148bae2857837c34950c6127
                                                                                                                                                • Instruction Fuzzy Hash: 240181B6E102299FCB06CF9998146EEBFB6BBCC311F04806AE225E7150DB344616CF90
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 04E3F4F0 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.376712687.0000000004E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E30000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_4e30000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 3528ea5da45b8b507f4672823ae5678b993cdb0203ccba097728ca46dce4ca11
                                                                                                                                                • Instruction ID: 68c709bd65027918488e5b5fe4d2688bcdce917228a755ee7e637d19842e0ad7
                                                                                                                                                • Opcode Fuzzy Hash: 3528ea5da45b8b507f4672823ae5678b993cdb0203ccba097728ca46dce4ca11
                                                                                                                                                • Instruction Fuzzy Hash: 92F062B6E10118ABCB01DF999C09AEEBBFAEFCC210F04802AE615E7240DB3456118F90
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 02351EE0 Relevance: .0, Instructions: 34COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.370332598.0000000002350000.00000040.00000800.00020000.00000000.sdmp, Offset: 02350000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_2350000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 5088f705dfae4a64d782640e1b6a205898a759a17a7748ae65cac56f8f55cfa5
                                                                                                                                                • Instruction ID: c106cfc974a9bb9a427d369c16809b93feb5d9b744c69d3317a95c31c7a7551e
                                                                                                                                                • Opcode Fuzzy Hash: 5088f705dfae4a64d782640e1b6a205898a759a17a7748ae65cac56f8f55cfa5
                                                                                                                                                • Instruction Fuzzy Hash: E0F0FE353046204F8754DBA9E950966F7D9EBC8369314856EDA5EC7740DB32EC028791
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 06EFAFBA Relevance: .0, Instructions: 34COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.379911454.0000000006EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_6ef0000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 2f36f8779bc155965a8f6cfd95ccf4ff60889ccec44a82e0ab8932969cd567b4
                                                                                                                                                • Instruction ID: 606bf193e8106c5c781a0ad75924410d310be302d1ac57abf78b08c282e68091
                                                                                                                                                • Opcode Fuzzy Hash: 2f36f8779bc155965a8f6cfd95ccf4ff60889ccec44a82e0ab8932969cd567b4
                                                                                                                                                • Instruction Fuzzy Hash: B1F0E232B042146FD3008A4ECC94F97FBEDEFD5620F10406AE504D7351CA71EC0082A0
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 06EFAF28 Relevance: .0, Instructions: 34COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.379911454.0000000006EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_6ef0000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 0faf3bf6c153a79caf886095a1dae5186a8a57c5c7c1e831cb7101f4f09a4d96
                                                                                                                                                • Instruction ID: 8817184b0bcead46d23b13b742f0e5ba396fc911280d8134a50167fff337d2b6
                                                                                                                                                • Opcode Fuzzy Hash: 0faf3bf6c153a79caf886095a1dae5186a8a57c5c7c1e831cb7101f4f09a4d96
                                                                                                                                                • Instruction Fuzzy Hash: A201D6B1C10219DFDB94DF6AC4043AEBBB5AB48364F20C629E928AE290D7744A45CB90
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 04E3F0C0 Relevance: .0, Instructions: 34COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.376712687.0000000004E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E30000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_4e30000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 661f38efaf54bb9593ffbe4fd73f63af4ec895c834fb606dfbd246383282dd98
                                                                                                                                                • Instruction ID: b7e06db56aabb3fa833b38e52770e58b26b44c5d771ba114f59f5528559a6811
                                                                                                                                                • Opcode Fuzzy Hash: 661f38efaf54bb9593ffbe4fd73f63af4ec895c834fb606dfbd246383282dd98
                                                                                                                                                • Instruction Fuzzy Hash: 30F02E7260414A6FC7008699E858AAF7FFAEBC4230704802DF60DE7301CA31EC058750
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 0235C8F7 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.370332598.0000000002350000.00000040.00000800.00020000.00000000.sdmp, Offset: 02350000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_2350000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: e27698181d768133618091641d3f85e9b86dc9afa2dd506293d413f470490790
                                                                                                                                                • Instruction ID: ceebeb3089553a6a1e7fe90004bee56de4cffd6d0d3b8571dc7954ab2990ce2e
                                                                                                                                                • Opcode Fuzzy Hash: e27698181d768133618091641d3f85e9b86dc9afa2dd506293d413f470490790
                                                                                                                                                • Instruction Fuzzy Hash: 6AF02B767162009FD7143B65B85D49E7FA6EBCA318350487AF506E7212DE741C03C770
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 0235CF59 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.370332598.0000000002350000.00000040.00000800.00020000.00000000.sdmp, Offset: 02350000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_2350000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 4ad12dbda40c891a6544c43cbe6c433b21a1a465fdfce3c19a4dff678fa6ef80
                                                                                                                                                • Instruction ID: 34181d346cb1d3e64afaccd4d55b1bcb2433d2fed33e406c4211c97ae2a60c5d
                                                                                                                                                • Opcode Fuzzy Hash: 4ad12dbda40c891a6544c43cbe6c433b21a1a465fdfce3c19a4dff678fa6ef80
                                                                                                                                                • Instruction Fuzzy Hash: 80F0E97760A7628FC3018F38D854C58BB75EF4562431985DBD449DB763CB24DD42C790
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 04E3F547 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.376712687.0000000004E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E30000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_4e30000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 82df86b2b807997888ccef4a3c3440f11c2ca6c0915553fd53ddbde00fd359af
                                                                                                                                                • Instruction ID: c0af7753c7551881f1305198a2406436302bc736a5677c9cbad759683a3be441
                                                                                                                                                • Opcode Fuzzy Hash: 82df86b2b807997888ccef4a3c3440f11c2ca6c0915553fd53ddbde00fd359af
                                                                                                                                                • Instruction Fuzzy Hash: AEF0B471A04206EFD715CF65D808B56BBE2FF85756F05C028E4098B210E734EC02CB50
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 02355519 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.370332598.0000000002350000.00000040.00000800.00020000.00000000.sdmp, Offset: 02350000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_2350000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 09db4bf487d9805339d781915672cdf99eaeebc0fbb98aef09720f932be08b68
                                                                                                                                                • Instruction ID: c04b28381c08ac2fa6dc4c7f7ec5a010fdb3c6db153edfb9cf5e7a469118513e
                                                                                                                                                • Opcode Fuzzy Hash: 09db4bf487d9805339d781915672cdf99eaeebc0fbb98aef09720f932be08b68
                                                                                                                                                • Instruction Fuzzy Hash: 1EF03A78A0620CAFCB40EFB4E59A0CC7BF0EB49204B2149A9D509E7355EA306F4A8B51
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 0235E955 Relevance: .0, Instructions: 31COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.370332598.0000000002350000.00000040.00000800.00020000.00000000.sdmp, Offset: 02350000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_2350000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: c1a2232e996e9c6f428d23264991716ab14bb98ee11bddde9b6688eb72aaba3e
                                                                                                                                                • Instruction ID: 5181aa4c65b475227ac028589bef48d303dad284477fd74c9d797e750a080648
                                                                                                                                                • Opcode Fuzzy Hash: c1a2232e996e9c6f428d23264991716ab14bb98ee11bddde9b6688eb72aaba3e
                                                                                                                                                • Instruction Fuzzy Hash: 8801F635A11229AFDF10CF90D855FEDBB72BF48304F204005E845B62A1CB395A44DF50
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 0235CD68 Relevance: .0, Instructions: 31COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.370332598.0000000002350000.00000040.00000800.00020000.00000000.sdmp, Offset: 02350000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_2350000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: c40cbfbeb0c580c1de9454d67f4a18c0d7f68e0644ca3da56fb6100bc5b92eb1
                                                                                                                                                • Instruction ID: e4169b7fe5c1f166e479d329a3f80cfcc333e0eeca9cd7613267a35c62c8be62
                                                                                                                                                • Opcode Fuzzy Hash: c40cbfbeb0c580c1de9454d67f4a18c0d7f68e0644ca3da56fb6100bc5b92eb1
                                                                                                                                                • Instruction Fuzzy Hash: EEF0F974A013188FCB54DF69D80959EBBF4FF88711F10452AE809E7700EB746A05CB95
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 06EFAFC8 Relevance: .0, Instructions: 30COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.379911454.0000000006EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_6ef0000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: ab04c54b971ca452d6bbecdc5f9e6f109f0c3505c6f48e64712702b99fd90fa2
                                                                                                                                                • Instruction ID: 3bdd1705cdb0c5bbcbc278737107e3a1285a325b1b46bdc44d80e1511990ce9c
                                                                                                                                                • Opcode Fuzzy Hash: ab04c54b971ca452d6bbecdc5f9e6f109f0c3505c6f48e64712702b99fd90fa2
                                                                                                                                                • Instruction Fuzzy Hash: D6E06D36B042186F93049A5E9C44D6BFBEDEFD9620B10807AF509D7361CAB1EC0086A4
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 02354B80 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.370332598.0000000002350000.00000040.00000800.00020000.00000000.sdmp, Offset: 02350000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_2350000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: c0f6442cd14bb3df494d5eb3add505d46e15759d7476b81a69c2ad037822c54d
                                                                                                                                                • Instruction ID: f363af9d938e1fb5f4bfa7e30ef4d26685cf6912606b8551df05226b204a2965
                                                                                                                                                • Opcode Fuzzy Hash: c0f6442cd14bb3df494d5eb3add505d46e15759d7476b81a69c2ad037822c54d
                                                                                                                                                • Instruction Fuzzy Hash: 8DF027312077418FD300AB29E0096CA7BF1EF8020CB000C68D18BCAA52C775784B8F61
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 06EFBBE0 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.379911454.0000000006EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_6ef0000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: ecb538b097a6a28c7b723d9d71e009012d7dc8863fce8d3740d80df8ec92ff36
                                                                                                                                                • Instruction ID: 266b1d04a25b9f074fddb33a053982269c0da07c8a737b67ef658e98d65eedcc
                                                                                                                                                • Opcode Fuzzy Hash: ecb538b097a6a28c7b723d9d71e009012d7dc8863fce8d3740d80df8ec92ff36
                                                                                                                                                • Instruction Fuzzy Hash: EAF0DAB0D1430A9FDB44DFA9D845AAFBBF4FB48300F1045AAD618EB200DB749640CB90
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 06EFBBD0 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.379911454.0000000006EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_6ef0000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 13cdc5c4188723b5c8f789d7f43faa315eccf7803d861cb58abca95500c693f6
                                                                                                                                                • Instruction ID: cae32a406c22270b36cfc93e8388f349b1e096ba9b7d73135968a35440887099
                                                                                                                                                • Opcode Fuzzy Hash: 13cdc5c4188723b5c8f789d7f43faa315eccf7803d861cb58abca95500c693f6
                                                                                                                                                • Instruction Fuzzy Hash: 5BF049B09143468FDB64CFA9C845AAFBFF0AB09234F148B999174DB2D1DB349541CB80
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 0235CF68 Relevance: .0, Instructions: 28COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.370332598.0000000002350000.00000040.00000800.00020000.00000000.sdmp, Offset: 02350000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_2350000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 487224ba548cdc8d96d0210f96218152952cf9f6126dbb0a89af425f0c17b8ef
                                                                                                                                                • Instruction ID: 9aa8df9362a95bf94dc66610bf7bf6a36b02b0683a02adfbd81bd71220f0a687
                                                                                                                                                • Opcode Fuzzy Hash: 487224ba548cdc8d96d0210f96218152952cf9f6126dbb0a89af425f0c17b8ef
                                                                                                                                                • Instruction Fuzzy Hash: 82F0E532301A219FC3108F28D444C49BBB9EF85A2430581AAE90D8B321CB20ED41C7D4
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 04E35D78 Relevance: .0, Instructions: 28COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.376712687.0000000004E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E30000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_4e30000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 572e13171738670709a96d183b7f1c72a6a4ed2e844ffb327b3f3d0cb487e4bf
                                                                                                                                                • Instruction ID: 2bbb190d44742d07b525854548132799ff0d48997853214aa0e5790d1e0d5054
                                                                                                                                                • Opcode Fuzzy Hash: 572e13171738670709a96d183b7f1c72a6a4ed2e844ffb327b3f3d0cb487e4bf
                                                                                                                                                • Instruction Fuzzy Hash: 06E0E53020D7414EE311BB64A4A40587BA3DFC51047468DA9C1829B6A3DF30790A4354
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 02354BF0 Relevance: .0, Instructions: 27COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.370332598.0000000002350000.00000040.00000800.00020000.00000000.sdmp, Offset: 02350000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_2350000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 7b485e9efd548f3dcf677d2be2a588d80ebdd13258b5a90b51ee3402e9030cfa
                                                                                                                                                • Instruction ID: 6755417a82fad1eeeb13556bec1345c7c63f7e5f1029d37eafa7c06d9fd4d066
                                                                                                                                                • Opcode Fuzzy Hash: 7b485e9efd548f3dcf677d2be2a588d80ebdd13258b5a90b51ee3402e9030cfa
                                                                                                                                                • Instruction Fuzzy Hash: CCF05470503B058FD729DF36D508566BBF6FF88305700892EE44B83A58DBB4A905CF94
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 023594B8 Relevance: .0, Instructions: 27COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.370332598.0000000002350000.00000040.00000800.00020000.00000000.sdmp, Offset: 02350000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_2350000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 87e327294020c03bdfdc551ee684065077c90df34eb99e023cd8cf62fb82506a
                                                                                                                                                • Instruction ID: 04453d19e468a896bd210ff2f2c7e7267ce9024802329c5a82214221268e831a
                                                                                                                                                • Opcode Fuzzy Hash: 87e327294020c03bdfdc551ee684065077c90df34eb99e023cd8cf62fb82506a
                                                                                                                                                • Instruction Fuzzy Hash: 51F0A034A8A7414FC344EB24D58A08E7BE3EE852043008DB9C24B8B966EF30B909875A
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 02351F31 Relevance: .0, Instructions: 27COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.370332598.0000000002350000.00000040.00000800.00020000.00000000.sdmp, Offset: 02350000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_2350000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: e032b229f54c7bf6478737189376c802c5b7cc946b33c6c419f5e85f8f41bb3b
                                                                                                                                                • Instruction ID: 5829a2d091f4024f34d6aa5108508a16af24f2b16dd7f3d7cf8577ffc34febc5
                                                                                                                                                • Opcode Fuzzy Hash: e032b229f54c7bf6478737189376c802c5b7cc946b33c6c419f5e85f8f41bb3b
                                                                                                                                                • Instruction Fuzzy Hash: 3DF0E274E05208AFCB04EFB4E881B9CBFB0FB15308F1086AAC848A7395D3744980CF41
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 0235C908 Relevance: .0, Instructions: 26COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.370332598.0000000002350000.00000040.00000800.00020000.00000000.sdmp, Offset: 02350000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_2350000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 3a950d322cd5c00f44f2ceb0b4f2f5172d76d7ebc78de423e001ec36860988a7
                                                                                                                                                • Instruction ID: 3258526c94da4c037ac175980c943aee5c3aa98f27bf1412f273b357d30ce814
                                                                                                                                                • Opcode Fuzzy Hash: 3a950d322cd5c00f44f2ceb0b4f2f5172d76d7ebc78de423e001ec36860988a7
                                                                                                                                                • Instruction Fuzzy Hash: 06E0DF3130620467D718366AB85C85FBB9AEBC92287508839F609E3201CEB56C0182A1
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 04E390A8 Relevance: .0, Instructions: 26COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.376712687.0000000004E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E30000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_4e30000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 9e10df95a2529cf5b0d709ae07bdbe306e01f374f5eedc28475747f98d105544
                                                                                                                                                • Instruction ID: f0bd6c808eeae506239f0b85441440c77ffd2d0cd645f44ce62609bfae8a63bc
                                                                                                                                                • Opcode Fuzzy Hash: 9e10df95a2529cf5b0d709ae07bdbe306e01f374f5eedc28475747f98d105544
                                                                                                                                                • Instruction Fuzzy Hash: F2F02030208A128FC71AAB28F4A89A93BE2EF04305304049EE043CB2B2CF78BD44CB40
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 02358FF2 Relevance: .0, Instructions: 25COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.370332598.0000000002350000.00000040.00000800.00020000.00000000.sdmp, Offset: 02350000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_2350000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: ab3ca63db0df8d69529b7b1e5d1e41efd6e388aa81ef537594692ce7f4eaa909
                                                                                                                                                • Instruction ID: 668b9e02112926635fc989a93114c2fd1b601e00d71bf51414e9006427c1a7fc
                                                                                                                                                • Opcode Fuzzy Hash: ab3ca63db0df8d69529b7b1e5d1e41efd6e388aa81ef537594692ce7f4eaa909
                                                                                                                                                • Instruction Fuzzy Hash: ADE0DF353062658BCB1A9235B450578775BEEC829930A89BACB0DC7691EF319816C381
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 02353C11 Relevance: .0, Instructions: 25COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.370332598.0000000002350000.00000040.00000800.00020000.00000000.sdmp, Offset: 02350000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_2350000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 0d50e4792016387aac7811836c7a2d4a379ac4f52453242a1d792d8e118967c2
                                                                                                                                                • Instruction ID: aff9b47b1177beb3520780b4274561e7a52f43b5e337d099cc856b89fac6adbf
                                                                                                                                                • Opcode Fuzzy Hash: 0d50e4792016387aac7811836c7a2d4a379ac4f52453242a1d792d8e118967c2
                                                                                                                                                • Instruction Fuzzy Hash: 03E026367021268BC7096724F0880BC3BA7EFC42553080CBAD30BCB3A1EF299C068395
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 06EFBA69 Relevance: .0, Instructions: 24COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.379911454.0000000006EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_6ef0000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 9a00ab82b41c825529af4078797e76acbc89ad35fc513a944efd69f7c45e724a
                                                                                                                                                • Instruction ID: ad6652ce49c6476b8439169e432013d0767ccbb40d5b826a6b9ce9a0b3468ff6
                                                                                                                                                • Opcode Fuzzy Hash: 9a00ab82b41c825529af4078797e76acbc89ad35fc513a944efd69f7c45e724a
                                                                                                                                                • Instruction Fuzzy Hash: 9CF03930D65319CFDBA09F70C9187AEB7B1AB06304F1078D9C10AB2281CB754A84CF44
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 02350437 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.370332598.0000000002350000.00000040.00000800.00020000.00000000.sdmp, Offset: 02350000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_2350000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 29bc8cfc2ed8e0dbc40778cacb5555bdb57aeed7904e5fbef0d24906cbf9cb1f
                                                                                                                                                • Instruction ID: b9c02d0422a419cc6e65d4a9cf9c5f77be5a616825c1977263ab2851a17582b1
                                                                                                                                                • Opcode Fuzzy Hash: 29bc8cfc2ed8e0dbc40778cacb5555bdb57aeed7904e5fbef0d24906cbf9cb1f
                                                                                                                                                • Instruction Fuzzy Hash: 30E0C2A445F3445ECB218BB07809AFA3F70EB13305F0012DBD80892062D762460EAB15
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 02355528 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.370332598.0000000002350000.00000040.00000800.00020000.00000000.sdmp, Offset: 02350000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_2350000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 873b5abbb74b070fc4f51f57eac7eda72e99654db9a310c3475dea25c84307d0
                                                                                                                                                • Instruction ID: fe444d9921cfaaa62a21b9748da891d10e8c0a940f20fc708c275242a609d905
                                                                                                                                                • Opcode Fuzzy Hash: 873b5abbb74b070fc4f51f57eac7eda72e99654db9a310c3475dea25c84307d0
                                                                                                                                                • Instruction Fuzzy Hash: 70F01534A0220DEFCB40EFA8D54949DBBF1EB88204B5049A8D909E3354EA307F488B41
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 02351F40 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.370332598.0000000002350000.00000040.00000800.00020000.00000000.sdmp, Offset: 02350000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_2350000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: af3de5b8d2b64f4e5c7f4f0a3214b5d56641974e318f358550b352aa2eb9beca
                                                                                                                                                • Instruction ID: bbba15752573fc9fbddae81ed9d42c4f2913f8043ac1a9d6ce080d12232e20a5
                                                                                                                                                • Opcode Fuzzy Hash: af3de5b8d2b64f4e5c7f4f0a3214b5d56641974e318f358550b352aa2eb9beca
                                                                                                                                                • Instruction Fuzzy Hash: 93F06D34E00308AFCB54EFA4E944B5DBBF4FB44708F1082A9D808AB398E7705940CF80
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 0235BC80 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.370332598.0000000002350000.00000040.00000800.00020000.00000000.sdmp, Offset: 02350000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_2350000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 7bd61b22033099c3c6e6ba1f8e990bd8555a75bf32f647aee7495cf7bca9c690
                                                                                                                                                • Instruction ID: 8fd9a67b4838c1979d805cd178fddc3379808b41dfa7bf56996856f0cb3df70e
                                                                                                                                                • Opcode Fuzzy Hash: 7bd61b22033099c3c6e6ba1f8e990bd8555a75bf32f647aee7495cf7bca9c690
                                                                                                                                                • Instruction Fuzzy Hash: D2E02B76D0D3504FC305C7B468660ED3FA2C94512470140DBC10CCB652E9601A0343D6
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 06EFB018 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.379911454.0000000006EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_6ef0000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 4b9a0aa40ef9a6bf16c055e8a7ccaab8d2df1982e6861e399df051fcfc0ac198
                                                                                                                                                • Instruction ID: 5a7632bd44f31d19b78be2b047b5af5f29edfe23edf83230abf63d1ccf2e0c2c
                                                                                                                                                • Opcode Fuzzy Hash: 4b9a0aa40ef9a6bf16c055e8a7ccaab8d2df1982e6861e399df051fcfc0ac198
                                                                                                                                                • Instruction Fuzzy Hash: 2AE08C36300600AFC3148A0EEC88D46FBEDFFC8630B10802AFA09C7320CA30AC01C6A4
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 02358702 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.370332598.0000000002350000.00000040.00000800.00020000.00000000.sdmp, Offset: 02350000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_2350000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 5dff0170f24e8c17046a69092d5bce31e212daf136f163ac37eff419b8a1a4b9
                                                                                                                                                • Instruction ID: bdc16db45b996db4c3c6d418a02b738e46d327b833f18c907e4a08b8e348aa97
                                                                                                                                                • Opcode Fuzzy Hash: 5dff0170f24e8c17046a69092d5bce31e212daf136f163ac37eff419b8a1a4b9
                                                                                                                                                • Instruction Fuzzy Hash: 91E02666B0E2E00FC3124338B8790F42FA1DBC6209349C9EBD2C5D3763C5205807CB80
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 0235BAAA Relevance: .0, Instructions: 22COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.370332598.0000000002350000.00000040.00000800.00020000.00000000.sdmp, Offset: 02350000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_2350000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 0ce252c02f3f7c79ceefbb5fe07df9446a56bc4ceadd98e0838ada1218b232f2
                                                                                                                                                • Instruction ID: 24e6544703fc9a718f6ba6d3419c98400f3313ce162e0c5002fb0007607f7e90
                                                                                                                                                • Opcode Fuzzy Hash: 0ce252c02f3f7c79ceefbb5fe07df9446a56bc4ceadd98e0838ada1218b232f2
                                                                                                                                                • Instruction Fuzzy Hash: 09E0C275B1A2908FD711DB78EA5A5987FB0DF0621931540F7E44DCB662DA30CD1BC741
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 02351ED1 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.370332598.0000000002350000.00000040.00000800.00020000.00000000.sdmp, Offset: 02350000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_2350000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 3607b7745db171c077e4b484e50764f1cee3aafe44e8238c1e173355158f4895
                                                                                                                                                • Instruction ID: d2ed8e08656d636d0b15ef91ff39db011649d62759060f6a5fff021ed4feac70
                                                                                                                                                • Opcode Fuzzy Hash: 3607b7745db171c077e4b484e50764f1cee3aafe44e8238c1e173355158f4895
                                                                                                                                                • Instruction Fuzzy Hash: 74E086302092504FC725D778D9519A5BBE5AFCB71830841EFD94EC7352CB229C02C751
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 04E39238 Relevance: .0, Instructions: 21COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.376712687.0000000004E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E30000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_4e30000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 2bece028ca954e8061383edf9789bf11e436ba57d3461f921957bbfe6e2bd418
                                                                                                                                                • Instruction ID: af05fa229b2ed16fe5f1f741be77ea0ca03261eec1ebb2daac2aadebd4cceb52
                                                                                                                                                • Opcode Fuzzy Hash: 2bece028ca954e8061383edf9789bf11e436ba57d3461f921957bbfe6e2bd418
                                                                                                                                                • Instruction Fuzzy Hash: B5E0D83150A69A8BC726AA29B51C5E57F70AF02206B0848DEE485479A2D7647528D781
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 02350480 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.370332598.0000000002350000.00000040.00000800.00020000.00000000.sdmp, Offset: 02350000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_2350000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 20b2cb80a5a16184dba5ed6c4d2084cfc5c16adefbf3761445c1a9bfa577f79c
                                                                                                                                                • Instruction ID: 6a43689f5d4f2c9936aa4549b992ad61cc0b8733dd60727a4fef426be3458688
                                                                                                                                                • Opcode Fuzzy Hash: 20b2cb80a5a16184dba5ed6c4d2084cfc5c16adefbf3761445c1a9bfa577f79c
                                                                                                                                                • Instruction Fuzzy Hash: C4E04F34A15108EFCB24EFA4EA4465D7BF8FB44308F0049AAD409A3321DB312A049B50
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 0235C8B0 Relevance: .0, Instructions: 19COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.370332598.0000000002350000.00000040.00000800.00020000.00000000.sdmp, Offset: 02350000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_2350000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: c9118433dd48b3981ac73b58359a585022392ec4516ff12c63a76614c7220f51
                                                                                                                                                • Instruction ID: e73b9c332baff8d25ffb5079e93d72c9475d62b9e10efa9377735334bbb33185
                                                                                                                                                • Opcode Fuzzy Hash: c9118433dd48b3981ac73b58359a585022392ec4516ff12c63a76614c7220f51
                                                                                                                                                • Instruction Fuzzy Hash: 0CE0D830A07A444FDB59DB28C2656057B91EF4130CF04C8AEC441DB14AD734D946C722
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 023570E0 Relevance: .0, Instructions: 19COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.370332598.0000000002350000.00000040.00000800.00020000.00000000.sdmp, Offset: 02350000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_2350000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 4aaf76a905a559cbd7f977372695314c566948b23ca193e461cd73d4a804d541
                                                                                                                                                • Instruction ID: d2ab3848922baafc754fc6dba8626a3c0cf7ab08658c7608899dbaff0cfc1508
                                                                                                                                                • Opcode Fuzzy Hash: 4aaf76a905a559cbd7f977372695314c566948b23ca193e461cd73d4a804d541
                                                                                                                                                • Instruction Fuzzy Hash: CBE08C303069068FFB41F710F608E7937E2F780308B410EA9EA01AF199C7306D9AC780
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 06EFBB7A Relevance: .0, Instructions: 19COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.379911454.0000000006EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_6ef0000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 8d6b048fc3fea0f001071503c0b5aa22844b9113214ccca0d823e90e942540bf
                                                                                                                                                • Instruction ID: 4d875fec7ef9646901d9e8205c85e8a14c5b2541ce6e538096c279f25ce34e24
                                                                                                                                                • Opcode Fuzzy Hash: 8d6b048fc3fea0f001071503c0b5aa22844b9113214ccca0d823e90e942540bf
                                                                                                                                                • Instruction Fuzzy Hash: 3BE092B19442458FD750CF68CA84B8A7FF0AF04224F28C995C164DB3A6D73981018B40
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 06EFBB88 Relevance: .0, Instructions: 18COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.379911454.0000000006EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_6ef0000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 0b29a999213b28209072ef0aaa33cbc8815418feaa57d3937567379363863438
                                                                                                                                                • Instruction ID: 571eea9bd90fbed2781df24b6a30ac4aa81ec346cbf1fb6a3f739075819140b5
                                                                                                                                                • Opcode Fuzzy Hash: 0b29a999213b28209072ef0aaa33cbc8815418feaa57d3937567379363863438
                                                                                                                                                • Instruction Fuzzy Hash: 17E046B0D00209DFDB80EFB9C988A9EBBF0BF08200F10C8A9C118E7315E77086008F80
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 04E36E70 Relevance: .0, Instructions: 18COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.376712687.0000000004E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E30000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_4e30000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 69508e872b808cca11cb3293593cf291745acb47fad00f530ca07a355ed9679b
                                                                                                                                                • Instruction ID: acd75899b60ae73834eb924206f9eb226bdf157887a108ba0739302ff8ffdec5
                                                                                                                                                • Opcode Fuzzy Hash: 69508e872b808cca11cb3293593cf291745acb47fad00f530ca07a355ed9679b
                                                                                                                                                • Instruction Fuzzy Hash: 5BE0C2606082498BEB321FB1D4640993BB0DF8E34671A20DAC2808A151EF28A128C613
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 04E3B7B9 Relevance: .0, Instructions: 17COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.376712687.0000000004E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E30000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_4e30000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 03c923d43fadd7fc6d4e453d21f20cc7822115dfb3c576dffb3f67653d2e2f1e
                                                                                                                                                • Instruction ID: 753de4a686ea980cc47b337621cb2b185f4f2824254afd2e4043db136b362f05
                                                                                                                                                • Opcode Fuzzy Hash: 03c923d43fadd7fc6d4e453d21f20cc7822115dfb3c576dffb3f67653d2e2f1e
                                                                                                                                                • Instruction Fuzzy Hash: B7D05E73401229ABC2419B84EC45FA57B98FF51B55F0C5115EA0187352C729F940CBD0
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 0235BC90 Relevance: .0, Instructions: 16COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.370332598.0000000002350000.00000040.00000800.00020000.00000000.sdmp, Offset: 02350000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_2350000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 1fceaf964177e4b15e0c68382ba11afdaeec0f9a713dbb3abedca939a4857f96
                                                                                                                                                • Instruction ID: 7945c2130f63d71bf416d78d3a5295ffef9d1ace1a1f76cad07c631eeb8e9360
                                                                                                                                                • Opcode Fuzzy Hash: 1fceaf964177e4b15e0c68382ba11afdaeec0f9a713dbb3abedca939a4857f96
                                                                                                                                                • Instruction Fuzzy Hash: F7D012366043286B4744EBE9A4645DE7BADCA88174B01406AD60DDB640EEB1294042EA
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 04E37A68 Relevance: .0, Instructions: 16COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.376712687.0000000004E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E30000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_4e30000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 4a38601be69e5becfb30b482d831053433ea832b07d4724791a2e679494b8e69
                                                                                                                                                • Instruction ID: 4fcf59296a464d58c4e897b2f22ef4258848323b34f08d241b170eb4f246f84c
                                                                                                                                                • Opcode Fuzzy Hash: 4a38601be69e5becfb30b482d831053433ea832b07d4724791a2e679494b8e69
                                                                                                                                                • Instruction Fuzzy Hash: 45D0A7343011108FC3049B1CD404D9677E9EB48611B0040AAF905C7360CAB1EC0187C0
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 02350448 Relevance: .0, Instructions: 14COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.370332598.0000000002350000.00000040.00000800.00020000.00000000.sdmp, Offset: 02350000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_2350000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: b1ed6cc23d290d4e60841e19d8aceb4632e08c455b1015e5612c2a9464988ae3
                                                                                                                                                • Instruction ID: b1e63b29a68d250d839faf48d1f692eae4f9ff8d92f586c94cd8bdc4ed5e5b37
                                                                                                                                                • Opcode Fuzzy Hash: b1ed6cc23d290d4e60841e19d8aceb4632e08c455b1015e5612c2a9464988ae3
                                                                                                                                                • Instruction Fuzzy Hash: D7C012704162089FC6249F94F808B29776CF71730AF00155A990852110DB7145489965
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 06EFBC80 Relevance: .0, Instructions: 14COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.379911454.0000000006EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_6ef0000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: d5dfd56f7d24d14573ea1ce7c14af6be02fe19639f7beebfe7ae0b668f43e818
                                                                                                                                                • Instruction ID: c3b6fa343c5f63248d9a7e71e20930db1388291f45c8f803e5b0445827013ee7
                                                                                                                                                • Opcode Fuzzy Hash: d5dfd56f7d24d14573ea1ce7c14af6be02fe19639f7beebfe7ae0b668f43e818
                                                                                                                                                • Instruction Fuzzy Hash: 97D0C9322302089F9B81EBA4E881C567BDCAB64700740C472E6488E020EA21E428DB91
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 04E3D587 Relevance: .0, Instructions: 14COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.376712687.0000000004E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E30000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_4e30000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 229847851e5905b16a5aa7b5ca640498eb2abb8e82251b7e3eb7772ad51ae1f5
                                                                                                                                                • Instruction ID: dbda75632a3751e7a41d31d10b7001f4fccfdd33e48aaa202e9de72811b59cd9
                                                                                                                                                • Opcode Fuzzy Hash: 229847851e5905b16a5aa7b5ca640498eb2abb8e82251b7e3eb7772ad51ae1f5
                                                                                                                                                • Instruction Fuzzy Hash: BBD0C930214106CFC749FF24D4989D9F3E5FF84609B044A6DD08ACB254EF70E94ADB81
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 0235BC60 Relevance: .0, Instructions: 10COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.370332598.0000000002350000.00000040.00000800.00020000.00000000.sdmp, Offset: 02350000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_2350000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 085f72aa5d320d745cce36bf86b5dc492309e58e478b10d4aacf7435d25c6fba
                                                                                                                                                • Instruction ID: ee7b8463d896ffa0bbbdb186688e869ecdff0ec089df4373dc66b0ed30318e92
                                                                                                                                                • Opcode Fuzzy Hash: 085f72aa5d320d745cce36bf86b5dc492309e58e478b10d4aacf7435d25c6fba
                                                                                                                                                • Instruction Fuzzy Hash: C2C09B9546F6854FEB4353305C6B0887F30D911201B7544D6E0D39285398488447C753
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 04E366B0 Relevance: .0, Instructions: 8COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.376712687.0000000004E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E30000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_4e30000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 4344e190d2b3dae6be528793d7c8b8f6ee41afaff7246bf789b34228ea9bd47e
                                                                                                                                                • Instruction ID: e1faa3aa4ee12ba59face164e052cad0f60caf8c6631ac9c9eef3c5e8ea61263
                                                                                                                                                • Opcode Fuzzy Hash: 4344e190d2b3dae6be528793d7c8b8f6ee41afaff7246bf789b34228ea9bd47e
                                                                                                                                                • Instruction Fuzzy Hash: 8DC04C8550E7C41FF703023148503986F605853064B4E06D281D1DA1A3A155594A9F11
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Non-executed Functions

                                                                                                                                                Function 06EF0040 Relevance: 2.8, Strings: 2, Instructions: 332COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.379911454.0000000006EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_6ef0000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: 8^ql$8^ql
                                                                                                                                                • API String ID: 0-330939610
                                                                                                                                                • Opcode ID: 06add2a14aab59f6da8c95d2a0003fd424e1c686cec7d65df94b884b2ce9f6b3
                                                                                                                                                • Instruction ID: 237ce7b010e75d25e011fab8aad3c8e1ef9ce11f08ea93d406464acf11906580
                                                                                                                                                • Opcode Fuzzy Hash: 06add2a14aab59f6da8c95d2a0003fd424e1c686cec7d65df94b884b2ce9f6b3
                                                                                                                                                • Instruction Fuzzy Hash: 73F1F470A01228CFDB68DF64C954BDDBBB2BF89304F1081A9C509AB395DB359E85CF51
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 06EF0680 Relevance: 1.8, Strings: 1, Instructions: 525COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Strings
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.379911454.0000000006EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_6ef0000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID: 8^ql
                                                                                                                                                • API String ID: 0-14248236
                                                                                                                                                • Opcode ID: 043e9b175f0de4eb9473ab3317fe32a59265aef0c723f23e44148c965e991dc6
                                                                                                                                                • Instruction ID: c5f123ad89f7bb059e34f3464249436a6ec834c24000ba6ea5bfa7fb9f948824
                                                                                                                                                • Opcode Fuzzy Hash: 043e9b175f0de4eb9473ab3317fe32a59265aef0c723f23e44148c965e991dc6
                                                                                                                                                • Instruction Fuzzy Hash: 7742DF74E05228CFDB64DF64C954BEEBBB2AB89304F1090E9D50AAB391DB355E85CF40
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 06EFD1E0 Relevance: .7, Instructions: 657COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.379911454.0000000006EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_6ef0000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: adc1a4d5fbc09a5eed1aa4bcea59aa8bd527d5d029b9c2dc8e6285b461689cba
                                                                                                                                                • Instruction ID: 626080bb5de28bb9476d22ee21f54ce91d4f451f1cdccc056b472451a590c7ce
                                                                                                                                                • Opcode Fuzzy Hash: adc1a4d5fbc09a5eed1aa4bcea59aa8bd527d5d029b9c2dc8e6285b461689cba
                                                                                                                                                • Instruction Fuzzy Hash: 96629E74A052288FDB64DF64C994BEDBBB2BF89304F1091EAD509AB351DB319E85CF40
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 06EF1990 Relevance: .5, Instructions: 496COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.379911454.0000000006EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_6ef0000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 2485e5497a47078345d104d77500932d8bcaefc04e90454adc43f0d9b9d40d13
                                                                                                                                                • Instruction ID: 66121e391fd77707abe0ffee196ba831c1ee30df7626425c3c21ed0466dcc692
                                                                                                                                                • Opcode Fuzzy Hash: 2485e5497a47078345d104d77500932d8bcaefc04e90454adc43f0d9b9d40d13
                                                                                                                                                • Instruction Fuzzy Hash: CF32D170E05228CFDB68DF64C854BDEB7B2AF89304F1091E9C109AB295DB359E85CF91
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 04E353B0 Relevance: .4, Instructions: 425COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.376712687.0000000004E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E30000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_4e30000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: a882317a63cec4c33941f5943654c27de61ad14ecf1e4e82aa8e0f5240f8531e
                                                                                                                                                • Instruction ID: be1ee685e5e6100fad49b9607ade3d50006b3cef70dcc1417b6c62f6dab3adbc
                                                                                                                                                • Opcode Fuzzy Hash: a882317a63cec4c33941f5943654c27de61ad14ecf1e4e82aa8e0f5240f8531e
                                                                                                                                                • Instruction Fuzzy Hash: BAE17E303006159FD718DF79C494A6AB7AAEFC8319F118568D60ACBBA1DF34EC42CB91
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 06EF12F0 Relevance: .3, Instructions: 286COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.379911454.0000000006EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_6ef0000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 2f2942f31fd9bf2c770f82b297b8e2028d8e0466a682b9526e0629995e5c9889
                                                                                                                                                • Instruction ID: f2473e8680ecd33dbc7ba5c0d5b192cf351bf388d375dd1bfc273bc46b8291e0
                                                                                                                                                • Opcode Fuzzy Hash: 2f2942f31fd9bf2c770f82b297b8e2028d8e0466a682b9526e0629995e5c9889
                                                                                                                                                • Instruction Fuzzy Hash: 8CD1CE74E01218CFDB64DFA5C994B9DBBB2BF89304F1090AAD409A7395DB355D85CF10
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 06EF9918 Relevance: .3, Instructions: 268COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.379911454.0000000006EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_6ef0000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 636cdd22acff088aff11a4203911ae75ea8c54e3fac0b34ad5f2244b46c756f9
                                                                                                                                                • Instruction ID: 6f3d2340ce6ef2aca457956bc3ea82e6ac7a8b3cadfc8fe3b80d279891bcfb11
                                                                                                                                                • Opcode Fuzzy Hash: 636cdd22acff088aff11a4203911ae75ea8c54e3fac0b34ad5f2244b46c756f9
                                                                                                                                                • Instruction Fuzzy Hash: 26D1FA31D2065A8ACB04EB64D994ADDB7B1FFD6300F508B9AE1097B225EF706AD4CF41
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 06EF9928 Relevance: .3, Instructions: 264COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.379911454.0000000006EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_6ef0000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 99a3ef7c75da4d378eff376e29ad09955751dfd395d55fb9bd2165edee47edb9
                                                                                                                                                • Instruction ID: 9ef7b64de8d6e0016c5a425cffee63fc6d303029e86ad0d941a82f038cd33419
                                                                                                                                                • Opcode Fuzzy Hash: 99a3ef7c75da4d378eff376e29ad09955751dfd395d55fb9bd2165edee47edb9
                                                                                                                                                • Instruction Fuzzy Hash: 13D1E931D2065A8ACB04EB64D994ADDB7B1FFD6300F508B9AE1097B225EF706AD4CF41
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 06EF3078 Relevance: .2, Instructions: 247COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.379911454.0000000006EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_6ef0000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 8b4630aae964524c776b679821cf5927b4014d1922c87191cfdb4b716127e29d
                                                                                                                                                • Instruction ID: 597d89531114c1908695f90dd969cf62c9c5d83c1189e2fd397969295578fa61
                                                                                                                                                • Opcode Fuzzy Hash: 8b4630aae964524c776b679821cf5927b4014d1922c87191cfdb4b716127e29d
                                                                                                                                                • Instruction Fuzzy Hash: 9DB1E474E01218CFDB68DFA4C894ADDBBB2BF89304F6090A9C109AB355DB359D85CF41
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 06EF0006 Relevance: .2, Instructions: 245COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.379911454.0000000006EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_6ef0000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 89d42d8a96d2b2215f295396b7bff7072238608200a3ccede287c4dd1311e2ff
                                                                                                                                                • Instruction ID: 743bc8809c3d35cd34e42cafd347cd579b6f073137ab63eba1c3e42bac5b17e3
                                                                                                                                                • Opcode Fuzzy Hash: 89d42d8a96d2b2215f295396b7bff7072238608200a3ccede287c4dd1311e2ff
                                                                                                                                                • Instruction Fuzzy Hash: C4B11630E052688FDB24DFA4C854BDEBBB2BF89304F1081AAD509AB395DB355E85CF51
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 06EF3D6F Relevance: .2, Instructions: 227COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.379911454.0000000006EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_6ef0000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: a312686016fc0b266568d9f98965a35c18ed4bc78844368ab870b6b3d7fb166b
                                                                                                                                                • Instruction ID: c719f77d0718d3a34a2b05786029fc643d204ae23324f6b6bacdc8c912ab01b5
                                                                                                                                                • Opcode Fuzzy Hash: a312686016fc0b266568d9f98965a35c18ed4bc78844368ab870b6b3d7fb166b
                                                                                                                                                • Instruction Fuzzy Hash: 4681DC31A24308DFCB45DFA9D850ADEBBB5EF89300F00912AE215EB291EB319955CF91
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 06EF24C8 Relevance: .2, Instructions: 203COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.379911454.0000000006EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_6ef0000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: c297fc7ceec61fa693724d5ab33005a669ad175c069f1e60396cb79ed60403e7
                                                                                                                                                • Instruction ID: 7a24f37770efd90b068eaecbe9533cd9aa782e78598e817c18514274ebc5eacd
                                                                                                                                                • Opcode Fuzzy Hash: c297fc7ceec61fa693724d5ab33005a669ad175c069f1e60396cb79ed60403e7
                                                                                                                                                • Instruction Fuzzy Hash: EA91E374E11218CFDB58DFA5D484ADCBBB2FF89305F208069E509AB354DB359982CF00
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 06EF1982 Relevance: .1, Instructions: 147COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.379911454.0000000006EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_6ef0000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: bb0c458ba7a073b2a9494d0db2df035fe4f2c39e50fbc8984ffb6471db26c76c
                                                                                                                                                • Instruction ID: 68656313f764f16dc77d17a1bc795abfb765e31aca4842efc78bcc3709cd3755
                                                                                                                                                • Opcode Fuzzy Hash: bb0c458ba7a073b2a9494d0db2df035fe4f2c39e50fbc8984ffb6471db26c76c
                                                                                                                                                • Instruction Fuzzy Hash: 71511270E052188FDB18DF65C991BDEBBB2BF89304F1091A9C509AB2A1DB309E85CF41
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 06EFBE6A Relevance: .1, Instructions: 132COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.379911454.0000000006EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_6ef0000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 5bc370ed880f296a53877b291c9e9354ee0aa814847c03e33859a0e0c56ad2b5
                                                                                                                                                • Instruction ID: 0abb5bc95c5ea061b490618f252cc42c04d81d88fac9e9f51d6088fcb615bec3
                                                                                                                                                • Opcode Fuzzy Hash: 5bc370ed880f296a53877b291c9e9354ee0aa814847c03e33859a0e0c56ad2b5
                                                                                                                                                • Instruction Fuzzy Hash: 9E51D174E0120CCFCB18DFA5D994AEEBBB2AF89304F20912AD515BB354DB345946CF41
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 06EFBE78 Relevance: .1, Instructions: 128COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.379911454.0000000006EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_6ef0000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 6c1d66cee5a9184e3a87733ad95c6db1830e417b456e06344b1edcb9488078e4
                                                                                                                                                • Instruction ID: 6b479c3de0aaa58181876cf2be85cd15034594771eba99d4308939b3d7fd249f
                                                                                                                                                • Opcode Fuzzy Hash: 6c1d66cee5a9184e3a87733ad95c6db1830e417b456e06344b1edcb9488078e4
                                                                                                                                                • Instruction Fuzzy Hash: 7B51C074E0120CDFCB18DFE9D954AEEBBB2AF89304F20912AD519AB394DB345946CF41
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 06EF12E2 Relevance: .1, Instructions: 79COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.379911454.0000000006EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_6ef0000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 53a831245dece0c9ccd11d293b8e9e74828f2a9af0a6f720300e96e23fcdddf8
                                                                                                                                                • Instruction ID: 77b60a09b81f0bbef63293027435d8cf362ce5ec121e42eb2062397413b95511
                                                                                                                                                • Opcode Fuzzy Hash: 53a831245dece0c9ccd11d293b8e9e74828f2a9af0a6f720300e96e23fcdddf8
                                                                                                                                                • Instruction Fuzzy Hash: A831E270D01208CBEB18CFAAD9546DEBAB6BFC9304F14D02AD509BB2A4EB741905CB40
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                Function 06EF0F68 Relevance: .0, Instructions: 25COMMON
                                                                                                                                                Download Yara Rule
                                                                                                                                                Memory Dump Source
                                                                                                                                                • Source File: 00000000.00000002.379911454.0000000006EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EF0000, based on PE: false
                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                • Snapshot File: hcaresult_0_2_6ef0000_t1hz2L221F.jbxd
                                                                                                                                                Similarity
                                                                                                                                                • API ID:
                                                                                                                                                • String ID:
                                                                                                                                                • API String ID:
                                                                                                                                                • Opcode ID: 1a7725779b110d8ca934de4452a6d3ffe94008605382e3371e1be3155ea52ea1
                                                                                                                                                • Instruction ID: d50a67f75d1165f97e72a296a1e7fd318aacf7cc9b524db0a811ea5a97677893
                                                                                                                                                • Opcode Fuzzy Hash: 1a7725779b110d8ca934de4452a6d3ffe94008605382e3371e1be3155ea52ea1
                                                                                                                                                • Instruction Fuzzy Hash: 77E09270C6230ACFE7A0CFA0C5317FEFAB06B41208F206409C50177652CB7886448FA9
                                                                                                                                                Uniqueness

                                                                                                                                                Uniqueness Score: -1.00%