Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe

Overview

General Information

Sample name:SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe
Analysis ID:1466065
MD5:176e08f8643cf5353e64a695d9a905a4
SHA1:c7c25b4700237c03f1d35ee203309c126654da59
SHA256:d19b5a1575fa5271b9888b4cfeaefa97501a6937a9a97bef8adeaf85a619ed6e
Tags:exe
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected AntiVM3
Yara detected FormBook
.NET source code contains potential unpacker
.NET source code contains very large array initializations
AI detected suspicious sample
Adds a directory exclusion to Windows Defender
Injects a PE file into a foreign processes
Loading BitLocker PowerShell Module
Machine Learning detection for sample
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
AV process strings found (often used to terminate AV products)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: Powershell Defender Exclusion
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe (PID: 3868 cmdline: "C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe" MD5: 176E08F8643CF5353E64A695D9A905A4)
    • powershell.exe (PID: 7204 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 7212 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • WmiPrvSE.exe (PID: 7376 cmdline: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding MD5: 60FF40CFD7FB8FE41EE4FE9AE5FE1C51)
    • SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe (PID: 7256 cmdline: "C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe" MD5: 176E08F8643CF5353E64A695D9A905A4)
      • WerFault.exe (PID: 7832 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 7256 -s 200 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000006.00000002.2042434401.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000006.00000002.2042434401.0000000000400000.00000040.00000400.00020000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x2db33:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0x17242:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    Process Memory Space: SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe PID: 3868JoeSecurity_AntiVM_3Yara detected AntiVM_3Joe Security

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      6.2.SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        6.2.SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe.400000.0.unpackWindows_Trojan_Formbook_1112e116unknownunknown
        • 0x2cd33:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
        • 0x16442:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
        6.2.SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          6.2.SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe.400000.0.raw.unpackWindows_Trojan_Formbook_1112e116unknownunknown
          • 0x2db33:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
          • 0x17242:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01

          Sigma Signatures

          System Summary

          barindex
          Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
          Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe", ParentImage: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe, ParentProcessId: 3868, ParentProcessName: SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe", ProcessId: 7204, ProcessName: powershell.exe
          Sigma detected: Powershell Defender Exclusion
          Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe", ParentImage: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe, ParentProcessId: 3868, ParentProcessName: SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe", ProcessId: 7204, ProcessName: powershell.exe
          Sigma detected: Non Interactive PowerShell Process Spawned
          Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe", ParentImage: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe, ParentProcessId: 3868, ParentProcessName: SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe", ProcessId: 7204, ProcessName: powershell.exe

          Snort Signatures

          No Snort rule has matched

          Joe Sandbox Signatures

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Multi AV Scanner detection for submitted file
          Source: SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeReversingLabs: Detection: 44%
          Yara detected FormBook
          Source: Yara matchFile source: 6.2.SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 6.2.SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000006.00000002.2042434401.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          AI detected suspicious sample
          Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
          Machine Learning detection for sample
          Source: SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeJoe Sandbox ML: detected
          Source: SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
          Source: SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
          Source: Binary string: wntdll.pdbUGP source: SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe, 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp
          Source: Binary string: wntdll.pdb source: SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe, SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe, 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp
          Source: SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe, 00000000.00000002.1717249092.0000000002C45000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
          Source: Amcache.hve.13.drString found in binary or memory: http://upx.sf.net
          Source: SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe, 00000000.00000002.1727764167.0000000006EB2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
          Source: SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe, 00000000.00000002.1727764167.0000000006EB2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
          Source: SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe, 00000000.00000002.1727764167.0000000006EB2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
          Source: SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe, 00000000.00000002.1727764167.0000000006EB2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
          Source: SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe, 00000000.00000002.1727764167.0000000006EB2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
          Source: SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe, 00000000.00000002.1727764167.0000000006EB2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
          Source: SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe, 00000000.00000002.1727764167.0000000006EB2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
          Source: SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe, 00000000.00000002.1727764167.0000000006EB2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
          Source: SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe, 00000000.00000002.1727764167.0000000006EB2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
          Source: SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe, 00000000.00000002.1727764167.0000000006EB2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
          Source: SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe, 00000000.00000002.1727764167.0000000006EB2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
          Source: SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe, 00000000.00000002.1727764167.0000000006EB2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
          Source: SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe, 00000000.00000002.1727764167.0000000006EB2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
          Source: SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe, 00000000.00000002.1727764167.0000000006EB2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
          Source: SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe, 00000000.00000002.1727764167.0000000006EB2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
          Source: SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe, 00000000.00000002.1727764167.0000000006EB2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
          Source: SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe, 00000000.00000002.1727764167.0000000006EB2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.kr
          Source: SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe, 00000000.00000002.1727764167.0000000006EB2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
          Source: SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe, 00000000.00000002.1727764167.0000000006EB2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
          Source: SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe, 00000000.00000002.1727764167.0000000006EB2000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe, 00000000.00000002.1727492324.0000000005DE0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
          Source: SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe, 00000000.00000002.1727764167.0000000006EB2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr
          Source: SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe, 00000000.00000002.1727764167.0000000006EB2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
          Source: SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe, 00000000.00000002.1727764167.0000000006EB2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
          Source: SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe, 00000000.00000002.1727764167.0000000006EB2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
          Source: SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe, 00000000.00000002.1727764167.0000000006EB2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn

          E-Banking Fraud

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 6.2.SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 6.2.SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000006.00000002.2042434401.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY

          System Summary

          barindex
          Malicious sample detected (through community Yara rule)
          Source: 6.2.SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 6.2.SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000006.00000002.2042434401.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          .NET source code contains very large array initializations
          Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe.7490000.4.raw.unpack, -Module-.csLarge array initialization: _200D_200D_202B_206F_206A_206B_202B_200B_200D_206D_200C_206B_206A_200B_202E_200C_200E_202A_200E_206D_206F_202D_206F_206D_206C_200F_206A_202D_206C_202B_206A_206F_202A_206A_200E_200F_200B_200F_202E_202D_202E: array initializer size 3088
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0042B043 NtClose,6_2_0042B043
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01252DF0 NtQuerySystemInformation,LdrInitializeThunk,6_2_01252DF0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01254340 NtSetContextThread,6_2_01254340
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01254650 NtSuspendThread,6_2_01254650
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01252B60 NtClose,6_2_01252B60
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01252BA0 NtEnumerateValueKey,6_2_01252BA0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01252B80 NtQueryInformationFile,6_2_01252B80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01252BE0 NtQueryValueKey,6_2_01252BE0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01252BF0 NtAllocateVirtualMemory,6_2_01252BF0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01252AB0 NtWaitForSingleObject,6_2_01252AB0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01252AF0 NtWriteFile,6_2_01252AF0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01252AD0 NtReadFile,6_2_01252AD0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01252D30 NtUnmapViewOfSection,6_2_01252D30
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01252D00 NtSetInformationFile,6_2_01252D00
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01252D10 NtMapViewOfSection,6_2_01252D10
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01252DB0 NtEnumerateKey,6_2_01252DB0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01252DD0 NtDelayExecution,6_2_01252DD0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01252C00 NtQueryInformationProcess,6_2_01252C00
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01252C60 NtCreateKey,6_2_01252C60
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01252C70 NtFreeVirtualMemory,6_2_01252C70
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01252CA0 NtQueryInformationToken,6_2_01252CA0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01252CF0 NtOpenProcess,6_2_01252CF0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01252CC0 NtQueryVirtualMemory,6_2_01252CC0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01252F30 NtCreateSection,6_2_01252F30
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01252F60 NtCreateProcessEx,6_2_01252F60
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01252FA0 NtQuerySection,6_2_01252FA0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01252FB0 NtResumeThread,6_2_01252FB0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01252F90 NtProtectVirtualMemory,6_2_01252F90
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01252FE0 NtCreateFile,6_2_01252FE0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01252E30 NtWriteVirtualMemory,6_2_01252E30
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01252EA0 NtAdjustPrivilegesToken,6_2_01252EA0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01252E80 NtReadVirtualMemory,6_2_01252E80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01252EE0 NtQueueApcThread,6_2_01252EE0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01253010 NtOpenDirectoryObject,6_2_01253010
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01253090 NtSetValueKey,6_2_01253090
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012535C0 NtCreateMutant,6_2_012535C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012539B0 NtGetContextThread,6_2_012539B0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01253D10 NtOpenProcessToken,6_2_01253D10
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01253D70 NtOpenThread,6_2_01253D70
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 0_2_02A5D4FC0_2_02A5D4FC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 0_2_051570F00_2_051570F0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 0_2_051500060_2_05150006
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 0_2_051500400_2_05150040
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 0_2_075618600_2_07561860
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 0_2_0756477F0_2_0756477F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 0_2_075647880_2_07564788
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 0_2_07565EC00_2_07565EC0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 0_2_07565EB00_2_07565EB0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 0_2_075643500_2_07564350
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 0_2_075643380_2_07564338
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 0_2_0756AA380_2_0756AA38
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 0_2_07565A880_2_07565A88
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 0_2_075618500_2_07561850
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 0_2_075668700_2_07566870
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_004011606_2_00401160
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_004019746_2_00401974
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0040212A6_2_0040212A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_004021306_2_00402130
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_004019806_2_00401980
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_00402ADC6_2_00402ADC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_00402AE06_2_00402AE0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0042D4236_2_0042D423
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0040FCEA6_2_0040FCEA
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0040FCF36_2_0040FCF3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_004025106_2_00402510
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_004165B36_2_004165B3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0040FF136_2_0040FF13
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_00402FE06_2_00402FE0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0040DF936_2_0040DF93
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012101006_2_01210100
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012BA1186_2_012BA118
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012A81586_2_012A8158
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012E01AA6_2_012E01AA
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012D41A26_2_012D41A2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012D81CC6_2_012D81CC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012B20006_2_012B2000
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012DA3526_2_012DA352
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012E03E66_2_012E03E6
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0122E3F06_2_0122E3F0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012C02746_2_012C0274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012A02C06_2_012A02C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012205356_2_01220535
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012E05916_2_012E0591
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012C44206_2_012C4420
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012D24466_2_012D2446
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012CE4F66_2_012CE4F6
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012207706_2_01220770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012447506_2_01244750
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0121C7C06_2_0121C7C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0123C6E06_2_0123C6E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012369626_2_01236962
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012229A06_2_012229A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012EA9A66_2_012EA9A6
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012228406_2_01222840
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0122A8406_2_0122A840
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012068B86_2_012068B8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0124E8F06_2_0124E8F0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012DAB406_2_012DAB40
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012D6BD76_2_012D6BD7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0121EA806_2_0121EA80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0122AD006_2_0122AD00
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012BCD1F6_2_012BCD1F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01238DBF6_2_01238DBF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0121ADE06_2_0121ADE0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01220C006_2_01220C00
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012C0CB56_2_012C0CB5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01210CF26_2_01210CF2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01262F286_2_01262F28
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01240F306_2_01240F30
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012C2F306_2_012C2F30
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01294F406_2_01294F40
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0129EFA06_2_0129EFA0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01212FC86_2_01212FC8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012DEE266_2_012DEE26
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01220E596_2_01220E59
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01232E906_2_01232E90
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012DCE936_2_012DCE93
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012DEEDB6_2_012DEEDB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012EB16B6_2_012EB16B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0125516C6_2_0125516C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0120F1726_2_0120F172
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0122B1B06_2_0122B1B0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012D70E96_2_012D70E9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012DF0E06_2_012DF0E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012CF0CC6_2_012CF0CC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012270C06_2_012270C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012D132D6_2_012D132D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0120D34C6_2_0120D34C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0126739A6_2_0126739A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012252A06_2_012252A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012C12ED6_2_012C12ED
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0123B2C06_2_0123B2C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012D75716_2_012D7571
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012BD5B06_2_012BD5B0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012E95C36_2_012E95C3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012DF43F6_2_012DF43F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012114606_2_01211460
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012DF7B06_2_012DF7B0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012656306_2_01265630
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012D16CC6_2_012D16CC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012B59106_2_012B5910
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012299506_2_01229950
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0123B9506_2_0123B950
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0128D8006_2_0128D800
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012238E06_2_012238E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012DFB766_2_012DFB76
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0123FB806_2_0123FB80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01295BF06_2_01295BF0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0125DBF96_2_0125DBF9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01293A6C6_2_01293A6C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012DFA496_2_012DFA49
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012D7A466_2_012D7A46
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01265AA06_2_01265AA0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012BDAAC6_2_012BDAAC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012C1AA36_2_012C1AA3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012CDAC66_2_012CDAC6
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012D7D736_2_012D7D73
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01223D406_2_01223D40
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012D1D5A6_2_012D1D5A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0123FDC06_2_0123FDC0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01299C326_2_01299C32
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012DFCF26_2_012DFCF2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012DFF096_2_012DFF09
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012DFFB16_2_012DFFB1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01221F926_2_01221F92
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_011E3FD56_2_011E3FD5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_011E3FD26_2_011E3FD2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01229EB06_2_01229EB0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: String function: 0129F290 appears 105 times
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: String function: 01267E54 appears 108 times
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: String function: 01255130 appears 58 times
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: String function: 0120B970 appears 265 times
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: String function: 0128EA12 appears 86 times
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7256 -s 200
          Source: SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe, 00000000.00000002.1717698137.000000000456E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe
          Source: SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe, 00000000.00000002.1716472791.0000000000D5E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe
          Source: SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe, 00000000.00000002.1730590366.0000000007490000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameRT.dll. vs SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe
          Source: SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe, 00000006.00000002.2042820303.000000000130D000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe
          Source: SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeBinary or memory string: OriginalFilenameLkvr.exe0 vs SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe
          Source: SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
          Source: 6.2.SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 6.2.SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000006.00000002.2042434401.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe.4817000.2.raw.unpack, ndga1A46pUPoxEYOxN.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
          Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe.47933e0.1.raw.unpack, FX7Cr12UkR2le7xQAU.csSecurity API names: _0020.SetAccessControl
          Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe.47933e0.1.raw.unpack, FX7Cr12UkR2le7xQAU.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
          Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe.47933e0.1.raw.unpack, FX7Cr12UkR2le7xQAU.csSecurity API names: _0020.AddAccessRule
          Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe.4817000.2.raw.unpack, FX7Cr12UkR2le7xQAU.csSecurity API names: _0020.SetAccessControl
          Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe.4817000.2.raw.unpack, FX7Cr12UkR2le7xQAU.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
          Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe.4817000.2.raw.unpack, FX7Cr12UkR2le7xQAU.csSecurity API names: _0020.AddAccessRule
          Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe.47933e0.1.raw.unpack, ndga1A46pUPoxEYOxN.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
          Source: classification engineClassification label: mal100.troj.evad.winEXE@12/11@0/0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe.logJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
          Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7256
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7212:120:WilError_03
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_kwsfdi3j.jtu.ps1Jump to behavior
          Source: SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeReversingLabs: Detection: 44%
          Source: unknownProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe"
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe"
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe"
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe"
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe"
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7256 -s 200
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe"Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe"Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe"Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe"Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeSection loaded: mscoree.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeSection loaded: apphelp.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeSection loaded: version.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeSection loaded: profapi.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeSection loaded: cryptsp.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeSection loaded: rsaenh.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeSection loaded: cryptbase.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeSection loaded: dwrite.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeSection loaded: userenv.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeSection loaded: msasn1.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeSection loaded: gpapi.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeSection loaded: windowscodecs.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeSection loaded: propsys.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeSection loaded: edputil.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeSection loaded: urlmon.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeSection loaded: iertutil.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeSection loaded: srvcli.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeSection loaded: netutils.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeSection loaded: windows.staterepositoryps.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeSection loaded: sspicli.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeSection loaded: wintypes.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeSection loaded: appresolver.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeSection loaded: bcp47langs.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeSection loaded: slc.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeSection loaded: sppc.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeSection loaded: onecorecommonproxystub.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
          Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: fastprox.dllJump to behavior
          Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: ncobjapi.dllJump to behavior
          Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dllJump to behavior
          Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dllJump to behavior
          Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mpclient.dllJump to behavior
          Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: userenv.dllJump to behavior
          Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: version.dllJump to behavior
          Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: msasn1.dllJump to behavior
          Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wmitomi.dllJump to behavior
          Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mi.dllJump to behavior
          Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dllJump to behavior
          Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dllJump to behavior
          Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: gpapi.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
          Source: Window RecorderWindow detected: More than 3 window changes detected
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
          Source: SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
          Source: SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
          Source: Binary string: wntdll.pdbUGP source: SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe, 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp
          Source: Binary string: wntdll.pdb source: SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe, SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe, 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp

          Data Obfuscation

          barindex
          .NET source code contains potential unpacker
          Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe.7490000.4.raw.unpack, -Module-.cs.Net Code: _200D_200D_202B_206F_206A_206B_202B_200B_200D_206D_200C_206B_206A_200B_202E_200C_200E_202A_200E_206D_206F_202D_206F_206D_206C_200F_206A_202D_206C_202B_206A_206F_202A_206A_200E_200F_200B_200F_202E_202D_202E System.Reflection.Assembly.Load(byte[])
          Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe.7490000.4.raw.unpack, PingPong.cs.Net Code: _206E_206D_206E_206E_202E_202E_200C_206A_202D_206E_200C_202B_200F_206E_200B_202E_200E_202A_202D_200E_200E_200E_200E_202B_200E_202C_200C_200B_202C_202D_200C_202A_200B_200C_206D_206B_202B_202A_202E_200C_202E System.Reflection.Assembly.Load(byte[])
          Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe.47933e0.1.raw.unpack, FX7Cr12UkR2le7xQAU.cs.Net Code: vjIbJfRKHM System.Reflection.Assembly.Load(byte[])
          Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe.4817000.2.raw.unpack, FX7Cr12UkR2le7xQAU.cs.Net Code: vjIbJfRKHM System.Reflection.Assembly.Load(byte[])
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 0_2_07567D11 push es; retn 0004h0_2_07567D12
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 0_2_07567D97 push es; retn 0004h0_2_07567D9A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 0_2_075604DC pushad ; ret 0_2_075604DD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 0_2_07567CC8 push es; retn 0004h0_2_07567CCA
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 0_2_0756A221 push ds; retn 0004h0_2_0756A222
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 0_2_0756A1E1 push ds; retn 0004h0_2_0756A1E2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0041893B push esp; ret 6_2_0041894E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_00403250 push eax; ret 6_2_00403252
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0040B2D4 pushad ; iretd 6_2_0040B2DC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0040CB57 push esi; ret 6_2_0040CB58
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0040750C push 4EACA0F1h; retf 6_2_00407511
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0040165A push eax; iretd 6_2_0040165E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0040A60E push eax; ret 6_2_0040A60F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_00401EE0 pushad ; ret 6_2_00401EF0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_00415F43 push edx; retf 6_2_00415F90
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0041870B pushfd ; iretd 6_2_0041870D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_011E225F pushad ; ret 6_2_011E27F9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_011E27FA pushad ; ret 6_2_011E27F9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012109AD push ecx; mov dword ptr [esp], ecx6_2_012109B6
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_011E283D push eax; iretd 6_2_011E2858
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_011E1368 push eax; iretd 6_2_011E1369
          Source: SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeStatic PE information: section name: .text entropy: 7.9832260426734205
          Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe.47933e0.1.raw.unpack, LxnB925r4WHKmko0Vx.csHigh entropy of concatenated method names: 'chN9c4f63I', 'GcU9hwcqDk', 'n559XEpvpF', 'fEy9oDP6is', 'yaF9ZSVdJG', 'noF95LhIgN', 'eZ59kVxCAJ', 'sas9mQfmJv', 'S9j9M8fA1L', 'xPk9iY4VeU'
          Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe.47933e0.1.raw.unpack, VXvJHbq88FGD3RElxv.csHigh entropy of concatenated method names: 'GiA4MdHk7W', 'eQo4pjUDZ0', 'gMv4ucI9EN', 'qaq4tiilgY', 'VIs4oJR4bp', 'CPK4v28Pn3', 'gUN4ZkLyZF', 'WN545MEptt', 'AuV4YNkflk', 'jnM4kUd2Dg'
          Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe.47933e0.1.raw.unpack, WxaijS9S9VTergr61G.csHigh entropy of concatenated method names: 'np5HlrXDCM', 'tQPHsnYqEp', 'hYKHjJvAj4', 'ufMHG1wJn2', 'I0QH4n9JAa', 'sDKHVjCQv3', 'xSZD2yJQyY0dUZIBts', 'Ajmcl4AOFV3MygYuUu', 'qLrHHLkGBx', 'hACHxtrJA9'
          Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe.47933e0.1.raw.unpack, k9cwO4hYJd4hI17mpdM.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'v7IDuJiI59', 'kLYDtdYLj5', 'QA8Dd2eAJr', 'kCZDUyRfAo', 'mheDfWsg9v', 'phnDLsHhK3', 'A34DT08Nyd'
          Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe.47933e0.1.raw.unpack, PqSGpAjaeGywlFlu63.csHigh entropy of concatenated method names: 'ikP1HPdyeL', 'eGq1xGkoDK', 'eOU1bFUqf7', 'HkP1EqPuc0', 'yaM1PD7shm', 'aUX1wxY9eO', 'Bjo1Aajn66', 'tPH0TfbS6J', 'SQv0WLL8bw', 'RtJ08Jpxa5'
          Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe.47933e0.1.raw.unpack, UXQVotzA8ZW9OAwcgc.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'tEt19jvIjn', 'cQB14uTj0P', 'BaU1VPeq6V', 'Nk21IQkwoW', 'nGi103ZhPv', 'ssh11n15yO', 'Hrn1DeicKt'
          Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe.47933e0.1.raw.unpack, GS7Cegs8HDidOu4N34.csHigh entropy of concatenated method names: 'D2BJsTheS', 'kIwQHGxZF', 'p1WN07mKV', 'uS0KPxb91', 'sKuhUy0dt', 'z1AyP6iY2', 'o56HBRY6D4inl5v40w', 'nda7EioT12o3dZ51dp', 'lX902BYhY', 'icXDy9A6a'
          Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe.47933e0.1.raw.unpack, Dp2qNCemOLMPjUnR7e.csHigh entropy of concatenated method names: 'Dispose', 'OxkH8Ml5ZL', 'igP2oiiKP4', 'pA8SSaHWAc', 'YO1Hq88xGH', 'as1HzLqyQc', 'ProcessDialogKey', 'XcH2OZLcRx', 'zOw2HePdoK', 'Jik22nCYwX'
          Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe.47933e0.1.raw.unpack, njoshMhfoKgPykTiKxv.csHigh entropy of concatenated method names: 'k1d1erBQZx', 'Ptt1FtnZrB', 'fXa1JQDjOd', 'KkP1Qibpir', 'F4x1rKViPv', 'fDm1NTwYtW', 'AH61KHlKQc', 'FaU1cfwa7Y', 'ngS1hD805v', 'aYY1ynvTP7'
          Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe.47933e0.1.raw.unpack, wYMQX0OdRswtCuhbqP.csHigh entropy of concatenated method names: 'ToString', 'hjNVi6UU45', 'J48Vomhgp6', 'eSBVvesQjE', 'cOmVZPVVRu', 'oRvV5eGP6H', 'SPoVYclGZB', 'T0pVkVpbUX', 'dD7VmICoPh', 'OSFVCS3np5'
          Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe.47933e0.1.raw.unpack, RgrVdTw7gNeOiFjlt0.csHigh entropy of concatenated method names: 'ySxIjTtd5A', 'veBIGMCmZX', 'ToString', 'DioIEdc2WF', 'sbXIPqLjFv', 'x0rIBlJSk0', 'tDiIwSj9q3', 'vv3IAgGHOf', 'nAaIl1tTJP', 'qFZIs9u88n'
          Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe.47933e0.1.raw.unpack, e1UBolStMq4Pth9UEt.csHigh entropy of concatenated method names: 't5F0EktUvl', 'UZh0PYEFeH', 'd9d0BqQMmX', 'fYm0wsdCEv', 'ptn0AuZoFM', 'wLW0lsSwiQ', 'T180sIt9Ar', 'iSX07SGRYd', 'G2l0jQrSRU', 'wb50G0SYlm'
          Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe.47933e0.1.raw.unpack, BVO9nQkTSjZWsQd6Cg.csHigh entropy of concatenated method names: 'h8mAaENnR4', 'Y0wAPgnmIw', 'jcXAwWcxaG', 'WTFAlnUwv9', 'GTtAsJ712U', 'VjTwf8tMCG', 'lO9wLbN13K', 'zK2wTW96OQ', 'd1jwWExRjS', 'IVmw897yCf'
          Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe.47933e0.1.raw.unpack, gkQ74ZiDJIPA5CPOlG.csHigh entropy of concatenated method names: 'raCBQ43kCl', 'zLhBNfbmlr', 'sldBcUUSaG', 's4YBhFP44s', 'ddoB4Gt9Sc', 'LjeBVVk5iC', 'G6SBInbSYK', 'X37B07QFJM', 'f1sB11bkgX', 'aaCBDaOh0G'
          Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe.47933e0.1.raw.unpack, nBlKb8HamdF0uu0hkf.csHigh entropy of concatenated method names: 'fXHleXMAld', 'nSSlFFxRgj', 'lRDlJIR2nJ', 'xi5lQBGt6u', 'X3ClrH3feD', 'vaXlN82yGH', 'AjnlKgg7UU', 'tcklcAABp9', 'OvLlhktDmJ', 'qiply62Rrb'
          Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe.47933e0.1.raw.unpack, zocsXSV1GRYl9w87eD.csHigh entropy of concatenated method names: 'cVKV1PM8n6yN7KLbv7l', 'mvhCvrMiSqluILLrKuJ', 'vlnA0dfqgw', 'uuvA1oB73G', 'AEMADR1gkx', 'dlMyTnMbufWm9PUkDWZ', 'jAwXRyMwXJZ3YO1OsRX', 'dofkLqMLSJIpsCZq2E5'
          Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe.47933e0.1.raw.unpack, S7wdwTpl3eXSkJNKOM.csHigh entropy of concatenated method names: 'V33IWfQcf6', 'HLKIqSfSWx', 'aI30Opgs3R', 'qDH0HvHEjR', 'hMQIi6Osxp', 'urHIp7mxBw', 'MwUIRMx1T3', 'ANIIuySgM1', 'fTfItjyh2T', 'e7gIdqjFib'
          Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe.47933e0.1.raw.unpack, mKZmj98pVt7bWS5JGg.csHigh entropy of concatenated method names: 'TUu0XxgRcq', 'Vm30osKjN5', 'aHX0v7VtmY', 'TNN0ZvKrQp', 'FPW0uDXYwQ', 'HtF05hpUBO', 'Next', 'Next', 'Next', 'NextBytes'
          Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe.47933e0.1.raw.unpack, nhe2XH0mRlfN1WfW1n.csHigh entropy of concatenated method names: 'DdYlE3uBWt', 'joxlBtVI6i', 'OmwlAaUQib', 'YuMAqvLoMh', 'hdIAz2ee5y', 'NUWlOLwh1y', 'rGAlHUTnsV', 'disl2p459X', 'cmslxq4Pu6', 'Uyhlb9WLfh'
          Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe.47933e0.1.raw.unpack, OX15EQ6uplUdVJEktF.csHigh entropy of concatenated method names: 'vjcwrTMKew', 'AvqwKv0DIG', 'RdZBv52G9C', 'hD4BZWJeiF', 'P1xB5tknCg', 'wrJBYchshW', 'Kf6BkXgCoW', 'dCJBmApgYh', 'dmXBCgs3wC', 'M1xBMCZMZJ'
          Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe.47933e0.1.raw.unpack, FX7Cr12UkR2le7xQAU.csHigh entropy of concatenated method names: 'wdSxa2Lh5H', 'XBIxEDPu2T', 'F7AxPC3ExY', 'IIKxB1mCEi', 'paaxwv5JRW', 'vR0xApOsc5', 'FLexlNscFA', 'lKyxsCkdbt', 'VULx7MyiAp', 'ofXxjIHWEY'
          Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe.47933e0.1.raw.unpack, ndga1A46pUPoxEYOxN.csHigh entropy of concatenated method names: 'mMyPu5co7G', 'rSaPtM3opD', 'd38PdQsWU3', 'C9xPUmgL7a', 'zN7PfsTk07', 'uQEPLmTW3i', 'aqPPTMGcPa', 'jYqPWWKMrF', 'MVxP8AyhSZ', 'GmtPqZTJmf'
          Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe.4817000.2.raw.unpack, LxnB925r4WHKmko0Vx.csHigh entropy of concatenated method names: 'chN9c4f63I', 'GcU9hwcqDk', 'n559XEpvpF', 'fEy9oDP6is', 'yaF9ZSVdJG', 'noF95LhIgN', 'eZ59kVxCAJ', 'sas9mQfmJv', 'S9j9M8fA1L', 'xPk9iY4VeU'
          Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe.4817000.2.raw.unpack, VXvJHbq88FGD3RElxv.csHigh entropy of concatenated method names: 'GiA4MdHk7W', 'eQo4pjUDZ0', 'gMv4ucI9EN', 'qaq4tiilgY', 'VIs4oJR4bp', 'CPK4v28Pn3', 'gUN4ZkLyZF', 'WN545MEptt', 'AuV4YNkflk', 'jnM4kUd2Dg'
          Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe.4817000.2.raw.unpack, WxaijS9S9VTergr61G.csHigh entropy of concatenated method names: 'np5HlrXDCM', 'tQPHsnYqEp', 'hYKHjJvAj4', 'ufMHG1wJn2', 'I0QH4n9JAa', 'sDKHVjCQv3', 'xSZD2yJQyY0dUZIBts', 'Ajmcl4AOFV3MygYuUu', 'qLrHHLkGBx', 'hACHxtrJA9'
          Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe.4817000.2.raw.unpack, k9cwO4hYJd4hI17mpdM.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'v7IDuJiI59', 'kLYDtdYLj5', 'QA8Dd2eAJr', 'kCZDUyRfAo', 'mheDfWsg9v', 'phnDLsHhK3', 'A34DT08Nyd'
          Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe.4817000.2.raw.unpack, PqSGpAjaeGywlFlu63.csHigh entropy of concatenated method names: 'ikP1HPdyeL', 'eGq1xGkoDK', 'eOU1bFUqf7', 'HkP1EqPuc0', 'yaM1PD7shm', 'aUX1wxY9eO', 'Bjo1Aajn66', 'tPH0TfbS6J', 'SQv0WLL8bw', 'RtJ08Jpxa5'
          Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe.4817000.2.raw.unpack, UXQVotzA8ZW9OAwcgc.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'tEt19jvIjn', 'cQB14uTj0P', 'BaU1VPeq6V', 'Nk21IQkwoW', 'nGi103ZhPv', 'ssh11n15yO', 'Hrn1DeicKt'
          Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe.4817000.2.raw.unpack, GS7Cegs8HDidOu4N34.csHigh entropy of concatenated method names: 'D2BJsTheS', 'kIwQHGxZF', 'p1WN07mKV', 'uS0KPxb91', 'sKuhUy0dt', 'z1AyP6iY2', 'o56HBRY6D4inl5v40w', 'nda7EioT12o3dZ51dp', 'lX902BYhY', 'icXDy9A6a'
          Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe.4817000.2.raw.unpack, Dp2qNCemOLMPjUnR7e.csHigh entropy of concatenated method names: 'Dispose', 'OxkH8Ml5ZL', 'igP2oiiKP4', 'pA8SSaHWAc', 'YO1Hq88xGH', 'as1HzLqyQc', 'ProcessDialogKey', 'XcH2OZLcRx', 'zOw2HePdoK', 'Jik22nCYwX'
          Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe.4817000.2.raw.unpack, njoshMhfoKgPykTiKxv.csHigh entropy of concatenated method names: 'k1d1erBQZx', 'Ptt1FtnZrB', 'fXa1JQDjOd', 'KkP1Qibpir', 'F4x1rKViPv', 'fDm1NTwYtW', 'AH61KHlKQc', 'FaU1cfwa7Y', 'ngS1hD805v', 'aYY1ynvTP7'
          Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe.4817000.2.raw.unpack, wYMQX0OdRswtCuhbqP.csHigh entropy of concatenated method names: 'ToString', 'hjNVi6UU45', 'J48Vomhgp6', 'eSBVvesQjE', 'cOmVZPVVRu', 'oRvV5eGP6H', 'SPoVYclGZB', 'T0pVkVpbUX', 'dD7VmICoPh', 'OSFVCS3np5'
          Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe.4817000.2.raw.unpack, RgrVdTw7gNeOiFjlt0.csHigh entropy of concatenated method names: 'ySxIjTtd5A', 'veBIGMCmZX', 'ToString', 'DioIEdc2WF', 'sbXIPqLjFv', 'x0rIBlJSk0', 'tDiIwSj9q3', 'vv3IAgGHOf', 'nAaIl1tTJP', 'qFZIs9u88n'
          Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe.4817000.2.raw.unpack, e1UBolStMq4Pth9UEt.csHigh entropy of concatenated method names: 't5F0EktUvl', 'UZh0PYEFeH', 'd9d0BqQMmX', 'fYm0wsdCEv', 'ptn0AuZoFM', 'wLW0lsSwiQ', 'T180sIt9Ar', 'iSX07SGRYd', 'G2l0jQrSRU', 'wb50G0SYlm'
          Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe.4817000.2.raw.unpack, BVO9nQkTSjZWsQd6Cg.csHigh entropy of concatenated method names: 'h8mAaENnR4', 'Y0wAPgnmIw', 'jcXAwWcxaG', 'WTFAlnUwv9', 'GTtAsJ712U', 'VjTwf8tMCG', 'lO9wLbN13K', 'zK2wTW96OQ', 'd1jwWExRjS', 'IVmw897yCf'
          Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe.4817000.2.raw.unpack, gkQ74ZiDJIPA5CPOlG.csHigh entropy of concatenated method names: 'raCBQ43kCl', 'zLhBNfbmlr', 'sldBcUUSaG', 's4YBhFP44s', 'ddoB4Gt9Sc', 'LjeBVVk5iC', 'G6SBInbSYK', 'X37B07QFJM', 'f1sB11bkgX', 'aaCBDaOh0G'
          Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe.4817000.2.raw.unpack, nBlKb8HamdF0uu0hkf.csHigh entropy of concatenated method names: 'fXHleXMAld', 'nSSlFFxRgj', 'lRDlJIR2nJ', 'xi5lQBGt6u', 'X3ClrH3feD', 'vaXlN82yGH', 'AjnlKgg7UU', 'tcklcAABp9', 'OvLlhktDmJ', 'qiply62Rrb'
          Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe.4817000.2.raw.unpack, zocsXSV1GRYl9w87eD.csHigh entropy of concatenated method names: 'cVKV1PM8n6yN7KLbv7l', 'mvhCvrMiSqluILLrKuJ', 'vlnA0dfqgw', 'uuvA1oB73G', 'AEMADR1gkx', 'dlMyTnMbufWm9PUkDWZ', 'jAwXRyMwXJZ3YO1OsRX', 'dofkLqMLSJIpsCZq2E5'
          Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe.4817000.2.raw.unpack, S7wdwTpl3eXSkJNKOM.csHigh entropy of concatenated method names: 'V33IWfQcf6', 'HLKIqSfSWx', 'aI30Opgs3R', 'qDH0HvHEjR', 'hMQIi6Osxp', 'urHIp7mxBw', 'MwUIRMx1T3', 'ANIIuySgM1', 'fTfItjyh2T', 'e7gIdqjFib'
          Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe.4817000.2.raw.unpack, mKZmj98pVt7bWS5JGg.csHigh entropy of concatenated method names: 'TUu0XxgRcq', 'Vm30osKjN5', 'aHX0v7VtmY', 'TNN0ZvKrQp', 'FPW0uDXYwQ', 'HtF05hpUBO', 'Next', 'Next', 'Next', 'NextBytes'
          Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe.4817000.2.raw.unpack, nhe2XH0mRlfN1WfW1n.csHigh entropy of concatenated method names: 'DdYlE3uBWt', 'joxlBtVI6i', 'OmwlAaUQib', 'YuMAqvLoMh', 'hdIAz2ee5y', 'NUWlOLwh1y', 'rGAlHUTnsV', 'disl2p459X', 'cmslxq4Pu6', 'Uyhlb9WLfh'
          Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe.4817000.2.raw.unpack, OX15EQ6uplUdVJEktF.csHigh entropy of concatenated method names: 'vjcwrTMKew', 'AvqwKv0DIG', 'RdZBv52G9C', 'hD4BZWJeiF', 'P1xB5tknCg', 'wrJBYchshW', 'Kf6BkXgCoW', 'dCJBmApgYh', 'dmXBCgs3wC', 'M1xBMCZMZJ'
          Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe.4817000.2.raw.unpack, FX7Cr12UkR2le7xQAU.csHigh entropy of concatenated method names: 'wdSxa2Lh5H', 'XBIxEDPu2T', 'F7AxPC3ExY', 'IIKxB1mCEi', 'paaxwv5JRW', 'vR0xApOsc5', 'FLexlNscFA', 'lKyxsCkdbt', 'VULx7MyiAp', 'ofXxjIHWEY'
          Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe.4817000.2.raw.unpack, ndga1A46pUPoxEYOxN.csHigh entropy of concatenated method names: 'mMyPu5co7G', 'rSaPtM3opD', 'd38PdQsWU3', 'C9xPUmgL7a', 'zN7PfsTk07', 'uQEPLmTW3i', 'aqPPTMGcPa', 'jYqPWWKMrF', 'MVxP8AyhSZ', 'GmtPqZTJmf'

          Hooking and other Techniques for Hiding and Protection

          barindex
          Loading BitLocker PowerShell Module
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion

          barindex
          Yara detected AntiVM3
          Source: Yara matchFile source: Process Memory Space: SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe PID: 3868, type: MEMORYSTR
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeMemory allocated: 2A10000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeMemory allocated: 2B90000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeMemory allocated: 4B90000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeMemory allocated: 78B0000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeMemory allocated: 88B0000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeMemory allocated: 8A60000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeMemory allocated: 9A60000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeMemory allocated: 9DB0000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeMemory allocated: ADB0000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeMemory allocated: BDB0000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeMemory allocated: CDB0000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeMemory allocated: DDB0000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeMemory allocated: EDB0000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeMemory allocated: F440000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0125096E rdtsc 6_2_0125096E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5506Jump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2044Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeAPI coverage: 0.3 %
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe TID: 4144Thread sleep time: -922337203685477s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7344Thread sleep time: -2767011611056431s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7332Thread sleep time: -922337203685477s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: Amcache.hve.13.drBinary or memory string: VMware
          Source: Amcache.hve.13.drBinary or memory string: VMware Virtual USB Mouse
          Source: Amcache.hve.13.drBinary or memory string: vmci.syshbin
          Source: Amcache.hve.13.drBinary or memory string: VMware, Inc.
          Source: Amcache.hve.13.drBinary or memory string: VMware20,1hbin@
          Source: Amcache.hve.13.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
          Source: Amcache.hve.13.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
          Source: Amcache.hve.13.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
          Source: Amcache.hve.13.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
          Source: Amcache.hve.13.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
          Source: Amcache.hve.13.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
          Source: Amcache.hve.13.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
          Source: Amcache.hve.13.drBinary or memory string: vmci.sys
          Source: Amcache.hve.13.drBinary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0
          Source: Amcache.hve.13.drBinary or memory string: vmci.syshbin`
          Source: Amcache.hve.13.drBinary or memory string: \driver\vmci,\driver\pci
          Source: Amcache.hve.13.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
          Source: Amcache.hve.13.drBinary or memory string: VMware20,1
          Source: Amcache.hve.13.drBinary or memory string: Microsoft Hyper-V Generation Counter
          Source: Amcache.hve.13.drBinary or memory string: NECVMWar VMware SATA CD00
          Source: Amcache.hve.13.drBinary or memory string: VMware Virtual disk SCSI Disk Device
          Source: Amcache.hve.13.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
          Source: Amcache.hve.13.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
          Source: Amcache.hve.13.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
          Source: Amcache.hve.13.drBinary or memory string: VMware PCI VMCI Bus Device
          Source: Amcache.hve.13.drBinary or memory string: VMware VMCI Bus Device
          Source: Amcache.hve.13.drBinary or memory string: VMware Virtual RAM
          Source: Amcache.hve.13.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
          Source: Amcache.hve.13.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0125096E rdtsc 6_2_0125096E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01252DF0 NtQuerySystemInformation,LdrInitializeThunk,6_2_01252DF0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01240124 mov eax, dword ptr fs:[00000030h]6_2_01240124
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012BE10E mov eax, dword ptr fs:[00000030h]6_2_012BE10E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012BE10E mov ecx, dword ptr fs:[00000030h]6_2_012BE10E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012BE10E mov eax, dword ptr fs:[00000030h]6_2_012BE10E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012BE10E mov eax, dword ptr fs:[00000030h]6_2_012BE10E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012BE10E mov ecx, dword ptr fs:[00000030h]6_2_012BE10E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012BE10E mov eax, dword ptr fs:[00000030h]6_2_012BE10E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012BE10E mov eax, dword ptr fs:[00000030h]6_2_012BE10E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012BE10E mov ecx, dword ptr fs:[00000030h]6_2_012BE10E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012BE10E mov eax, dword ptr fs:[00000030h]6_2_012BE10E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012BE10E mov ecx, dword ptr fs:[00000030h]6_2_012BE10E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012BA118 mov ecx, dword ptr fs:[00000030h]6_2_012BA118
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012BA118 mov eax, dword ptr fs:[00000030h]6_2_012BA118
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012BA118 mov eax, dword ptr fs:[00000030h]6_2_012BA118
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012BA118 mov eax, dword ptr fs:[00000030h]6_2_012BA118
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012D0115 mov eax, dword ptr fs:[00000030h]6_2_012D0115
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012E4164 mov eax, dword ptr fs:[00000030h]6_2_012E4164
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012E4164 mov eax, dword ptr fs:[00000030h]6_2_012E4164
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012A4144 mov eax, dword ptr fs:[00000030h]6_2_012A4144
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012A4144 mov eax, dword ptr fs:[00000030h]6_2_012A4144
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012A4144 mov ecx, dword ptr fs:[00000030h]6_2_012A4144
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012A4144 mov eax, dword ptr fs:[00000030h]6_2_012A4144
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012A4144 mov eax, dword ptr fs:[00000030h]6_2_012A4144
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012A8158 mov eax, dword ptr fs:[00000030h]6_2_012A8158
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01216154 mov eax, dword ptr fs:[00000030h]6_2_01216154
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01216154 mov eax, dword ptr fs:[00000030h]6_2_01216154
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0120C156 mov eax, dword ptr fs:[00000030h]6_2_0120C156
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01250185 mov eax, dword ptr fs:[00000030h]6_2_01250185
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012CC188 mov eax, dword ptr fs:[00000030h]6_2_012CC188
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012CC188 mov eax, dword ptr fs:[00000030h]6_2_012CC188
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012B4180 mov eax, dword ptr fs:[00000030h]6_2_012B4180
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012B4180 mov eax, dword ptr fs:[00000030h]6_2_012B4180
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0129019F mov eax, dword ptr fs:[00000030h]6_2_0129019F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0129019F mov eax, dword ptr fs:[00000030h]6_2_0129019F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0129019F mov eax, dword ptr fs:[00000030h]6_2_0129019F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0129019F mov eax, dword ptr fs:[00000030h]6_2_0129019F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0120A197 mov eax, dword ptr fs:[00000030h]6_2_0120A197
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0120A197 mov eax, dword ptr fs:[00000030h]6_2_0120A197
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0120A197 mov eax, dword ptr fs:[00000030h]6_2_0120A197
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012E61E5 mov eax, dword ptr fs:[00000030h]6_2_012E61E5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012401F8 mov eax, dword ptr fs:[00000030h]6_2_012401F8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012D61C3 mov eax, dword ptr fs:[00000030h]6_2_012D61C3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012D61C3 mov eax, dword ptr fs:[00000030h]6_2_012D61C3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0128E1D0 mov eax, dword ptr fs:[00000030h]6_2_0128E1D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0128E1D0 mov eax, dword ptr fs:[00000030h]6_2_0128E1D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0128E1D0 mov ecx, dword ptr fs:[00000030h]6_2_0128E1D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0128E1D0 mov eax, dword ptr fs:[00000030h]6_2_0128E1D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0128E1D0 mov eax, dword ptr fs:[00000030h]6_2_0128E1D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0120A020 mov eax, dword ptr fs:[00000030h]6_2_0120A020
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0120C020 mov eax, dword ptr fs:[00000030h]6_2_0120C020
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012A6030 mov eax, dword ptr fs:[00000030h]6_2_012A6030
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01294000 mov ecx, dword ptr fs:[00000030h]6_2_01294000
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012B2000 mov eax, dword ptr fs:[00000030h]6_2_012B2000
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012B2000 mov eax, dword ptr fs:[00000030h]6_2_012B2000
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012B2000 mov eax, dword ptr fs:[00000030h]6_2_012B2000
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012B2000 mov eax, dword ptr fs:[00000030h]6_2_012B2000
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012B2000 mov eax, dword ptr fs:[00000030h]6_2_012B2000
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012B2000 mov eax, dword ptr fs:[00000030h]6_2_012B2000
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012B2000 mov eax, dword ptr fs:[00000030h]6_2_012B2000
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012B2000 mov eax, dword ptr fs:[00000030h]6_2_012B2000
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0122E016 mov eax, dword ptr fs:[00000030h]6_2_0122E016
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0122E016 mov eax, dword ptr fs:[00000030h]6_2_0122E016
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0122E016 mov eax, dword ptr fs:[00000030h]6_2_0122E016
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0122E016 mov eax, dword ptr fs:[00000030h]6_2_0122E016
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0123C073 mov eax, dword ptr fs:[00000030h]6_2_0123C073
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01212050 mov eax, dword ptr fs:[00000030h]6_2_01212050
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01296050 mov eax, dword ptr fs:[00000030h]6_2_01296050
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012080A0 mov eax, dword ptr fs:[00000030h]6_2_012080A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012A80A8 mov eax, dword ptr fs:[00000030h]6_2_012A80A8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012D60B8 mov eax, dword ptr fs:[00000030h]6_2_012D60B8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012D60B8 mov ecx, dword ptr fs:[00000030h]6_2_012D60B8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0121208A mov eax, dword ptr fs:[00000030h]6_2_0121208A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0120A0E3 mov ecx, dword ptr fs:[00000030h]6_2_0120A0E3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012180E9 mov eax, dword ptr fs:[00000030h]6_2_012180E9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012960E0 mov eax, dword ptr fs:[00000030h]6_2_012960E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0120C0F0 mov eax, dword ptr fs:[00000030h]6_2_0120C0F0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012520F0 mov ecx, dword ptr fs:[00000030h]6_2_012520F0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012920DE mov eax, dword ptr fs:[00000030h]6_2_012920DE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012E8324 mov eax, dword ptr fs:[00000030h]6_2_012E8324
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012E8324 mov ecx, dword ptr fs:[00000030h]6_2_012E8324
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012E8324 mov eax, dword ptr fs:[00000030h]6_2_012E8324
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012E8324 mov eax, dword ptr fs:[00000030h]6_2_012E8324
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0124A30B mov eax, dword ptr fs:[00000030h]6_2_0124A30B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0124A30B mov eax, dword ptr fs:[00000030h]6_2_0124A30B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0124A30B mov eax, dword ptr fs:[00000030h]6_2_0124A30B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0120C310 mov ecx, dword ptr fs:[00000030h]6_2_0120C310
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01230310 mov ecx, dword ptr fs:[00000030h]6_2_01230310
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012B437C mov eax, dword ptr fs:[00000030h]6_2_012B437C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01292349 mov eax, dword ptr fs:[00000030h]6_2_01292349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01292349 mov eax, dword ptr fs:[00000030h]6_2_01292349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01292349 mov eax, dword ptr fs:[00000030h]6_2_01292349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01292349 mov eax, dword ptr fs:[00000030h]6_2_01292349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01292349 mov eax, dword ptr fs:[00000030h]6_2_01292349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01292349 mov eax, dword ptr fs:[00000030h]6_2_01292349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01292349 mov eax, dword ptr fs:[00000030h]6_2_01292349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01292349 mov eax, dword ptr fs:[00000030h]6_2_01292349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01292349 mov eax, dword ptr fs:[00000030h]6_2_01292349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01292349 mov eax, dword ptr fs:[00000030h]6_2_01292349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01292349 mov eax, dword ptr fs:[00000030h]6_2_01292349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01292349 mov eax, dword ptr fs:[00000030h]6_2_01292349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01292349 mov eax, dword ptr fs:[00000030h]6_2_01292349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01292349 mov eax, dword ptr fs:[00000030h]6_2_01292349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01292349 mov eax, dword ptr fs:[00000030h]6_2_01292349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012E634F mov eax, dword ptr fs:[00000030h]6_2_012E634F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0129035C mov eax, dword ptr fs:[00000030h]6_2_0129035C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0129035C mov eax, dword ptr fs:[00000030h]6_2_0129035C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0129035C mov eax, dword ptr fs:[00000030h]6_2_0129035C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0129035C mov ecx, dword ptr fs:[00000030h]6_2_0129035C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0129035C mov eax, dword ptr fs:[00000030h]6_2_0129035C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0129035C mov eax, dword ptr fs:[00000030h]6_2_0129035C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012B8350 mov ecx, dword ptr fs:[00000030h]6_2_012B8350
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012DA352 mov eax, dword ptr fs:[00000030h]6_2_012DA352
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0120E388 mov eax, dword ptr fs:[00000030h]6_2_0120E388
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0120E388 mov eax, dword ptr fs:[00000030h]6_2_0120E388
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0120E388 mov eax, dword ptr fs:[00000030h]6_2_0120E388
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0123438F mov eax, dword ptr fs:[00000030h]6_2_0123438F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0123438F mov eax, dword ptr fs:[00000030h]6_2_0123438F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01208397 mov eax, dword ptr fs:[00000030h]6_2_01208397
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01208397 mov eax, dword ptr fs:[00000030h]6_2_01208397
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01208397 mov eax, dword ptr fs:[00000030h]6_2_01208397
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012203E9 mov eax, dword ptr fs:[00000030h]6_2_012203E9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012203E9 mov eax, dword ptr fs:[00000030h]6_2_012203E9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012203E9 mov eax, dword ptr fs:[00000030h]6_2_012203E9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012203E9 mov eax, dword ptr fs:[00000030h]6_2_012203E9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012203E9 mov eax, dword ptr fs:[00000030h]6_2_012203E9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012203E9 mov eax, dword ptr fs:[00000030h]6_2_012203E9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012203E9 mov eax, dword ptr fs:[00000030h]6_2_012203E9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012203E9 mov eax, dword ptr fs:[00000030h]6_2_012203E9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0122E3F0 mov eax, dword ptr fs:[00000030h]6_2_0122E3F0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0122E3F0 mov eax, dword ptr fs:[00000030h]6_2_0122E3F0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0122E3F0 mov eax, dword ptr fs:[00000030h]6_2_0122E3F0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012463FF mov eax, dword ptr fs:[00000030h]6_2_012463FF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012CC3CD mov eax, dword ptr fs:[00000030h]6_2_012CC3CD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0121A3C0 mov eax, dword ptr fs:[00000030h]6_2_0121A3C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0121A3C0 mov eax, dword ptr fs:[00000030h]6_2_0121A3C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0121A3C0 mov eax, dword ptr fs:[00000030h]6_2_0121A3C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0121A3C0 mov eax, dword ptr fs:[00000030h]6_2_0121A3C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0121A3C0 mov eax, dword ptr fs:[00000030h]6_2_0121A3C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0121A3C0 mov eax, dword ptr fs:[00000030h]6_2_0121A3C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012183C0 mov eax, dword ptr fs:[00000030h]6_2_012183C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012183C0 mov eax, dword ptr fs:[00000030h]6_2_012183C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012183C0 mov eax, dword ptr fs:[00000030h]6_2_012183C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012183C0 mov eax, dword ptr fs:[00000030h]6_2_012183C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012963C0 mov eax, dword ptr fs:[00000030h]6_2_012963C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012BE3DB mov eax, dword ptr fs:[00000030h]6_2_012BE3DB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012BE3DB mov eax, dword ptr fs:[00000030h]6_2_012BE3DB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012BE3DB mov ecx, dword ptr fs:[00000030h]6_2_012BE3DB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012BE3DB mov eax, dword ptr fs:[00000030h]6_2_012BE3DB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012B43D4 mov eax, dword ptr fs:[00000030h]6_2_012B43D4
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012B43D4 mov eax, dword ptr fs:[00000030h]6_2_012B43D4
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0120823B mov eax, dword ptr fs:[00000030h]6_2_0120823B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01214260 mov eax, dword ptr fs:[00000030h]6_2_01214260
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01214260 mov eax, dword ptr fs:[00000030h]6_2_01214260
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01214260 mov eax, dword ptr fs:[00000030h]6_2_01214260
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0120826B mov eax, dword ptr fs:[00000030h]6_2_0120826B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012C0274 mov eax, dword ptr fs:[00000030h]6_2_012C0274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012C0274 mov eax, dword ptr fs:[00000030h]6_2_012C0274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012C0274 mov eax, dword ptr fs:[00000030h]6_2_012C0274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012C0274 mov eax, dword ptr fs:[00000030h]6_2_012C0274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012C0274 mov eax, dword ptr fs:[00000030h]6_2_012C0274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012C0274 mov eax, dword ptr fs:[00000030h]6_2_012C0274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012C0274 mov eax, dword ptr fs:[00000030h]6_2_012C0274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012C0274 mov eax, dword ptr fs:[00000030h]6_2_012C0274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012C0274 mov eax, dword ptr fs:[00000030h]6_2_012C0274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012C0274 mov eax, dword ptr fs:[00000030h]6_2_012C0274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012C0274 mov eax, dword ptr fs:[00000030h]6_2_012C0274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012C0274 mov eax, dword ptr fs:[00000030h]6_2_012C0274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01298243 mov eax, dword ptr fs:[00000030h]6_2_01298243
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01298243 mov ecx, dword ptr fs:[00000030h]6_2_01298243
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0120A250 mov eax, dword ptr fs:[00000030h]6_2_0120A250
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012E625D mov eax, dword ptr fs:[00000030h]6_2_012E625D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01216259 mov eax, dword ptr fs:[00000030h]6_2_01216259
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012CA250 mov eax, dword ptr fs:[00000030h]6_2_012CA250
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012CA250 mov eax, dword ptr fs:[00000030h]6_2_012CA250
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012202A0 mov eax, dword ptr fs:[00000030h]6_2_012202A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012202A0 mov eax, dword ptr fs:[00000030h]6_2_012202A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012A62A0 mov eax, dword ptr fs:[00000030h]6_2_012A62A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012A62A0 mov ecx, dword ptr fs:[00000030h]6_2_012A62A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012A62A0 mov eax, dword ptr fs:[00000030h]6_2_012A62A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012A62A0 mov eax, dword ptr fs:[00000030h]6_2_012A62A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012A62A0 mov eax, dword ptr fs:[00000030h]6_2_012A62A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012A62A0 mov eax, dword ptr fs:[00000030h]6_2_012A62A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0124E284 mov eax, dword ptr fs:[00000030h]6_2_0124E284
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0124E284 mov eax, dword ptr fs:[00000030h]6_2_0124E284
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01290283 mov eax, dword ptr fs:[00000030h]6_2_01290283
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01290283 mov eax, dword ptr fs:[00000030h]6_2_01290283
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01290283 mov eax, dword ptr fs:[00000030h]6_2_01290283
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012202E1 mov eax, dword ptr fs:[00000030h]6_2_012202E1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012202E1 mov eax, dword ptr fs:[00000030h]6_2_012202E1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012202E1 mov eax, dword ptr fs:[00000030h]6_2_012202E1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0121A2C3 mov eax, dword ptr fs:[00000030h]6_2_0121A2C3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0121A2C3 mov eax, dword ptr fs:[00000030h]6_2_0121A2C3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0121A2C3 mov eax, dword ptr fs:[00000030h]6_2_0121A2C3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0121A2C3 mov eax, dword ptr fs:[00000030h]6_2_0121A2C3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0121A2C3 mov eax, dword ptr fs:[00000030h]6_2_0121A2C3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012E62D6 mov eax, dword ptr fs:[00000030h]6_2_012E62D6
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01220535 mov eax, dword ptr fs:[00000030h]6_2_01220535
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01220535 mov eax, dword ptr fs:[00000030h]6_2_01220535
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01220535 mov eax, dword ptr fs:[00000030h]6_2_01220535
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01220535 mov eax, dword ptr fs:[00000030h]6_2_01220535
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01220535 mov eax, dword ptr fs:[00000030h]6_2_01220535
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01220535 mov eax, dword ptr fs:[00000030h]6_2_01220535
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0123E53E mov eax, dword ptr fs:[00000030h]6_2_0123E53E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0123E53E mov eax, dword ptr fs:[00000030h]6_2_0123E53E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0123E53E mov eax, dword ptr fs:[00000030h]6_2_0123E53E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0123E53E mov eax, dword ptr fs:[00000030h]6_2_0123E53E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0123E53E mov eax, dword ptr fs:[00000030h]6_2_0123E53E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012A6500 mov eax, dword ptr fs:[00000030h]6_2_012A6500
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012E4500 mov eax, dword ptr fs:[00000030h]6_2_012E4500
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012E4500 mov eax, dword ptr fs:[00000030h]6_2_012E4500
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012E4500 mov eax, dword ptr fs:[00000030h]6_2_012E4500
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012E4500 mov eax, dword ptr fs:[00000030h]6_2_012E4500
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012E4500 mov eax, dword ptr fs:[00000030h]6_2_012E4500
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012E4500 mov eax, dword ptr fs:[00000030h]6_2_012E4500
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012E4500 mov eax, dword ptr fs:[00000030h]6_2_012E4500
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0124656A mov eax, dword ptr fs:[00000030h]6_2_0124656A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0124656A mov eax, dword ptr fs:[00000030h]6_2_0124656A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0124656A mov eax, dword ptr fs:[00000030h]6_2_0124656A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01218550 mov eax, dword ptr fs:[00000030h]6_2_01218550
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01218550 mov eax, dword ptr fs:[00000030h]6_2_01218550
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012905A7 mov eax, dword ptr fs:[00000030h]6_2_012905A7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012905A7 mov eax, dword ptr fs:[00000030h]6_2_012905A7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012905A7 mov eax, dword ptr fs:[00000030h]6_2_012905A7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012345B1 mov eax, dword ptr fs:[00000030h]6_2_012345B1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012345B1 mov eax, dword ptr fs:[00000030h]6_2_012345B1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01212582 mov eax, dword ptr fs:[00000030h]6_2_01212582
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01212582 mov ecx, dword ptr fs:[00000030h]6_2_01212582
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01244588 mov eax, dword ptr fs:[00000030h]6_2_01244588
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0124E59C mov eax, dword ptr fs:[00000030h]6_2_0124E59C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012125E0 mov eax, dword ptr fs:[00000030h]6_2_012125E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0123E5E7 mov eax, dword ptr fs:[00000030h]6_2_0123E5E7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0123E5E7 mov eax, dword ptr fs:[00000030h]6_2_0123E5E7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0123E5E7 mov eax, dword ptr fs:[00000030h]6_2_0123E5E7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0123E5E7 mov eax, dword ptr fs:[00000030h]6_2_0123E5E7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0123E5E7 mov eax, dword ptr fs:[00000030h]6_2_0123E5E7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0123E5E7 mov eax, dword ptr fs:[00000030h]6_2_0123E5E7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0123E5E7 mov eax, dword ptr fs:[00000030h]6_2_0123E5E7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0123E5E7 mov eax, dword ptr fs:[00000030h]6_2_0123E5E7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0124C5ED mov eax, dword ptr fs:[00000030h]6_2_0124C5ED
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0124C5ED mov eax, dword ptr fs:[00000030h]6_2_0124C5ED
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0124E5CF mov eax, dword ptr fs:[00000030h]6_2_0124E5CF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0124E5CF mov eax, dword ptr fs:[00000030h]6_2_0124E5CF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012165D0 mov eax, dword ptr fs:[00000030h]6_2_012165D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0124A5D0 mov eax, dword ptr fs:[00000030h]6_2_0124A5D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0124A5D0 mov eax, dword ptr fs:[00000030h]6_2_0124A5D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0120E420 mov eax, dword ptr fs:[00000030h]6_2_0120E420
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0120E420 mov eax, dword ptr fs:[00000030h]6_2_0120E420
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0120E420 mov eax, dword ptr fs:[00000030h]6_2_0120E420
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0120C427 mov eax, dword ptr fs:[00000030h]6_2_0120C427
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01296420 mov eax, dword ptr fs:[00000030h]6_2_01296420
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01296420 mov eax, dword ptr fs:[00000030h]6_2_01296420
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01296420 mov eax, dword ptr fs:[00000030h]6_2_01296420
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01296420 mov eax, dword ptr fs:[00000030h]6_2_01296420
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01296420 mov eax, dword ptr fs:[00000030h]6_2_01296420
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01296420 mov eax, dword ptr fs:[00000030h]6_2_01296420
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01296420 mov eax, dword ptr fs:[00000030h]6_2_01296420
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0124A430 mov eax, dword ptr fs:[00000030h]6_2_0124A430
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01248402 mov eax, dword ptr fs:[00000030h]6_2_01248402
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01248402 mov eax, dword ptr fs:[00000030h]6_2_01248402
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01248402 mov eax, dword ptr fs:[00000030h]6_2_01248402
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0129C460 mov ecx, dword ptr fs:[00000030h]6_2_0129C460
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0123A470 mov eax, dword ptr fs:[00000030h]6_2_0123A470
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0123A470 mov eax, dword ptr fs:[00000030h]6_2_0123A470
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0123A470 mov eax, dword ptr fs:[00000030h]6_2_0123A470
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0124E443 mov eax, dword ptr fs:[00000030h]6_2_0124E443
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0124E443 mov eax, dword ptr fs:[00000030h]6_2_0124E443
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0124E443 mov eax, dword ptr fs:[00000030h]6_2_0124E443
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0124E443 mov eax, dword ptr fs:[00000030h]6_2_0124E443
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0124E443 mov eax, dword ptr fs:[00000030h]6_2_0124E443
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0124E443 mov eax, dword ptr fs:[00000030h]6_2_0124E443
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0124E443 mov eax, dword ptr fs:[00000030h]6_2_0124E443
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0124E443 mov eax, dword ptr fs:[00000030h]6_2_0124E443
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0123245A mov eax, dword ptr fs:[00000030h]6_2_0123245A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012CA456 mov eax, dword ptr fs:[00000030h]6_2_012CA456
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0120645D mov eax, dword ptr fs:[00000030h]6_2_0120645D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012164AB mov eax, dword ptr fs:[00000030h]6_2_012164AB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012444B0 mov ecx, dword ptr fs:[00000030h]6_2_012444B0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0129A4B0 mov eax, dword ptr fs:[00000030h]6_2_0129A4B0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012CA49A mov eax, dword ptr fs:[00000030h]6_2_012CA49A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012104E5 mov ecx, dword ptr fs:[00000030h]6_2_012104E5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0124C720 mov eax, dword ptr fs:[00000030h]6_2_0124C720
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0124C720 mov eax, dword ptr fs:[00000030h]6_2_0124C720
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0124273C mov eax, dword ptr fs:[00000030h]6_2_0124273C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0124273C mov ecx, dword ptr fs:[00000030h]6_2_0124273C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0124273C mov eax, dword ptr fs:[00000030h]6_2_0124273C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0128C730 mov eax, dword ptr fs:[00000030h]6_2_0128C730
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0124C700 mov eax, dword ptr fs:[00000030h]6_2_0124C700
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01210710 mov eax, dword ptr fs:[00000030h]6_2_01210710
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01240710 mov eax, dword ptr fs:[00000030h]6_2_01240710
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01218770 mov eax, dword ptr fs:[00000030h]6_2_01218770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01220770 mov eax, dword ptr fs:[00000030h]6_2_01220770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01220770 mov eax, dword ptr fs:[00000030h]6_2_01220770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01220770 mov eax, dword ptr fs:[00000030h]6_2_01220770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01220770 mov eax, dword ptr fs:[00000030h]6_2_01220770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01220770 mov eax, dword ptr fs:[00000030h]6_2_01220770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01220770 mov eax, dword ptr fs:[00000030h]6_2_01220770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01220770 mov eax, dword ptr fs:[00000030h]6_2_01220770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01220770 mov eax, dword ptr fs:[00000030h]6_2_01220770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01220770 mov eax, dword ptr fs:[00000030h]6_2_01220770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01220770 mov eax, dword ptr fs:[00000030h]6_2_01220770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01220770 mov eax, dword ptr fs:[00000030h]6_2_01220770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01220770 mov eax, dword ptr fs:[00000030h]6_2_01220770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0124674D mov esi, dword ptr fs:[00000030h]6_2_0124674D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0124674D mov eax, dword ptr fs:[00000030h]6_2_0124674D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0124674D mov eax, dword ptr fs:[00000030h]6_2_0124674D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01210750 mov eax, dword ptr fs:[00000030h]6_2_01210750
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0129E75D mov eax, dword ptr fs:[00000030h]6_2_0129E75D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01252750 mov eax, dword ptr fs:[00000030h]6_2_01252750
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01252750 mov eax, dword ptr fs:[00000030h]6_2_01252750
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01294755 mov eax, dword ptr fs:[00000030h]6_2_01294755
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012C47A0 mov eax, dword ptr fs:[00000030h]6_2_012C47A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012107AF mov eax, dword ptr fs:[00000030h]6_2_012107AF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012B678E mov eax, dword ptr fs:[00000030h]6_2_012B678E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0129E7E1 mov eax, dword ptr fs:[00000030h]6_2_0129E7E1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012327ED mov eax, dword ptr fs:[00000030h]6_2_012327ED
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012327ED mov eax, dword ptr fs:[00000030h]6_2_012327ED
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012327ED mov eax, dword ptr fs:[00000030h]6_2_012327ED
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012147FB mov eax, dword ptr fs:[00000030h]6_2_012147FB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012147FB mov eax, dword ptr fs:[00000030h]6_2_012147FB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0121C7C0 mov eax, dword ptr fs:[00000030h]6_2_0121C7C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012907C3 mov eax, dword ptr fs:[00000030h]6_2_012907C3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01246620 mov eax, dword ptr fs:[00000030h]6_2_01246620
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01248620 mov eax, dword ptr fs:[00000030h]6_2_01248620
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0122E627 mov eax, dword ptr fs:[00000030h]6_2_0122E627
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0121262C mov eax, dword ptr fs:[00000030h]6_2_0121262C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0128E609 mov eax, dword ptr fs:[00000030h]6_2_0128E609
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0122260B mov eax, dword ptr fs:[00000030h]6_2_0122260B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0122260B mov eax, dword ptr fs:[00000030h]6_2_0122260B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0122260B mov eax, dword ptr fs:[00000030h]6_2_0122260B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0122260B mov eax, dword ptr fs:[00000030h]6_2_0122260B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0122260B mov eax, dword ptr fs:[00000030h]6_2_0122260B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0122260B mov eax, dword ptr fs:[00000030h]6_2_0122260B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0122260B mov eax, dword ptr fs:[00000030h]6_2_0122260B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01252619 mov eax, dword ptr fs:[00000030h]6_2_01252619
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012D866E mov eax, dword ptr fs:[00000030h]6_2_012D866E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012D866E mov eax, dword ptr fs:[00000030h]6_2_012D866E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0124A660 mov eax, dword ptr fs:[00000030h]6_2_0124A660
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0124A660 mov eax, dword ptr fs:[00000030h]6_2_0124A660
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01242674 mov eax, dword ptr fs:[00000030h]6_2_01242674
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0122C640 mov eax, dword ptr fs:[00000030h]6_2_0122C640
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0124C6A6 mov eax, dword ptr fs:[00000030h]6_2_0124C6A6
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012466B0 mov eax, dword ptr fs:[00000030h]6_2_012466B0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01214690 mov eax, dword ptr fs:[00000030h]6_2_01214690
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01214690 mov eax, dword ptr fs:[00000030h]6_2_01214690
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012906F1 mov eax, dword ptr fs:[00000030h]6_2_012906F1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012906F1 mov eax, dword ptr fs:[00000030h]6_2_012906F1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0128E6F2 mov eax, dword ptr fs:[00000030h]6_2_0128E6F2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0128E6F2 mov eax, dword ptr fs:[00000030h]6_2_0128E6F2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0128E6F2 mov eax, dword ptr fs:[00000030h]6_2_0128E6F2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0128E6F2 mov eax, dword ptr fs:[00000030h]6_2_0128E6F2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0124A6C7 mov ebx, dword ptr fs:[00000030h]6_2_0124A6C7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0124A6C7 mov eax, dword ptr fs:[00000030h]6_2_0124A6C7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012A892B mov eax, dword ptr fs:[00000030h]6_2_012A892B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0129892A mov eax, dword ptr fs:[00000030h]6_2_0129892A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0128E908 mov eax, dword ptr fs:[00000030h]6_2_0128E908
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0128E908 mov eax, dword ptr fs:[00000030h]6_2_0128E908
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01208918 mov eax, dword ptr fs:[00000030h]6_2_01208918
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01208918 mov eax, dword ptr fs:[00000030h]6_2_01208918
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0129C912 mov eax, dword ptr fs:[00000030h]6_2_0129C912
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01236962 mov eax, dword ptr fs:[00000030h]6_2_01236962
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01236962 mov eax, dword ptr fs:[00000030h]6_2_01236962
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01236962 mov eax, dword ptr fs:[00000030h]6_2_01236962
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0125096E mov eax, dword ptr fs:[00000030h]6_2_0125096E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0125096E mov edx, dword ptr fs:[00000030h]6_2_0125096E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0125096E mov eax, dword ptr fs:[00000030h]6_2_0125096E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012B4978 mov eax, dword ptr fs:[00000030h]6_2_012B4978
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012B4978 mov eax, dword ptr fs:[00000030h]6_2_012B4978
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0129C97C mov eax, dword ptr fs:[00000030h]6_2_0129C97C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012E4940 mov eax, dword ptr fs:[00000030h]6_2_012E4940
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01290946 mov eax, dword ptr fs:[00000030h]6_2_01290946
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012229A0 mov eax, dword ptr fs:[00000030h]6_2_012229A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012229A0 mov eax, dword ptr fs:[00000030h]6_2_012229A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012229A0 mov eax, dword ptr fs:[00000030h]6_2_012229A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012229A0 mov eax, dword ptr fs:[00000030h]6_2_012229A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012229A0 mov eax, dword ptr fs:[00000030h]6_2_012229A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012229A0 mov eax, dword ptr fs:[00000030h]6_2_012229A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012229A0 mov eax, dword ptr fs:[00000030h]6_2_012229A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012229A0 mov eax, dword ptr fs:[00000030h]6_2_012229A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012229A0 mov eax, dword ptr fs:[00000030h]6_2_012229A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012229A0 mov eax, dword ptr fs:[00000030h]6_2_012229A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012229A0 mov eax, dword ptr fs:[00000030h]6_2_012229A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012229A0 mov eax, dword ptr fs:[00000030h]6_2_012229A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012229A0 mov eax, dword ptr fs:[00000030h]6_2_012229A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012109AD mov eax, dword ptr fs:[00000030h]6_2_012109AD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012109AD mov eax, dword ptr fs:[00000030h]6_2_012109AD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012989B3 mov esi, dword ptr fs:[00000030h]6_2_012989B3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012989B3 mov eax, dword ptr fs:[00000030h]6_2_012989B3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012989B3 mov eax, dword ptr fs:[00000030h]6_2_012989B3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0129E9E0 mov eax, dword ptr fs:[00000030h]6_2_0129E9E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012429F9 mov eax, dword ptr fs:[00000030h]6_2_012429F9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012429F9 mov eax, dword ptr fs:[00000030h]6_2_012429F9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012A69C0 mov eax, dword ptr fs:[00000030h]6_2_012A69C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0121A9D0 mov eax, dword ptr fs:[00000030h]6_2_0121A9D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0121A9D0 mov eax, dword ptr fs:[00000030h]6_2_0121A9D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0121A9D0 mov eax, dword ptr fs:[00000030h]6_2_0121A9D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0121A9D0 mov eax, dword ptr fs:[00000030h]6_2_0121A9D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0121A9D0 mov eax, dword ptr fs:[00000030h]6_2_0121A9D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0121A9D0 mov eax, dword ptr fs:[00000030h]6_2_0121A9D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012449D0 mov eax, dword ptr fs:[00000030h]6_2_012449D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012DA9D3 mov eax, dword ptr fs:[00000030h]6_2_012DA9D3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012B483A mov eax, dword ptr fs:[00000030h]6_2_012B483A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012B483A mov eax, dword ptr fs:[00000030h]6_2_012B483A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0124A830 mov eax, dword ptr fs:[00000030h]6_2_0124A830
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01232835 mov eax, dword ptr fs:[00000030h]6_2_01232835
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01232835 mov eax, dword ptr fs:[00000030h]6_2_01232835
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01232835 mov eax, dword ptr fs:[00000030h]6_2_01232835
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01232835 mov ecx, dword ptr fs:[00000030h]6_2_01232835
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01232835 mov eax, dword ptr fs:[00000030h]6_2_01232835
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01232835 mov eax, dword ptr fs:[00000030h]6_2_01232835
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0129C810 mov eax, dword ptr fs:[00000030h]6_2_0129C810
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012A6870 mov eax, dword ptr fs:[00000030h]6_2_012A6870
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012A6870 mov eax, dword ptr fs:[00000030h]6_2_012A6870
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0129E872 mov eax, dword ptr fs:[00000030h]6_2_0129E872
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0129E872 mov eax, dword ptr fs:[00000030h]6_2_0129E872
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01222840 mov ecx, dword ptr fs:[00000030h]6_2_01222840
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01240854 mov eax, dword ptr fs:[00000030h]6_2_01240854
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01214859 mov eax, dword ptr fs:[00000030h]6_2_01214859
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01214859 mov eax, dword ptr fs:[00000030h]6_2_01214859
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01210887 mov eax, dword ptr fs:[00000030h]6_2_01210887
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0129C89D mov eax, dword ptr fs:[00000030h]6_2_0129C89D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012DA8E4 mov eax, dword ptr fs:[00000030h]6_2_012DA8E4
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0124C8F9 mov eax, dword ptr fs:[00000030h]6_2_0124C8F9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0124C8F9 mov eax, dword ptr fs:[00000030h]6_2_0124C8F9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0123E8C0 mov eax, dword ptr fs:[00000030h]6_2_0123E8C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012E08C0 mov eax, dword ptr fs:[00000030h]6_2_012E08C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0123EB20 mov eax, dword ptr fs:[00000030h]6_2_0123EB20
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0123EB20 mov eax, dword ptr fs:[00000030h]6_2_0123EB20
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012D8B28 mov eax, dword ptr fs:[00000030h]6_2_012D8B28
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012D8B28 mov eax, dword ptr fs:[00000030h]6_2_012D8B28
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012E4B00 mov eax, dword ptr fs:[00000030h]6_2_012E4B00
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0128EB1D mov eax, dword ptr fs:[00000030h]6_2_0128EB1D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0128EB1D mov eax, dword ptr fs:[00000030h]6_2_0128EB1D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0128EB1D mov eax, dword ptr fs:[00000030h]6_2_0128EB1D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0128EB1D mov eax, dword ptr fs:[00000030h]6_2_0128EB1D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0128EB1D mov eax, dword ptr fs:[00000030h]6_2_0128EB1D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0128EB1D mov eax, dword ptr fs:[00000030h]6_2_0128EB1D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0128EB1D mov eax, dword ptr fs:[00000030h]6_2_0128EB1D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0128EB1D mov eax, dword ptr fs:[00000030h]6_2_0128EB1D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0128EB1D mov eax, dword ptr fs:[00000030h]6_2_0128EB1D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0120CB7E mov eax, dword ptr fs:[00000030h]6_2_0120CB7E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012C4B4B mov eax, dword ptr fs:[00000030h]6_2_012C4B4B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012C4B4B mov eax, dword ptr fs:[00000030h]6_2_012C4B4B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012B8B42 mov eax, dword ptr fs:[00000030h]6_2_012B8B42
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012A6B40 mov eax, dword ptr fs:[00000030h]6_2_012A6B40
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012A6B40 mov eax, dword ptr fs:[00000030h]6_2_012A6B40
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012DAB40 mov eax, dword ptr fs:[00000030h]6_2_012DAB40
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01208B50 mov eax, dword ptr fs:[00000030h]6_2_01208B50
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012E2B57 mov eax, dword ptr fs:[00000030h]6_2_012E2B57
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012E2B57 mov eax, dword ptr fs:[00000030h]6_2_012E2B57
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012E2B57 mov eax, dword ptr fs:[00000030h]6_2_012E2B57
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012E2B57 mov eax, dword ptr fs:[00000030h]6_2_012E2B57
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012BEB50 mov eax, dword ptr fs:[00000030h]6_2_012BEB50
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01220BBE mov eax, dword ptr fs:[00000030h]6_2_01220BBE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01220BBE mov eax, dword ptr fs:[00000030h]6_2_01220BBE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012C4BB0 mov eax, dword ptr fs:[00000030h]6_2_012C4BB0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012C4BB0 mov eax, dword ptr fs:[00000030h]6_2_012C4BB0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01218BF0 mov eax, dword ptr fs:[00000030h]6_2_01218BF0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01218BF0 mov eax, dword ptr fs:[00000030h]6_2_01218BF0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01218BF0 mov eax, dword ptr fs:[00000030h]6_2_01218BF0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0129CBF0 mov eax, dword ptr fs:[00000030h]6_2_0129CBF0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0123EBFC mov eax, dword ptr fs:[00000030h]6_2_0123EBFC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01230BCB mov eax, dword ptr fs:[00000030h]6_2_01230BCB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01230BCB mov eax, dword ptr fs:[00000030h]6_2_01230BCB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01230BCB mov eax, dword ptr fs:[00000030h]6_2_01230BCB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01210BCD mov eax, dword ptr fs:[00000030h]6_2_01210BCD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01210BCD mov eax, dword ptr fs:[00000030h]6_2_01210BCD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01210BCD mov eax, dword ptr fs:[00000030h]6_2_01210BCD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012BEBD0 mov eax, dword ptr fs:[00000030h]6_2_012BEBD0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0124CA24 mov eax, dword ptr fs:[00000030h]6_2_0124CA24
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0123EA2E mov eax, dword ptr fs:[00000030h]6_2_0123EA2E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01234A35 mov eax, dword ptr fs:[00000030h]6_2_01234A35
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01234A35 mov eax, dword ptr fs:[00000030h]6_2_01234A35
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0124CA38 mov eax, dword ptr fs:[00000030h]6_2_0124CA38
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0129CA11 mov eax, dword ptr fs:[00000030h]6_2_0129CA11
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0124CA6F mov eax, dword ptr fs:[00000030h]6_2_0124CA6F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0124CA6F mov eax, dword ptr fs:[00000030h]6_2_0124CA6F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0124CA6F mov eax, dword ptr fs:[00000030h]6_2_0124CA6F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_012BEA60 mov eax, dword ptr fs:[00000030h]6_2_012BEA60
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0128CA72 mov eax, dword ptr fs:[00000030h]6_2_0128CA72
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0128CA72 mov eax, dword ptr fs:[00000030h]6_2_0128CA72
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01216A50 mov eax, dword ptr fs:[00000030h]6_2_01216A50
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01216A50 mov eax, dword ptr fs:[00000030h]6_2_01216A50
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01216A50 mov eax, dword ptr fs:[00000030h]6_2_01216A50
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01216A50 mov eax, dword ptr fs:[00000030h]6_2_01216A50
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01216A50 mov eax, dword ptr fs:[00000030h]6_2_01216A50
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01216A50 mov eax, dword ptr fs:[00000030h]6_2_01216A50
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01216A50 mov eax, dword ptr fs:[00000030h]6_2_01216A50
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01220A5B mov eax, dword ptr fs:[00000030h]6_2_01220A5B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01220A5B mov eax, dword ptr fs:[00000030h]6_2_01220A5B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01218AA0 mov eax, dword ptr fs:[00000030h]6_2_01218AA0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01218AA0 mov eax, dword ptr fs:[00000030h]6_2_01218AA0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_01266AA4 mov eax, dword ptr fs:[00000030h]6_2_01266AA4
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0121EA80 mov eax, dword ptr fs:[00000030h]6_2_0121EA80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0121EA80 mov eax, dword ptr fs:[00000030h]6_2_0121EA80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0121EA80 mov eax, dword ptr fs:[00000030h]6_2_0121EA80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0121EA80 mov eax, dword ptr fs:[00000030h]6_2_0121EA80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0121EA80 mov eax, dword ptr fs:[00000030h]6_2_0121EA80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0121EA80 mov eax, dword ptr fs:[00000030h]6_2_0121EA80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0121EA80 mov eax, dword ptr fs:[00000030h]6_2_0121EA80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeCode function: 6_2_0121EA80 mov eax, dword ptr fs:[00000030h]6_2_0121EA80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeMemory allocated: page read and write | page guardJump to behavior

          HIPS / PFW / Operating System Protection Evasion

          barindex
          Adds a directory exclusion to Windows Defender
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe"
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe"Jump to behavior
          Injects a PE file into a foreign processes
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeMemory written: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe base: 400000 value starts with: 4D5AJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe"Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe"Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe"Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe"Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\OFFSYM.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
          Source: Amcache.hve.13.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
          Source: Amcache.hve.13.drBinary or memory string: msmpeng.exe
          Source: Amcache.hve.13.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
          Source: Amcache.hve.13.drBinary or memory string: MsMpEng.exe

          Stealing of Sensitive Information

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 6.2.SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 6.2.SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000006.00000002.2042434401.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY

          Remote Access Functionality

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 6.2.SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 6.2.SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000006.00000002.2042434401.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY

          Mitre Att&ck Matrix

          ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
          Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
          DLL Side-Loading          		111
          Process Injection          		1
          Masquerading          		OS Credential Dumping31
          Security Software Discovery          		Remote Services1
          Archive Collected Data          		1
          Encrypted Channel          		Exfiltration Over Other Network MediumAbuse Accessibility Features
          CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
          DLL Side-Loading          		11
          Disable or Modify Tools          		LSASS Memory1
          Process Discovery          		Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
          Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)41
          Virtualization/Sandbox Evasion          		Security Account Manager41
          Virtualization/Sandbox Evasion          		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
          Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook111
          Process Injection          		NTDS1
          Application Window Discovery          		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
          Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
          Deobfuscate/Decode Files or Information          		LSA Secrets1
          File and Directory Discovery          		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
          Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts3
          Obfuscated Files or Information          		Cached Domain Credentials12
          System Information Discovery          		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
          DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items12
          Software Packing          		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
          Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
          DLL Side-Loading          		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 signatures2 2 Behavior Graph ID: 1466065 Sample: SecuriteInfo.com.Win32.PWSX... Startdate: 02/07/2024 Architecture: WINDOWS Score: 100 28 Malicious sample detected (through community Yara rule) 2->28 30 Multi AV Scanner detection for submitted file 2->30 32 Yara detected FormBook 2->32 34 6 other signatures 2->34 7 SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe 4 2->7         started        process3 file4 26 SecuriteInfo.com.W...20996.20747.exe.log, ASCII 7->26 dropped 36 Adds a directory exclusion to Windows Defender 7->36 38 Injects a PE file into a foreign processes 7->38 11 powershell.exe 23 7->11         started        14 SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe 7->14         started        16 SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe 7->16         started        18 SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe 7->18         started        signatures5 process6 signatures7 40 Loading BitLocker PowerShell Module 11->40 20 WmiPrvSE.exe 11->20         started        22 conhost.exe 11->22         started        24 WerFault.exe 21 16 14->24         started        process8

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe45%ReversingLabsWin32.Trojan.Generic
          SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe100%Joe Sandbox ML

          Dropped Files

          No Antivirus matches

          Unpacked PE Files

          No Antivirus matches

          Domains

          No Antivirus matches

          URLs

          SourceDetectionScannerLabelLink
          http://www.apache.org/licenses/LICENSE-2.00%URL Reputationsafe
          http://www.fontbureau.com0%URL Reputationsafe
          http://www.fontbureau.com/designersG0%URL Reputationsafe
          http://www.fontbureau.com/designers/?0%URL Reputationsafe
          http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
          http://www.fontbureau.com/designers?0%URL Reputationsafe
          http://www.tiro.com0%URL Reputationsafe
          http://upx.sf.net0%URL Reputationsafe
          http://www.fontbureau.com/designers0%URL Reputationsafe
          http://www.goodfont.co.kr0%URL Reputationsafe
          http://www.carterandcone.coml0%URL Reputationsafe
          http://www.sajatypeworks.com0%URL Reputationsafe
          http://www.typography.netD0%URL Reputationsafe
          http://www.fontbureau.com/designers/cabarga.htmlN0%URL Reputationsafe
          http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
          http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
          http://www.founder.com.cn/cn0%URL Reputationsafe
          http://www.fontbureau.com/designers/frere-user.html0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
          http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
          http://www.fontbureau.com/designers80%URL Reputationsafe
          http://www.fonts.com0%URL Reputationsafe
          http://www.sandoll.co.kr0%URL Reputationsafe
          http://www.urwpp.deDPlease0%URL Reputationsafe
          http://www.zhongyicts.com.cn0%URL Reputationsafe
          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
          http://www.sakkal.com0%URL Reputationsafe

          Domains and IPs

          Contacted Domains

          No contacted domains info

          URLs from Memory and Binaries

          NameSourceMaliciousAntivirus DetectionReputation
          http://www.apache.org/licenses/LICENSE-2.0SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe, 00000000.00000002.1727764167.0000000006EB2000.00000004.00000800.00020000.00000000.sdmpfalse
          • URL Reputation: safe
          		unknown
          http://www.fontbureau.comSecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe, 00000000.00000002.1727764167.0000000006EB2000.00000004.00000800.00020000.00000000.sdmpfalse
          • URL Reputation: safe
          		unknown
          http://www.fontbureau.com/designersGSecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe, 00000000.00000002.1727764167.0000000006EB2000.00000004.00000800.00020000.00000000.sdmpfalse
          • URL Reputation: safe
          		unknown
          http://www.fontbureau.com/designers/?SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe, 00000000.00000002.1727764167.0000000006EB2000.00000004.00000800.00020000.00000000.sdmpfalse
          • URL Reputation: safe
          		unknown
          http://www.founder.com.cn/cn/bTheSecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe, 00000000.00000002.1727764167.0000000006EB2000.00000004.00000800.00020000.00000000.sdmpfalse
          • URL Reputation: safe
          		unknown
          http://www.fontbureau.com/designers?SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe, 00000000.00000002.1727764167.0000000006EB2000.00000004.00000800.00020000.00000000.sdmpfalse
          • URL Reputation: safe
          		unknown
          http://www.tiro.comSecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe, 00000000.00000002.1727764167.0000000006EB2000.00000004.00000800.00020000.00000000.sdmpfalse
          • URL Reputation: safe
          		unknown
          http://upx.sf.netAmcache.hve.13.drfalse
          • URL Reputation: safe
          		unknown
          http://www.fontbureau.com/designersSecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe, 00000000.00000002.1727764167.0000000006EB2000.00000004.00000800.00020000.00000000.sdmpfalse
          • URL Reputation: safe
          		unknown
          http://www.goodfont.co.krSecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe, 00000000.00000002.1727764167.0000000006EB2000.00000004.00000800.00020000.00000000.sdmpfalse
          • URL Reputation: safe
          		unknown
          http://www.carterandcone.comlSecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe, 00000000.00000002.1727764167.0000000006EB2000.00000004.00000800.00020000.00000000.sdmpfalse
          • URL Reputation: safe
          		unknown
          http://www.sajatypeworks.comSecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe, 00000000.00000002.1727764167.0000000006EB2000.00000004.00000800.00020000.00000000.sdmpfalse
          • URL Reputation: safe
          		unknown
          http://www.typography.netDSecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe, 00000000.00000002.1727764167.0000000006EB2000.00000004.00000800.00020000.00000000.sdmpfalse
          • URL Reputation: safe
          		unknown
          http://www.fontbureau.com/designers/cabarga.htmlNSecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe, 00000000.00000002.1727764167.0000000006EB2000.00000004.00000800.00020000.00000000.sdmpfalse
          • URL Reputation: safe
          		unknown
          http://www.founder.com.cn/cn/cTheSecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe, 00000000.00000002.1727764167.0000000006EB2000.00000004.00000800.00020000.00000000.sdmpfalse
          • URL Reputation: safe
          		unknown
          http://www.galapagosdesign.com/staff/dennis.htmSecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe, 00000000.00000002.1727764167.0000000006EB2000.00000004.00000800.00020000.00000000.sdmpfalse
          • URL Reputation: safe
          		unknown
          http://www.founder.com.cn/cnSecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe, 00000000.00000002.1727764167.0000000006EB2000.00000004.00000800.00020000.00000000.sdmpfalse
          • URL Reputation: safe
          		unknown
          http://www.fontbureau.com/designers/frere-user.htmlSecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe, 00000000.00000002.1727764167.0000000006EB2000.00000004.00000800.00020000.00000000.sdmpfalse
          • URL Reputation: safe
          		unknown
          http://www.jiyu-kobo.co.jp/SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe, 00000000.00000002.1727764167.0000000006EB2000.00000004.00000800.00020000.00000000.sdmpfalse
          • URL Reputation: safe
          		unknown
          http://www.galapagosdesign.com/DPleaseSecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe, 00000000.00000002.1727764167.0000000006EB2000.00000004.00000800.00020000.00000000.sdmpfalse
          • URL Reputation: safe
          		unknown
          http://www.fontbureau.com/designers8SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe, 00000000.00000002.1727764167.0000000006EB2000.00000004.00000800.00020000.00000000.sdmpfalse
          • URL Reputation: safe
          		unknown
          http://www.fonts.comSecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe, 00000000.00000002.1727764167.0000000006EB2000.00000004.00000800.00020000.00000000.sdmpfalse
          • URL Reputation: safe
          		unknown
          http://www.sandoll.co.krSecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe, 00000000.00000002.1727764167.0000000006EB2000.00000004.00000800.00020000.00000000.sdmpfalse
          • URL Reputation: safe
          		unknown
          http://www.urwpp.deDPleaseSecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe, 00000000.00000002.1727764167.0000000006EB2000.00000004.00000800.00020000.00000000.sdmpfalse
          • URL Reputation: safe
          		unknown
          http://www.zhongyicts.com.cnSecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe, 00000000.00000002.1727764167.0000000006EB2000.00000004.00000800.00020000.00000000.sdmpfalse
          • URL Reputation: safe
          		unknown
          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameSecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe, 00000000.00000002.1717249092.0000000002C45000.00000004.00000800.00020000.00000000.sdmpfalse
          • URL Reputation: safe
          		unknown
          http://www.sakkal.comSecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe, 00000000.00000002.1727764167.0000000006EB2000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe, 00000000.00000002.1727492324.0000000005DE0000.00000004.00000020.00020000.00000000.sdmpfalse
          • URL Reputation: safe
          		unknown

          World Map of Contacted IPs

          No contacted IP infos

          General Information

          Joe Sandbox version:40.0.0 Tourmaline
          Analysis ID:1466065
          Start date and time:2024-07-02 13:51:05 +02:00
          Joe Sandbox product:CloudBasic
          Overall analysis duration:0h 6m 47s
          Hypervisor based Inspection enabled:false
          Report type:full
          Cookbook file name:default.jbs
          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
          Number of analysed new started processes analysed:16
          Number of new started drivers analysed:0
          Number of existing processes analysed:0
          Number of existing drivers analysed:0
          Number of injected processes analysed:0
          Technologies:
          • HCA enabled
          • EGA enabled
          • AMSI enabled
          Analysis Mode:default
          Analysis stop reason:Timeout
          Sample name:SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe
          Detection:MAL
          Classification:mal100.troj.evad.winEXE@12/11@0/0
          EGA Information:
          • Successful, ratio: 100%
          HCA Information:
          • Successful, ratio: 97%
          • Number of executed functions: 44
          • Number of non-executed functions: 275
          Cookbook Comments:
          • Found application associated with file extension: .exe

          Warnings

          • Exclude process from analysis (whitelisted): MpCmdRun.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
          • Excluded IPs from analysis (whitelisted): 52.168.117.173
          • Excluded domains from analysis (whitelisted): onedsblobprdeus16.eastus.cloudapp.azure.com, fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, login.live.com, blobcollector.events.data.trafficmanager.net, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
          • Not all processes where analyzed, report is missing behavior information
          • Report size getting too big, too many NtCreateKey calls found.
          • Report size getting too big, too many NtOpenKeyEx calls found.
          • Report size getting too big, too many NtProtectVirtualMemory calls found.
          • Report size getting too big, too many NtQueryValueKey calls found.
          • VT rate limit hit for: SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe

          Simulations

          Behavior and APIs

          TimeTypeDescription
          07:51:59API Interceptor1x Sleep call for process: SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe modified
          07:52:00API Interceptor16x Sleep call for process: powershell.exe modified
          07:52:32API Interceptor1x Sleep call for process: WerFault.exe modified

          Joe Sandbox View / Context

          IPs

          No context

          Domains

          No context

          ASNs

          No context

          JA3 Fingerprints

          No context

          Dropped Files

          No context

          Created / dropped Files

          C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_SecuriteInfo.com_49131c5553ab0985a4fdbfde0de9912e33d9061_59192300_01590fdd-3a8c-471d-9264-b257603d8dd9\Report.wer

          Download File
          Process:C:\Windows\SysWOW64\WerFault.exe
          File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
          Category:dropped
          Size (bytes):65536
          Entropy (8bit):0.665362558987793
          Encrypted:false
          SSDEEP:96:L3NFfWdj2ano1Is9KFyn9Q/yafQQXIDcQvc6QcEVcw3cE/CJM+HbHsZAX/d5FMTB:BydiIh0BU/QjlzuiFZZ24IO8x
          MD5:D198619A2B541934FE9F6C73031AD9A0
          SHA1:8039D1BFBF6794B5B4FF54DE00DB4CADB59FA588
          SHA-256:D67CCBA33EBD99E1E1BF4C3DA8DD7591E53F0FE31CDBC8FB88AD2E01E6B2E5DF
          SHA-512:F78D51D1F975DD5E2DCD04562E9342665F009AD1AB4606DD10B94BE75C76BCC6EFC1987047825404B66397FE13345365FE1553FE61D72D3644C3765333775A36
          Malicious:false
          Reputation:low
          Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.6.4.3.9.4.7.4.1.6.1.9.9.6.9.7.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.6.4.3.9.4.7.4.2.0.5.7.4.6.3.8.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.0.1.5.9.0.f.d.d.-.3.a.8.c.-.4.7.1.d.-.9.2.6.4.-.b.2.5.7.6.0.3.d.8.d.d.9.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.9.5.0.8.a.f.8.7.-.4.e.e.a.-.4.3.8.9.-.8.1.3.9.-.9.9.0.c.9.6.0.f.e.f.9.d.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.S.e.c.u.r.i.t.e.I.n.f.o...c.o.m...W.i.n.3.2...P.W.S.X.-.g.e.n...2.0.9.9.6...2.0.7.4.7...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.L.k.v.r...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.c.5.8.-.0.0.0.1.-.0.0.1.4.-.2.8.b.0.-.6.c.3.f.7.6.c.c.d.a.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.8.6.d.4.4.0.1.6.c.d.3.5.3.e.9.0.7.3.b.3.e.1.0.1.1.e.f.6.8.a.c.6.0.0.0.0.0.0.0.0.!.0.0.0.0.c.7.c.2.5.b.

          C:\ProgramData\Microsoft\Windows\WER\Temp\WER30C.tmp.dmp

          Download File
          Process:C:\Windows\SysWOW64\WerFault.exe
          File Type:Mini DuMP crash report, 14 streams, Tue Jul 2 11:52:21 2024, 0x1205a4 type
          Category:dropped
          Size (bytes):24238
          Entropy (8bit):1.7840155123173165
          Encrypted:false
          SSDEEP:96:5On8s7flXDUL6Y7i8DWeAlYjdHi75dYgal4dpcTXl/CpuAsP2vStyESBWIkWI8Tn:JUlgmypCytO5Al4dpcTXl/nA9dE/QsO
          MD5:7A7D24842DB55EA4CB1FEA9DFCEB298C
          SHA1:FD8F712E75BF94468EF67CBE609DF7C97549F342
          SHA-256:B2BD34F7B37F461C84207FC717F96D7309F2BF4AE1C68E5BE27930A91021AEF9
          SHA-512:D187088981F7592A5AA817D22065AD2E05464E80D24F07E9AA6A1BEF99C3FFCE0ECBDC4FFADD979EA0081DB2E1D1286583183D4BDE199A83B2778BB6C6F0706C
          Malicious:false
          Reputation:low
          Preview:MDMP..a..... .........f............4...............<.......t...(...........T.......8...........T...........0...~V......................................................................................................eJ......L.......GenuineIntel............T.......X.....f.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\ProgramData\Microsoft\Windows\WER\Temp\WER34B.tmp.WERInternalMetadata.xml

          Download File
          Process:C:\Windows\SysWOW64\WerFault.exe
          File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
          Category:dropped
          Size (bytes):6486
          Entropy (8bit):3.726639904166397
          Encrypted:false
          SSDEEP:96:RSIU6o7wVetblIs6Y7SwYoL3PuQE/b7o5aM4Ur89bHCsfUWGNm:R6l7wVeJ6s6YHYbIprr89bHCsfCNm
          MD5:2CABB34B19F15EC58BA6FFC57490324A
          SHA1:487999B56727FF4A136056F2F2EFFB8024A117A3
          SHA-256:AFC1528EA31F1677B3C4C4C3C598CDC74EA9930377D5C8E3AEFAC9407A52F02F
          SHA-512:8D99B81395EFF19D639D2A55F8705627B25093ECDA608791FD6F7C7251907A06C49D229D7373D662A7E11A685A663986D033CCE2E615970F08586BF4B3614208
          Malicious:false
          Reputation:low
          Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.7.2.5.6.<./.P.i.

          C:\ProgramData\Microsoft\Windows\WER\Temp\WER39B.tmp.xml

          Download File
          Process:C:\Windows\SysWOW64\WerFault.exe
          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
          Category:dropped
          Size (bytes):4869
          Entropy (8bit):4.570497837824478
          Encrypted:false
          SSDEEP:48:cvIwWl8zsBJg77aI9ZmWpW8VYzYm8M4JEAVjZtiF1+q81RPfcHfn3ID8VDKd:uIjfTI73n7V3JHrmI3KP80Kd
          MD5:BAA072A7DF4BD3E23D2E50B3DD8BCE84
          SHA1:12F4600BFBE7276624157B5849DB930E955BDF72
          SHA-256:2BBD767D1F3E397EA19BC34D8C05222BAF26A0B5E8C9783D7A8B745C33F0CD46
          SHA-512:C509CB01ECC3A82E2130CC03FF3C6DDB0D295659B94B36D034E0258740134A53273F9194895D2F1D1EC9A81355A76E58F4B9E1385A2622AA526822BDAA24C484
          Malicious:false
          Reputation:low
          Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="393295" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

          C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe.log

          Download File
          Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe
          File Type:ASCII text, with CRLF line terminators
          Category:dropped
          Size (bytes):1216
          Entropy (8bit):5.34331486778365
          Encrypted:false
          SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
          MD5:1330C80CAAC9A0FB172F202485E9B1E8
          SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
          SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
          SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
          Malicious:true
          Reputation:high, very likely benign file
          Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

          C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

          Download File
          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
          File Type:data
          Category:dropped
          Size (bytes):2232
          Entropy (8bit):5.379736180876081
          Encrypted:false
          SSDEEP:48:tWSU4y4RQmFoUeWmfgZ9tK8NPZHUm7u1iMuge//ZmUyus:tLHyIFKL3IZ2KRH9Ouggs
          MD5:E4532FAC52FB479867BAF60958F8E50C
          SHA1:6736C4FA0AFCE32F8E206C7F414A902A96A45E5B
          SHA-256:E1475E82065BB6BAD4E6C71F033E48B8DEEB85FACB251FC1D098E4D22AB6F7FB
          SHA-512:506DC2488F6E6824D763CE955B276705DC4BD0218024A6C03FF369B1221484F4E0CA09062432D1C0017704F2EC5276AEFD0DFB4F8D3AFDE6750BBBEED4B4B48A
          Malicious:false
          Reputation:low
          Preview:@...e.................................,..............@..........P................1]...E.....j.....(.Microsoft.PowerShell.Commands.ManagementH...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..|f........System.Core.D...............4..7..D.#V.............System.Management.AutomationL.................*gQ?O.....x5.......#.Microsoft.Management.Infrastructure.<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServices4.................%...K... ...........System.Xml..8..................1...L..U;V.<}........System.Numerics.4.....................@.[8]'.\........System.Data.<...............i..VdqF...|...........System.ConfigurationH................WY..2.M.&..g*(g........Microsoft.PowerShell.Security...<...............V.}...@...i...........System.Transactions.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Com

          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1co14lln.gjl.ps1

          Download File
          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
          File Type:ASCII text, with no line terminators
          Category:dropped
          Size (bytes):60
          Entropy (8bit):4.038920595031593
          Encrypted:false
          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
          MD5:D17FE0A3F47BE24A6453E9EF58C94641
          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
          Malicious:false
          Reputation:high, very likely benign file
          Preview:# PowerShell test file to determine AppLocker lockdown mode

          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_jm2ympui.smm.psm1

          Download File
          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
          File Type:ASCII text, with no line terminators
          Category:dropped
          Size (bytes):60
          Entropy (8bit):4.038920595031593
          Encrypted:false
          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
          MD5:D17FE0A3F47BE24A6453E9EF58C94641
          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
          Malicious:false
          Preview:# PowerShell test file to determine AppLocker lockdown mode

          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_kwsfdi3j.jtu.ps1

          Download File
          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
          File Type:ASCII text, with no line terminators
          Category:dropped
          Size (bytes):60
          Entropy (8bit):4.038920595031593
          Encrypted:false
          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
          MD5:D17FE0A3F47BE24A6453E9EF58C94641
          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
          Malicious:false
          Preview:# PowerShell test file to determine AppLocker lockdown mode

          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wn1awjoj.mgy.psm1

          Download File
          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
          File Type:ASCII text, with no line terminators
          Category:dropped
          Size (bytes):60
          Entropy (8bit):4.038920595031593
          Encrypted:false
          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
          MD5:D17FE0A3F47BE24A6453E9EF58C94641
          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
          Malicious:false
          Preview:# PowerShell test file to determine AppLocker lockdown mode

          C:\Windows\appcompat\Programs\Amcache.hve

          Download File
          Process:C:\Windows\SysWOW64\WerFault.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):1835008
          Entropy (8bit):4.4658266633857755
          Encrypted:false
          SSDEEP:6144:DIXfpi67eLPU9skLmb0b4OWSPKaJG8nAgejZMMhA2gX4WABl0uN2dwBCswSb0:UXD94OWlLZMM6YFHE+0
          MD5:5F2D753BC7129F33BC387433DDCD2DE7
          SHA1:A96CDC446C45220223953148F345CC8F4CE56950
          SHA-256:86EA5C7E3AAB6BA77A32C50CBA36392F935DDC90C0455BD53B91F69DD917C5EF
          SHA-512:7213562E2F820259F28EC3EE719318E7D07A9AF6995F70A6F3B63750DCF59D6346EE594603F44FC30C03E3006810F712385BE4587628EA739DC5269EC35A7C71
          Malicious:false
          Preview:regf6...6....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm.V.Lv...............................................................................................................................................................................................................................................................................................................................................6..x........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          Static File Info

          General

          File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
          Entropy (8bit):7.97418072893224
          TrID:
          • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
          • Win32 Executable (generic) a (10002005/4) 49.78%
          • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
          • Win16/32 Executable Delphi generic (2074/23) 0.01%
          • Generic Win/DOS Executable (2004/3) 0.01%
          File name:SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe
          File size:721'920 bytes
          MD5:176e08f8643cf5353e64a695d9a905a4
          SHA1:c7c25b4700237c03f1d35ee203309c126654da59
          SHA256:d19b5a1575fa5271b9888b4cfeaefa97501a6937a9a97bef8adeaf85a619ed6e
          SHA512:d34a99319fadec9926fc9d1fb0c7552ddd0aecc17818f473b68745d018e0d8648820c8a1c692f6f7a62a7ef655dbeb3715a1578b0cdaffa94436a1c4fadef1f4
          SSDEEP:12288:J6ctjSANT3ukf7HnqOQnPgxYqfIMpU4RlgyQQgdOs5yvDKMDJCKPhYZZhK4BNVtG:J6YjFT3uk2IxY8TS4RacDKoZ4KeLt4lJ
          TLSH:2FE42348A72056B7EB2E0B3F35AA1215F373866B3A5FDFA19DCC2459179F340A5203D2
          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....R.f..............0.................. ... ....@.. .......................`............@................................

          File Icon

          Icon Hash:90cececece8e8eb0

          Static PE Info

          General

          Entrypoint:0x4b10ea
          Entrypoint Section:.text
          Digitally signed:false
          Imagebase:0x400000
          Subsystem:windows gui
          Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
          DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
          Time Stamp:0x6683528D [Tue Jul 2 01:06:21 2024 UTC]
          TLS Callbacks:
          CLR (.Net) Version:
          OS Version Major:4
          OS Version Minor:0
          File Version Major:4
          File Version Minor:0
          Subsystem Version Major:4
          Subsystem Version Minor:0
          Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

          Entrypoint Preview

          Instruction
          jmp dword ptr [00402000h]
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al

          Data Directories

          NameVirtual AddressVirtual Size Is in Section
          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
          IMAGE_DIRECTORY_ENTRY_IMPORT0xb10980x4f.text
          IMAGE_DIRECTORY_ENTRY_RESOURCE0xb20000x5b8.rsrc
          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
          IMAGE_DIRECTORY_ENTRY_BASERELOC0xb40000xc.reloc
          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
          IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

          Sections

          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
          .text0x20000xaf0f00xaf4000545e01e3c70eba3ce1b7b65c50e6a78False0.9773496010164051data7.9832260426734205IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          .rsrc0xb20000x5b80x800c68b8d24f4cf80603646a380017f2acbFalse0.3154296875data3.3285781404149573IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
          .reloc0xb40000xc0x4002b606f6e5e33f47a3f2fc774ed475a51False0.025390625data0.05585530805374581IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

          Resources

          NameRVASizeTypeLanguageCountryZLIB Complexity
          RT_VERSION0xb20900x328data0.4183168316831683
          RT_MANIFEST0xb23c80x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

          Imports

          DLLImport
          mscoree.dll_CorExeMain

          Network Behavior

          No network behavior found

          Statistics

          CPU Usage

          Click to jump to process

          Memory Usage

          Click to jump to process

          High Level Behavior Distribution

          Click to dive into process behavior distribution

          Behavior

          Click to jump to process

          System Behavior

          General

          Target ID:0
          Start time:07:51:58
          Start date:02/07/2024
          Path:C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe
          Wow64 process (32bit):true
          Commandline:"C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe"
          Imagebase:0x830000
          File size:721'920 bytes
          MD5 hash:176E08F8643CF5353E64A695D9A905A4
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Reputation:low
          Has exited:true

          General

          Target ID:2
          Start time:07:52:00
          Start date:02/07/2024
          Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
          Wow64 process (32bit):true
          Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe"
          Imagebase:0xfd0000
          File size:433'152 bytes
          MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Reputation:high
          Has exited:true

          General

          Target ID:3
          Start time:07:52:00
          Start date:02/07/2024
          Path:C:\Windows\System32\conhost.exe
          Wow64 process (32bit):false
          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Imagebase:0x7ff7699e0000
          File size:862'208 bytes
          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Reputation:high
          Has exited:true

          General

          Target ID:4
          Start time:07:52:00
          Start date:02/07/2024
          Path:C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe
          Wow64 process (32bit):false
          Commandline:"C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe"
          Imagebase:0x10000
          File size:721'920 bytes
          MD5 hash:176E08F8643CF5353E64A695D9A905A4
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Reputation:low
          Has exited:true

          General

          Target ID:5
          Start time:07:52:00
          Start date:02/07/2024
          Path:C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe
          Wow64 process (32bit):false
          Commandline:"C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe"
          Imagebase:0xf0000
          File size:721'920 bytes
          MD5 hash:176E08F8643CF5353E64A695D9A905A4
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Reputation:low
          Has exited:true

          General

          Target ID:6
          Start time:07:52:00
          Start date:02/07/2024
          Path:C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe
          Wow64 process (32bit):true
          Commandline:"C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe"
          Imagebase:0x660000
          File size:721'920 bytes
          MD5 hash:176E08F8643CF5353E64A695D9A905A4
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Yara matches:
          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.2042434401.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
          • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000006.00000002.2042434401.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
          Reputation:low
          Has exited:true

          General

          Target ID:7
          Start time:07:52:02
          Start date:02/07/2024
          Path:C:\Windows\System32\wbem\WmiPrvSE.exe
          Wow64 process (32bit):false
          Commandline:C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
          Imagebase:0x7ff693ab0000
          File size:496'640 bytes
          MD5 hash:60FF40CFD7FB8FE41EE4FE9AE5FE1C51
          Has elevated privileges:true
          Has administrator privileges:false
          Programmed in:C, C++ or other language
          Reputation:high
          Has exited:true

          General

          Target ID:13
          Start time:07:52:21
          Start date:02/07/2024
          Path:C:\Windows\SysWOW64\WerFault.exe
          Wow64 process (32bit):true
          Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 7256 -s 200
          Imagebase:0xf50000
          File size:483'680 bytes
          MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Reputation:high
          Has exited:true

          Disassembly

          Reset < >

            Execution Graph

            Execution Coverage:10.7%
            Dynamic/Decrypted Code Coverage:100%
            Signature Coverage:0%
            Total number of Nodes:187
            Total number of Limit Nodes:11
            execution_graph 34340 5154040 34341 515405e 34340->34341 34342 5154089 34341->34342 34343 51540da CallWindowProcW 34341->34343 34343->34342 34344 2a5abf0 34345 2a5abff 34344->34345 34348 2a5ace8 34344->34348 34356 2a5acd8 34344->34356 34349 2a5acf9 34348->34349 34350 2a5ad1c 34348->34350 34349->34350 34364 2a5af80 34349->34364 34368 2a5af70 34349->34368 34350->34345 34351 2a5ad14 34351->34350 34352 2a5af20 GetModuleHandleW 34351->34352 34353 2a5af4d 34352->34353 34353->34345 34357 2a5acf9 34356->34357 34358 2a5ad1c 34356->34358 34357->34358 34362 2a5af80 LoadLibraryExW 34357->34362 34363 2a5af70 LoadLibraryExW 34357->34363 34358->34345 34359 2a5ad14 34359->34358 34360 2a5af20 GetModuleHandleW 34359->34360 34361 2a5af4d 34360->34361 34361->34345 34362->34359 34363->34359 34365 2a5af94 34364->34365 34367 2a5afb9 34365->34367 34372 2a5a070 34365->34372 34367->34351 34369 2a5af94 34368->34369 34370 2a5afb9 34369->34370 34371 2a5a070 LoadLibraryExW 34369->34371 34370->34351 34371->34370 34373 2a5b160 LoadLibraryExW 34372->34373 34375 2a5b1d9 34373->34375 34375->34367 34383 2a5cf80 34384 2a5cfc6 34383->34384 34388 2a5d568 34384->34388 34391 2a5d558 34384->34391 34385 2a5d0b3 34394 2a5d1bc 34388->34394 34392 2a5d596 34391->34392 34393 2a5d1bc DuplicateHandle 34391->34393 34392->34385 34393->34392 34395 2a5d5d0 DuplicateHandle 34394->34395 34396 2a5d596 34395->34396 34396->34385 34151 75677d0 34152 75677d6 34151->34152 34157 7568390 34152->34157 34172 75683ee 34152->34172 34188 7568381 34152->34188 34153 75677e1 34158 75683aa 34157->34158 34164 75683ce 34158->34164 34204 7568912 34158->34204 34209 7568f12 34158->34209 34213 75688c8 34158->34213 34220 756888b 34158->34220 34225 756892a 34158->34225 34230 756894c 34158->34230 34235 7568900 34158->34235 34240 7569040 34158->34240 34244 7568c23 34158->34244 34249 7568cd9 34158->34249 34253 75687f9 34158->34253 34257 75689dc 34158->34257 34164->34153 34173 756837c 34172->34173 34175 75683f1 34172->34175 34174 7568319 34173->34174 34176 7568f12 2 API calls 34173->34176 34177 7568912 2 API calls 34173->34177 34178 75689dc 2 API calls 34173->34178 34179 75687f9 2 API calls 34173->34179 34180 7568cd9 2 API calls 34173->34180 34181 7568c23 2 API calls 34173->34181 34182 7569040 2 API calls 34173->34182 34183 7568900 2 API calls 34173->34183 34184 756894c 2 API calls 34173->34184 34185 756892a 2 API calls 34173->34185 34186 756888b 2 API calls 34173->34186 34187 75688c8 4 API calls 34173->34187 34174->34153 34175->34153 34176->34174 34177->34174 34178->34174 34179->34174 34180->34174 34181->34174 34182->34174 34183->34174 34184->34174 34185->34174 34186->34174 34187->34174 34189 756838f 34188->34189 34190 7568319 34188->34190 34191 75683ce 34189->34191 34192 7568f12 2 API calls 34189->34192 34193 7568912 2 API calls 34189->34193 34194 75689dc 2 API calls 34189->34194 34195 75687f9 2 API calls 34189->34195 34196 7568cd9 2 API calls 34189->34196 34197 7568c23 2 API calls 34189->34197 34198 7569040 2 API calls 34189->34198 34199 7568900 2 API calls 34189->34199 34200 756894c 2 API calls 34189->34200 34201 756892a 2 API calls 34189->34201 34202 756888b 2 API calls 34189->34202 34203 75688c8 4 API calls 34189->34203 34190->34153 34191->34153 34192->34191 34193->34191 34194->34191 34195->34191 34196->34191 34197->34191 34198->34191 34199->34191 34200->34191 34201->34191 34202->34191 34203->34191 34205 7568d2a 34204->34205 34262 7566d68 34205->34262 34266 7566d60 34205->34266 34206 7568a16 34206->34164 34211 7566d60 WriteProcessMemory 34209->34211 34212 7566d68 WriteProcessMemory 34209->34212 34210 7568f36 34210->34164 34211->34210 34212->34210 34270 7569a31 34213->34270 34275 7569a38 34213->34275 34214 75688e0 34215 756888e 34214->34215 34280 75666e0 34214->34280 34284 75666e8 34214->34284 34215->34164 34221 75688f9 34220->34221 34222 756888e 34220->34222 34221->34222 34223 75666e0 ResumeThread 34221->34223 34224 75666e8 ResumeThread 34221->34224 34222->34164 34223->34221 34224->34221 34226 7568945 34225->34226 34227 75691d7 34226->34227 34228 75666e0 ResumeThread 34226->34228 34229 75666e8 ResumeThread 34226->34229 34227->34164 34228->34226 34229->34226 34231 756896f 34230->34231 34233 7566d60 WriteProcessMemory 34231->34233 34234 7566d68 WriteProcessMemory 34231->34234 34232 7568ecc 34233->34232 34234->34232 34236 7568c9f 34235->34236 34238 7566791 Wow64SetThreadContext 34236->34238 34239 7566798 Wow64SetThreadContext 34236->34239 34237 7568cba 34237->34164 34238->34237 34239->34237 34296 7566ca1 34240->34296 34300 7566ca8 34240->34300 34241 756905e 34245 7568bea 34244->34245 34246 75691d7 34245->34246 34247 75666e0 ResumeThread 34245->34247 34248 75666e8 ResumeThread 34245->34248 34246->34164 34247->34245 34248->34245 34304 7566e50 34249->34304 34308 7566e58 34249->34308 34250 7568cfb 34250->34164 34312 7566ff0 34253->34312 34316 7566fe4 34253->34316 34258 75689f1 34257->34258 34258->34164 34259 75691d7 34258->34259 34260 75666e0 ResumeThread 34258->34260 34261 75666e8 ResumeThread 34258->34261 34259->34164 34260->34258 34261->34258 34263 7566db0 WriteProcessMemory 34262->34263 34265 7566e07 34263->34265 34265->34206 34267 7566db0 WriteProcessMemory 34266->34267 34269 7566e07 34267->34269 34269->34206 34271 7569a4d 34270->34271 34288 7566791 34271->34288 34292 7566798 34271->34292 34272 7569a63 34272->34214 34276 7569a4d 34275->34276 34278 7566791 Wow64SetThreadContext 34276->34278 34279 7566798 Wow64SetThreadContext 34276->34279 34277 7569a63 34277->34214 34278->34277 34279->34277 34281 75666e8 ResumeThread 34280->34281 34283 7566759 34281->34283 34283->34214 34285 7566728 ResumeThread 34284->34285 34287 7566759 34285->34287 34287->34214 34289 7566798 Wow64SetThreadContext 34288->34289 34291 7566825 34289->34291 34291->34272 34293 75667dd Wow64SetThreadContext 34292->34293 34295 7566825 34293->34295 34295->34272 34297 7566ca8 VirtualAllocEx 34296->34297 34299 7566d25 34297->34299 34299->34241 34301 7566ce8 VirtualAllocEx 34300->34301 34303 7566d25 34301->34303 34303->34241 34305 7566e58 ReadProcessMemory 34304->34305 34307 7566ee7 34305->34307 34307->34250 34309 7566ea3 ReadProcessMemory 34308->34309 34311 7566ee7 34309->34311 34311->34250 34313 7567079 CreateProcessA 34312->34313 34315 756723b 34313->34315 34317 7566fe9 CreateProcessA 34316->34317 34319 756723b 34317->34319 34376 7569a80 34377 7569c0b 34376->34377 34379 7569aa6 34376->34379 34379->34377 34380 7569568 34379->34380 34381 7569d00 PostMessageW 34380->34381 34382 7569d6c 34381->34382 34382->34379 34320 2a54668 34321 2a54672 34320->34321 34323 2a54759 34320->34323 34324 2a5477d 34323->34324 34328 2a54868 34324->34328 34332 2a54858 34324->34332 34330 2a5488f 34328->34330 34329 2a5496c 34330->34329 34336 2a544b0 34330->34336 34334 2a5488f 34332->34334 34333 2a5496c 34334->34333 34335 2a544b0 CreateActCtxA 34334->34335 34335->34333 34337 2a558f8 CreateActCtxA 34336->34337 34339 2a559bb 34337->34339

            Executed Functions

            Function 051570F0 Relevance: 9.5, Strings: 7, Instructions: 729COMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 294 51570f0-5157112 296 5157114-5157136 294->296 297 5157137-5157235 call 51557b0 call 51557c0 call 5156d58 call 5156d68 294->297 322 515723b-515726b 297->322 323 51572ea-5157518 call 5156d78 call 5156d88 call 5156d98 call 5156da8 call 5156db8 call 5156dc8 call 5156dd8 call 5156de8 297->323 329 5157271-515727f 322->329 330 5157af2-5157b17 322->330 387 5157530-515753e 323->387 388 515751a-5157520 323->388 329->330 331 5157285-515729c 329->331 336 5157b1e-5157b2f 330->336 337 5157b19 call 5156ed8 330->337 331->330 333 51572a2-51572d6 331->333 333->330 335 51572dc-51572e4 333->335 335->322 335->323 342 5157b31-5157b4c call 5156ee8 336->342 343 5157b68-5157ba1 call 5156ef8 call 5156f08 call 5156f18 336->343 337->336 342->343 355 5157b4e-5157b60 342->355 361 5157bb1-5157bcf 343->361 362 5157ba3-5157bac call 5156ee8 343->362 355->343 487 5157bd4 call 515b917 361->487 488 5157bd4 call 515b9ae 361->488 489 5157bd4 call 515b928 361->489 362->361 369 5157bd9-5157bdc 387->330 392 5157544-515755c call 5156df8 387->392 389 5157524-5157526 388->389 390 5157522 388->390 389->387 390->387 395 5157563-5157a2d call 5156e08 call 5156e18 call 5156d98 call 5156da8 call 5156dc8 call 5156e28 call 5156dd8 call 5156e38 call 5156e48 call 5156e58 call 5156d98 call 5156da8 call 5156dc8 call 5156dd8 call 5156d98 call 5156da8 call 5156dc8 call 5156dd8 call 5156e68 call 5156e78 call 5156e88 call 5156e98 * 4 392->395 469 5157a45-5157af1 call 5156ea8 call 5156eb8 call 5156da8 call 5156ec8 * 2 395->469 470 5157a2f-5157a35 395->470 471 5157a37 470->471 472 5157a39-5157a3b 470->472 471->469 472->469 487->369 488->369 489->369
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1723944816.0000000005150000.00000040.00000800.00020000.00000000.sdmp, Offset: 05150000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_5150000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: ($($)$.$]$]$c
            • API String ID: 0-2044916132
            • Opcode ID: 501b454a0cb186fb8cd631fda22f9d6d7b935a0d4d772859f41a6189a606dbd9
            • Instruction ID: c699aeafe81cb967c0f20e824131896b70fe605d4e3d99d966a64bd42cb884dd
            • Opcode Fuzzy Hash: 501b454a0cb186fb8cd631fda22f9d6d7b935a0d4d772859f41a6189a606dbd9
            • Instruction Fuzzy Hash: CC624C30A10B15CFC755EF74C854A9EB7B2FF89300F518AA9D4596B361EF70A986CB80
            Function 07561850 Relevance: .1, Instructions: 72COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1731519758.0000000007560000.00000040.00000800.00020000.00000000.sdmp, Offset: 07560000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7560000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 7444888068c4852798b427390647b3dd62f52dddeb1a249940e3e728dea7dbd2
            • Instruction ID: a4f466df2e6f17a8e815c5679d771e6b053f0a601564310387b24a9a6a17469e
            • Opcode Fuzzy Hash: 7444888068c4852798b427390647b3dd62f52dddeb1a249940e3e728dea7dbd2
            • Instruction Fuzzy Hash: 882117B0D016489BEB08CFA7C9487EEFFB6BFC9300F04C46AD409A6254EB7409858F90
            Function 07561860 Relevance: .1, Instructions: 61COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1731519758.0000000007560000.00000040.00000800.00020000.00000000.sdmp, Offset: 07560000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7560000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: c53cac3097143f560b29542682fc76f288d2afa6d81dca4ce34d18d230d63af3
            • Instruction ID: a490284033851e93c480219a3989e9dacdad4a5222b9c64ff6ab4a785aca7566
            • Opcode Fuzzy Hash: c53cac3097143f560b29542682fc76f288d2afa6d81dca4ce34d18d230d63af3
            • Instruction Fuzzy Hash: 2821A5B0D016189BEB18CF9BC9497EEFAB6BF89340F14C56AD40966254EBB409458F90
            Function 07566FE4 Relevance: 1.7, APIs: 1, Instructions: 247processCOMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 683 7566fe4-7567085 687 7567087-7567091 683->687 688 75670be-75670de 683->688 687->688 689 7567093-7567095 687->689 693 7567117-7567146 688->693 694 75670e0-75670ea 688->694 690 7567097-75670a1 689->690 691 75670b8-75670bb 689->691 695 75670a5-75670b4 690->695 696 75670a3 690->696 691->688 704 756717f-7567239 CreateProcessA 693->704 705 7567148-7567152 693->705 694->693 697 75670ec-75670ee 694->697 695->695 698 75670b6 695->698 696->695 699 75670f0-75670fa 697->699 700 7567111-7567114 697->700 698->691 702 75670fe-756710d 699->702 703 75670fc 699->703 700->693 702->702 706 756710f 702->706 703->702 716 7567242-75672c8 704->716 717 756723b-7567241 704->717 705->704 707 7567154-7567156 705->707 706->700 709 7567158-7567162 707->709 710 7567179-756717c 707->710 711 7567166-7567175 709->711 712 7567164 709->712 710->704 711->711 714 7567177 711->714 712->711 714->710 727 75672ca-75672ce 716->727 728 75672d8-75672dc 716->728 717->716 727->728 729 75672d0 727->729 730 75672de-75672e2 728->730 731 75672ec-75672f0 728->731 729->728 730->731 732 75672e4 730->732 733 75672f2-75672f6 731->733 734 7567300-7567304 731->734 732->731 733->734 735 75672f8 733->735 736 7567316-756731d 734->736 737 7567306-756730c 734->737 735->734 738 7567334 736->738 739 756731f-756732e 736->739 737->736 741 7567335 738->741 739->738 741->741
            APIs
            • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 07567226
            Memory Dump Source
            • Source File: 00000000.00000002.1731519758.0000000007560000.00000040.00000800.00020000.00000000.sdmp, Offset: 07560000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7560000_SecuriteInfo.jbxd
            Similarity
            • API ID: CreateProcess
            • String ID:
            • API String ID: 963392458-0
            • Opcode ID: 7205755456991c38e5ac52419feffc7a1625f599b4b7feab7b8696752e52376f
            • Instruction ID: b2962d12db001168c2b991ddd55fb188e9cc7ed58cb84e650efc1e0c6d825445
            • Opcode Fuzzy Hash: 7205755456991c38e5ac52419feffc7a1625f599b4b7feab7b8696752e52376f
            • Instruction Fuzzy Hash: B1A16EB1D0061ADFDB20DF68C845BDEBBB2FF48314F1485AAE818A7240DB759985CF91
            Function 07566FF0 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 742 7566ff0-7567085 744 7567087-7567091 742->744 745 75670be-75670de 742->745 744->745 746 7567093-7567095 744->746 750 7567117-7567146 745->750 751 75670e0-75670ea 745->751 747 7567097-75670a1 746->747 748 75670b8-75670bb 746->748 752 75670a5-75670b4 747->752 753 75670a3 747->753 748->745 761 756717f-7567239 CreateProcessA 750->761 762 7567148-7567152 750->762 751->750 754 75670ec-75670ee 751->754 752->752 755 75670b6 752->755 753->752 756 75670f0-75670fa 754->756 757 7567111-7567114 754->757 755->748 759 75670fe-756710d 756->759 760 75670fc 756->760 757->750 759->759 763 756710f 759->763 760->759 773 7567242-75672c8 761->773 774 756723b-7567241 761->774 762->761 764 7567154-7567156 762->764 763->757 766 7567158-7567162 764->766 767 7567179-756717c 764->767 768 7567166-7567175 766->768 769 7567164 766->769 767->761 768->768 771 7567177 768->771 769->768 771->767 784 75672ca-75672ce 773->784 785 75672d8-75672dc 773->785 774->773 784->785 786 75672d0 784->786 787 75672de-75672e2 785->787 788 75672ec-75672f0 785->788 786->785 787->788 789 75672e4 787->789 790 75672f2-75672f6 788->790 791 7567300-7567304 788->791 789->788 790->791 792 75672f8 790->792 793 7567316-756731d 791->793 794 7567306-756730c 791->794 792->791 795 7567334 793->795 796 756731f-756732e 793->796 794->793 798 7567335 795->798 796->795 798->798
            APIs
            • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 07567226
            Memory Dump Source
            • Source File: 00000000.00000002.1731519758.0000000007560000.00000040.00000800.00020000.00000000.sdmp, Offset: 07560000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7560000_SecuriteInfo.jbxd
            Similarity
            • API ID: CreateProcess
            • String ID:
            • API String ID: 963392458-0
            • Opcode ID: 498b2b264e2b38cff043a865aded4c6f85f01b63d7c947418b01fae0a212ce9d
            • Instruction ID: aa142ac25d8fb20ebec26b32719466197117ab4194271eb49a2f1ac7751b2c4c
            • Opcode Fuzzy Hash: 498b2b264e2b38cff043a865aded4c6f85f01b63d7c947418b01fae0a212ce9d
            • Instruction Fuzzy Hash: 20916DB1D00219CFDF20DFA8C845BDEBBB2FB48314F14856AE818A7250DB759985CF91
            Function 02A5ACE8 Relevance: 1.7, APIs: 1, Instructions: 186COMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 799 2a5ace8-2a5acf7 800 2a5ad23-2a5ad27 799->800 801 2a5acf9-2a5ad06 call 2a5a00c 799->801 802 2a5ad29-2a5ad33 800->802 803 2a5ad3b-2a5ad7c 800->803 808 2a5ad1c 801->808 809 2a5ad08 801->809 802->803 810 2a5ad7e-2a5ad86 803->810 811 2a5ad89-2a5ad97 803->811 808->800 856 2a5ad0e call 2a5af80 809->856 857 2a5ad0e call 2a5af70 809->857 810->811 812 2a5ad99-2a5ad9e 811->812 813 2a5adbb-2a5adbd 811->813 817 2a5ada0-2a5ada7 call 2a5a018 812->817 818 2a5ada9 812->818 816 2a5adc0-2a5adc7 813->816 814 2a5ad14-2a5ad16 814->808 815 2a5ae58-2a5af4b GetModuleHandleW 814->815 851 2a5af54-2a5af68 815->851 852 2a5af4d-2a5af53 815->852 820 2a5add4-2a5addb 816->820 821 2a5adc9-2a5add1 816->821 819 2a5adab-2a5adb9 817->819 818->819 819->816 823 2a5addd-2a5ade5 820->823 824 2a5ade8-2a5adf1 call 2a5a028 820->824 821->820 823->824 830 2a5adf3-2a5adfb 824->830 831 2a5adfe-2a5ae03 824->831 830->831 832 2a5ae05-2a5ae0c 831->832 833 2a5ae21-2a5ae25 831->833 832->833 835 2a5ae0e-2a5ae1e call 2a5a038 call 2a5a048 832->835 854 2a5ae28 call 2a5b280 833->854 855 2a5ae28 call 2a5b270 833->855 835->833 836 2a5ae2b-2a5ae2e 839 2a5ae51-2a5ae57 836->839 840 2a5ae30-2a5ae4e 836->840 840->839 852->851 854->836 855->836 856->814 857->814
            Memory Dump Source
            • Source File: 00000000.00000002.1717160041.0000000002A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A50000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_2a50000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 8c4cef8d73902795af9d570df7c523b558ed02a2d2069e0369b1173fc0f00040
            • Instruction ID: 9c3680a83a5e5ab442cd0b951e927917770f5e9daa7e8f99aae731c0eeeec5d5
            • Opcode Fuzzy Hash: 8c4cef8d73902795af9d570df7c523b558ed02a2d2069e0369b1173fc0f00040
            • Instruction Fuzzy Hash: 7C714571A00B158FD724DF29D58475BBBF1BF88304F104A2ED88ACBA41DB35E84ACB91
            Function 02A558ED Relevance: 1.6, APIs: 1, Instructions: 97COMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 858 2a558ed-2a559b9 CreateActCtxA 860 2a559c2-2a55a1c 858->860 861 2a559bb-2a559c1 858->861 868 2a55a1e-2a55a21 860->868 869 2a55a2b-2a55a2f 860->869 861->860 868->869 870 2a55a31-2a55a3d 869->870 871 2a55a40 869->871 870->871 873 2a55a41 871->873 873->873
            APIs
            • CreateActCtxA.KERNEL32(?), ref: 02A559A9
            Memory Dump Source
            • Source File: 00000000.00000002.1717160041.0000000002A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A50000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_2a50000_SecuriteInfo.jbxd
            Similarity
            • API ID: Create
            • String ID:
            • API String ID: 2289755597-0
            • Opcode ID: 4dbbac292897635960ecfa231c8a9828225da971f6ba1c8fc3f40d351100e9bd
            • Instruction ID: 6d7a450fac74ea01f13ae2a7a796994b9934f7bb3f271a79f2b91d31d13404a3
            • Opcode Fuzzy Hash: 4dbbac292897635960ecfa231c8a9828225da971f6ba1c8fc3f40d351100e9bd
            • Instruction Fuzzy Hash: 0441C2B0C00729CADB24CFA9C988BCEFBF5BF49314F60815AD409AB251DB756945CF50
            Function 02A544B0 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 874 2a544b0-2a559b9 CreateActCtxA 877 2a559c2-2a55a1c 874->877 878 2a559bb-2a559c1 874->878 885 2a55a1e-2a55a21 877->885 886 2a55a2b-2a55a2f 877->886 878->877 885->886 887 2a55a31-2a55a3d 886->887 888 2a55a40 886->888 887->888 890 2a55a41 888->890 890->890
            APIs
            • CreateActCtxA.KERNEL32(?), ref: 02A559A9
            Memory Dump Source
            • Source File: 00000000.00000002.1717160041.0000000002A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A50000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_2a50000_SecuriteInfo.jbxd
            Similarity
            • API ID: Create
            • String ID:
            • API String ID: 2289755597-0
            • Opcode ID: 83b67e411f327fc7fbdba1902f376d4dca7741dbf792c932565709287a8d6a26
            • Instruction ID: 406b9cae3b3e91f07159a5ddb98d914540cc55ee09841fc9c6814c4f5d57eafd
            • Opcode Fuzzy Hash: 83b67e411f327fc7fbdba1902f376d4dca7741dbf792c932565709287a8d6a26
            • Instruction Fuzzy Hash: F541C3B0C00729CBDB24DFA9C984B9EBBB5BF48304F60806AD409AB251DB756945CF90
            Function 05154040 Relevance: 1.6, APIs: 1, Instructions: 93COMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 891 5154040-515407c 893 5154082-5154087 891->893 894 515412c-515414c 891->894 895 5154089-51540c0 893->895 896 51540da-5154112 CallWindowProcW 893->896 900 515414f-515415c 894->900 903 51540c2-51540c8 895->903 904 51540c9-51540d8 895->904 897 5154114-515411a 896->897 898 515411b-515412a 896->898 897->898 898->900 903->904 904->900
            APIs
            • CallWindowProcW.USER32(?,?,?,?,?), ref: 05154101
            Memory Dump Source
            • Source File: 00000000.00000002.1723944816.0000000005150000.00000040.00000800.00020000.00000000.sdmp, Offset: 05150000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_5150000_SecuriteInfo.jbxd
            Similarity
            • API ID: CallProcWindow
            • String ID:
            • API String ID: 2714655100-0
            • Opcode ID: 18ef8e1c811ab39e81cab7c1895f21fe8233d83d64418d589ecd39e14ba1a4a2
            • Instruction ID: 1b7c24da44c92afff7006555cc416c1db679adf7f62f1f05c74a7e66b150a7ad
            • Opcode Fuzzy Hash: 18ef8e1c811ab39e81cab7c1895f21fe8233d83d64418d589ecd39e14ba1a4a2
            • Instruction Fuzzy Hash: D541E7B5900305CFDB14CF99C889AAAFBF5FB88324F24C459D919AB321D775A841CFA0
            Function 07566D60 Relevance: 1.6, APIs: 1, Instructions: 72injectionCOMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 906 7566d60-7566db6 908 7566dc6-7566e05 WriteProcessMemory 906->908 909 7566db8-7566dc4 906->909 911 7566e07-7566e0d 908->911 912 7566e0e-7566e3e 908->912 909->908 911->912
            APIs
            • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 07566DF8
            Memory Dump Source
            • Source File: 00000000.00000002.1731519758.0000000007560000.00000040.00000800.00020000.00000000.sdmp, Offset: 07560000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7560000_SecuriteInfo.jbxd
            Similarity
            • API ID: MemoryProcessWrite
            • String ID:
            • API String ID: 3559483778-0
            • Opcode ID: 80ee46dff12a60ad26efc0fe6a125f655ebde943102fcbbeca067ffdcc63087c
            • Instruction ID: 0ef3448019054a8568d8183a7d63de5eae751ce7300efc660053012f5e98dba9
            • Opcode Fuzzy Hash: 80ee46dff12a60ad26efc0fe6a125f655ebde943102fcbbeca067ffdcc63087c
            • Instruction Fuzzy Hash: 232148B69003499FDB10CFAAC885BDEBBF5FF48310F14842AE919A7340C7789955DBA1
            Function 07566E50 Relevance: 1.6, APIs: 1, Instructions: 70COMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 916 7566e50-7566ee5 ReadProcessMemory 920 7566ee7-7566eed 916->920 921 7566eee-7566f1e 916->921 920->921
            APIs
            • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 07566ED8
            Memory Dump Source
            • Source File: 00000000.00000002.1731519758.0000000007560000.00000040.00000800.00020000.00000000.sdmp, Offset: 07560000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7560000_SecuriteInfo.jbxd
            Similarity
            • API ID: MemoryProcessRead
            • String ID:
            • API String ID: 1726664587-0
            • Opcode ID: e29d3aa6a21d6a3590b46bb8182d2403e2997b26f268d472066a8ab94e6b758c
            • Instruction ID: fab20b88e1c146cee891546c12d10cf9a3ddebe6ecc0ed58f5bc4f13eca7e909
            • Opcode Fuzzy Hash: e29d3aa6a21d6a3590b46bb8182d2403e2997b26f268d472066a8ab94e6b758c
            • Instruction Fuzzy Hash: C12139B5C003599FCB10CFAAD885AEEBBF5FF48320F10842AE519A7240C7799941DBA5
            Function 07566791 Relevance: 1.6, APIs: 1, Instructions: 69threadCOMMON
            Download Yara Rule
            APIs
            • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 07566816
            Memory Dump Source
            • Source File: 00000000.00000002.1731519758.0000000007560000.00000040.00000800.00020000.00000000.sdmp, Offset: 07560000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7560000_SecuriteInfo.jbxd
            Similarity
            • API ID: ContextThreadWow64
            • String ID:
            • API String ID: 983334009-0
            • Opcode ID: 6bfac8a42314fd93e0b376d2a17821436ca609219a1940ba84f6efa1d8df9d4a
            • Instruction ID: d07847e917a893df9410080e1963bb33568acddd2f69afe13921c12267cd43a7
            • Opcode Fuzzy Hash: 6bfac8a42314fd93e0b376d2a17821436ca609219a1940ba84f6efa1d8df9d4a
            • Instruction Fuzzy Hash: 222125B1D002099FDB10DFAAC485BEEBBF4FF88324F14842AD559A7240CB789945CFA5
            Function 07566D68 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
            Download Yara Rule
            APIs
            • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 07566DF8
            Memory Dump Source
            • Source File: 00000000.00000002.1731519758.0000000007560000.00000040.00000800.00020000.00000000.sdmp, Offset: 07560000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7560000_SecuriteInfo.jbxd
            Similarity
            • API ID: MemoryProcessWrite
            • String ID:
            • API String ID: 3559483778-0
            • Opcode ID: 228bf48bb4f02da7d05ecdd3b18f299c68ddf0d2e38933639d70398c3a120f99
            • Instruction ID: c51856e99a6ca682ab7105a613f5fc090f7f68007a01cfe200f501b1c25f66a8
            • Opcode Fuzzy Hash: 228bf48bb4f02da7d05ecdd3b18f299c68ddf0d2e38933639d70398c3a120f99
            • Instruction Fuzzy Hash: 9C2157B19003499FCB10CFAAC885BDEBBF5FF48310F10842AE919A7240C7789950CBA5
            Function 02A5D1BC Relevance: 1.6, APIs: 1, Instructions: 65COMMON
            Download Yara Rule
            APIs
            • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,02A5D596,?,?,?,?,?), ref: 02A5D657
            Memory Dump Source
            • Source File: 00000000.00000002.1717160041.0000000002A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A50000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_2a50000_SecuriteInfo.jbxd
            Similarity
            • API ID: DuplicateHandle
            • String ID:
            • API String ID: 3793708945-0
            • Opcode ID: 76ee1da67d4bb246eeef20865950e2a9400159cb1cfbe7c8f33e9d5917b46b22
            • Instruction ID: 681b85958e0387300b382104b04b6a13ab2a87a6c5dc352b883f33aa98510b72
            • Opcode Fuzzy Hash: 76ee1da67d4bb246eeef20865950e2a9400159cb1cfbe7c8f33e9d5917b46b22
            • Instruction Fuzzy Hash: EE21E3B5D00218DFDB10CF9AD984ADEBBF8EB48324F14841AE918A7310D774A940CFA5
            Function 07566798 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
            Download Yara Rule
            APIs
            • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 07566816
            Memory Dump Source
            • Source File: 00000000.00000002.1731519758.0000000007560000.00000040.00000800.00020000.00000000.sdmp, Offset: 07560000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7560000_SecuriteInfo.jbxd
            Similarity
            • API ID: ContextThreadWow64
            • String ID:
            • API String ID: 983334009-0
            • Opcode ID: 8ae3e251268d17adee3421904c658c4f29c077d083cb4c809507ca0d0692161e
            • Instruction ID: 242b51a18da3ea2a053f68fcd91af8cd146b6647f9056395ec91b1704c9b1af4
            • Opcode Fuzzy Hash: 8ae3e251268d17adee3421904c658c4f29c077d083cb4c809507ca0d0692161e
            • Instruction Fuzzy Hash: 172137B1D003099FDB10DFAAC485BEEBBF4EF48324F14842AD519A7240C7789945CBA5
            Function 07566E58 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
            Download Yara Rule
            APIs
            • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 07566ED8
            Memory Dump Source
            • Source File: 00000000.00000002.1731519758.0000000007560000.00000040.00000800.00020000.00000000.sdmp, Offset: 07560000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7560000_SecuriteInfo.jbxd
            Similarity
            • API ID: MemoryProcessRead
            • String ID:
            • API String ID: 1726664587-0
            • Opcode ID: 12728ebe4feb3c2359b837ce72ab90b8fc69c36c2361f31f899c6c9e092a85b9
            • Instruction ID: 8c264b09ca1205280fe8cd679cf978a3f9108990191671df4742f83ab0548193
            • Opcode Fuzzy Hash: 12728ebe4feb3c2359b837ce72ab90b8fc69c36c2361f31f899c6c9e092a85b9
            • Instruction Fuzzy Hash: 432128B1C003599FCB10CFAAC885AEEFBF5FF48320F50842AE519A7240C7799901DBA5
            Function 02A5D5CF Relevance: 1.6, APIs: 1, Instructions: 60COMMON
            Download Yara Rule
            APIs
            • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,02A5D596,?,?,?,?,?), ref: 02A5D657
            Memory Dump Source
            • Source File: 00000000.00000002.1717160041.0000000002A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A50000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_2a50000_SecuriteInfo.jbxd
            Similarity
            • API ID: DuplicateHandle
            • String ID:
            • API String ID: 3793708945-0
            • Opcode ID: 028fb9442520e76d8a4b40e9d8a7fac83e7d213f6af3de51ab8f1392ee050133
            • Instruction ID: aa394c47b6ccde8a2fc8bf238bd14537ee3ac631a3b5fc8032bf553e25d92a30
            • Opcode Fuzzy Hash: 028fb9442520e76d8a4b40e9d8a7fac83e7d213f6af3de51ab8f1392ee050133
            • Instruction Fuzzy Hash: 8E21C2B5D01219DFDB10CFAAD984ADEBBF5EB48320F24841AE918A7350D378A944CF65
            Function 07566CA1 Relevance: 1.6, APIs: 1, Instructions: 58memoryCOMMON
            Download Yara Rule
            APIs
            • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 07566D16
            Memory Dump Source
            • Source File: 00000000.00000002.1731519758.0000000007560000.00000040.00000800.00020000.00000000.sdmp, Offset: 07560000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7560000_SecuriteInfo.jbxd
            Similarity
            • API ID: AllocVirtual
            • String ID:
            • API String ID: 4275171209-0
            • Opcode ID: ca0c07fb60ccea777103ed397f98f499d3c8fcb718f2d31b661f7063579d9ebe
            • Instruction ID: 886aee2be570f93f3aec766cb19052bd202b509e71e37876f46e2409bab174e0
            • Opcode Fuzzy Hash: ca0c07fb60ccea777103ed397f98f499d3c8fcb718f2d31b661f7063579d9ebe
            • Instruction Fuzzy Hash: AC1159B29002099FCB20DFAAD845BDEFFF5EF88320F24841AE519A7250C7759940CFA1
            Function 02A5A070 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
            Download Yara Rule
            APIs
            • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,02A5AFB9,00000800,00000000,00000000), ref: 02A5B1CA
            Memory Dump Source
            • Source File: 00000000.00000002.1717160041.0000000002A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A50000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_2a50000_SecuriteInfo.jbxd
            Similarity
            • API ID: LibraryLoad
            • String ID:
            • API String ID: 1029625771-0
            • Opcode ID: 7396228601817cfb69804d06921d0b24e046627a2a3eafa4db92f768f70269ae
            • Instruction ID: 1a15d3a99235fe69799376b7ef5e5f2de2c52950204d913643142eb2a67faddf
            • Opcode Fuzzy Hash: 7396228601817cfb69804d06921d0b24e046627a2a3eafa4db92f768f70269ae
            • Instruction Fuzzy Hash: 461117B6D003099FDB10CF9AD884B9EFBF4FB48314F10841AE919A7210C775A945CFA5
            Function 02A5B158 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
            Download Yara Rule
            APIs
            • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,02A5AFB9,00000800,00000000,00000000), ref: 02A5B1CA
            Memory Dump Source
            • Source File: 00000000.00000002.1717160041.0000000002A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A50000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_2a50000_SecuriteInfo.jbxd
            Similarity
            • API ID: LibraryLoad
            • String ID:
            • API String ID: 1029625771-0
            • Opcode ID: 7555cd91e6e0989bf60461f8e065cf9154454ef24ae28554f475dc9bf4e1af1f
            • Instruction ID: 8f43f5a21a2a203fa66fbc1aaaeec05351116f5a31cb088687eacd0aa57cfffa
            • Opcode Fuzzy Hash: 7555cd91e6e0989bf60461f8e065cf9154454ef24ae28554f475dc9bf4e1af1f
            • Instruction Fuzzy Hash: C61114B6D002498FDB10CFAAC844ADEFBF4EB88314F14841AE819A7200C775A545CFA5
            Function 075666E0 Relevance: 1.6, APIs: 1, Instructions: 55threadCOMMON
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.1731519758.0000000007560000.00000040.00000800.00020000.00000000.sdmp, Offset: 07560000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7560000_SecuriteInfo.jbxd
            Similarity
            • API ID: ResumeThread
            • String ID:
            • API String ID: 947044025-0
            • Opcode ID: 46edde6558b35d9c6613e2833a1bc0c752b08826ec460392cc6c951284c7768f
            • Instruction ID: 82e110805a19a6a90a435989317acb7c8c09bce0e31d3dfdb3ecbb4ddd3781aa
            • Opcode Fuzzy Hash: 46edde6558b35d9c6613e2833a1bc0c752b08826ec460392cc6c951284c7768f
            • Instruction Fuzzy Hash: F61146B5D002498ECB20DFAAC8457DEFBF8EF88324F24841AD559A7240CB75A945CFA5
            Function 07566CA8 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
            Download Yara Rule
            APIs
            • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 07566D16
            Memory Dump Source
            • Source File: 00000000.00000002.1731519758.0000000007560000.00000040.00000800.00020000.00000000.sdmp, Offset: 07560000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7560000_SecuriteInfo.jbxd
            Similarity
            • API ID: AllocVirtual
            • String ID:
            • API String ID: 4275171209-0
            • Opcode ID: 1315e3ea9ebe5fb28bf627603ed91a28f5ae69d5a42a73dbdc3bd04bb313cecd
            • Instruction ID: d3a3cbf82ae4623546676600679f98d27c64cf2ca762c02d6b333e7779514a4d
            • Opcode Fuzzy Hash: 1315e3ea9ebe5fb28bf627603ed91a28f5ae69d5a42a73dbdc3bd04bb313cecd
            • Instruction Fuzzy Hash: 2D113AB19002499FCB20DFAAC845BDEFFF5EF48320F248419E519A7250C7759950DFA5
            Function 075666E8 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.1731519758.0000000007560000.00000040.00000800.00020000.00000000.sdmp, Offset: 07560000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7560000_SecuriteInfo.jbxd
            Similarity
            • API ID: ResumeThread
            • String ID:
            • API String ID: 947044025-0
            • Opcode ID: bd090d38d56796656a195e1cfb7f7eaf258f027ee505f2ad37c3e07b8d375af3
            • Instruction ID: dad941f753f309efc0e3f9f6ef646cca38fa974fd131fc5fba08029787256029
            • Opcode Fuzzy Hash: bd090d38d56796656a195e1cfb7f7eaf258f027ee505f2ad37c3e07b8d375af3
            • Instruction Fuzzy Hash: 1F113AB1D003498FDB20DFAAC4457DEFBF9EF88324F24841AD519A7240C775A944CB95
            Function 02A5AED8 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
            Download Yara Rule
            APIs
            • GetModuleHandleW.KERNELBASE(00000000), ref: 02A5AF3E
            Memory Dump Source
            • Source File: 00000000.00000002.1717160041.0000000002A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A50000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_2a50000_SecuriteInfo.jbxd
            Similarity
            • API ID: HandleModule
            • String ID:
            • API String ID: 4139908857-0
            • Opcode ID: 65ee1bd899fc863b83127228ad9e8ee97c72967f8c19c6540afd3e5e1da6db27
            • Instruction ID: 32876423af1b45e274a5e0cdd9122c40df6fad8801b326fffc1b4ad8573f4fd6
            • Opcode Fuzzy Hash: 65ee1bd899fc863b83127228ad9e8ee97c72967f8c19c6540afd3e5e1da6db27
            • Instruction Fuzzy Hash: 911102B6D006498FCB10CF9AC544B9EFBF4AF88224F10855AD919A7210C379A549CFA5
            Function 07569578 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
            Download Yara Rule
            APIs
            • PostMessageW.USER32(?,00000010,00000000,?), ref: 07569D5D
            Memory Dump Source
            • Source File: 00000000.00000002.1731519758.0000000007560000.00000040.00000800.00020000.00000000.sdmp, Offset: 07560000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7560000_SecuriteInfo.jbxd
            Similarity
            • API ID: MessagePost
            • String ID:
            • API String ID: 410705778-0
            • Opcode ID: c5d80d44492cbf7cbef4c4fb60c973aed2a5c9861909adbc9874869241d17b46
            • Instruction ID: 101eacb660ff3ae2bd9fef420869d73929798838a6590c306671317136ba20c8
            • Opcode Fuzzy Hash: c5d80d44492cbf7cbef4c4fb60c973aed2a5c9861909adbc9874869241d17b46
            • Instruction Fuzzy Hash: 971157B58043498FDB11CFA8D898BDEBFF0EF49314F14848AD599AB211C334A948CFA1
            Function 07569568 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
            Download Yara Rule
            APIs
            • PostMessageW.USER32(?,00000010,00000000,?), ref: 07569D5D
            Memory Dump Source
            • Source File: 00000000.00000002.1731519758.0000000007560000.00000040.00000800.00020000.00000000.sdmp, Offset: 07560000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7560000_SecuriteInfo.jbxd
            Similarity
            • API ID: MessagePost
            • String ID:
            • API String ID: 410705778-0
            • Opcode ID: f2adb4c25dee272048463e8d40031addb016dd23f8a1289de232a80de5e9b3d4
            • Instruction ID: 6075f8e0a06be464c27a53a196a48b4d1f28dc44f68cab8934ea6118ee7e7185
            • Opcode Fuzzy Hash: f2adb4c25dee272048463e8d40031addb016dd23f8a1289de232a80de5e9b3d4
            • Instruction Fuzzy Hash: D911F5B58003499FCB10DF99D889BDEFBF8FB48320F20841AE919A7210C375A944CFA5
            Function 02A5AED7 Relevance: 1.5, APIs: 1, Instructions: 45COMMON
            Download Yara Rule
            APIs
            • GetModuleHandleW.KERNELBASE(00000000), ref: 02A5AF3E
            Memory Dump Source
            • Source File: 00000000.00000002.1717160041.0000000002A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A50000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_2a50000_SecuriteInfo.jbxd
            Similarity
            • API ID: HandleModule
            • String ID:
            • API String ID: 4139908857-0
            • Opcode ID: cb7b0ca8e424643786fa530ce079a4d9abd9f6a5663aab9c9a0775f03542d567
            • Instruction ID: d96f09d4d9621ae1f5c189986c7925832a7b9fa905b03b99474538d008c35661
            • Opcode Fuzzy Hash: cb7b0ca8e424643786fa530ce079a4d9abd9f6a5663aab9c9a0775f03542d567
            • Instruction Fuzzy Hash: 231110B6D006498ECB10CF9AC544BDEFBF4AF48224F24855AD919B7610C378A549CFA1
            Function 02A5D5CA Relevance: 1.5, APIs: 1, Instructions: 43COMMON
            Download Yara Rule
            APIs
            • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,02A5D596,?,?,?,?,?), ref: 02A5D657
            Memory Dump Source
            • Source File: 00000000.00000002.1717160041.0000000002A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A50000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_2a50000_SecuriteInfo.jbxd
            Similarity
            • API ID: DuplicateHandle
            • String ID:
            • API String ID: 3793708945-0
            • Opcode ID: 987b15b7149bb4a23d260e0df226a23b0327935a34f79cc7c29ee45ca6ed9850
            • Instruction ID: df1202cc9ae1143b3ae90c42cf0c03ed102f26aec4de2b77959dc6b0ee933224
            • Opcode Fuzzy Hash: 987b15b7149bb4a23d260e0df226a23b0327935a34f79cc7c29ee45ca6ed9850
            • Instruction Fuzzy Hash: 46116DB590024ADFDF10CF99D884BDEBFF4AF49324F24814AE528A7250C3749851DF61
            Function 07569D02 Relevance: 1.5, APIs: 1, Instructions: 43windowCOMMON
            Download Yara Rule
            APIs
            • PostMessageW.USER32(?,00000010,00000000,?), ref: 07569D5D
            Memory Dump Source
            • Source File: 00000000.00000002.1731519758.0000000007560000.00000040.00000800.00020000.00000000.sdmp, Offset: 07560000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7560000_SecuriteInfo.jbxd
            Similarity
            • API ID: MessagePost
            • String ID:
            • API String ID: 410705778-0
            • Opcode ID: 60730959dc90bac86e982128cb42b263f77cbf05a1cae6ab844f9eb6f71cbd97
            • Instruction ID: 3441f49ab54a7aa9c8f475b33e43bf05d98e9de2d22b2c038ae1ab4a64cabde0
            • Opcode Fuzzy Hash: 60730959dc90bac86e982128cb42b263f77cbf05a1cae6ab844f9eb6f71cbd97
            • Instruction Fuzzy Hash: E411D0B58002499FDB20CF99D989BDEBBF8FB48320F20841AE559A7210C375A944CFA5
            Function 0296D3D8 Relevance: .1, Instructions: 75COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1716860846.000000000296D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0296D000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_296d000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 404d4ae4d315ed8579a91cb127e297229369a284a15768269a1d722c20ea557b
            • Instruction ID: b1b0ec2d4c5c948dda71a68d7cf02a2d986aed12f0690123130ec49d269772a6
            • Opcode Fuzzy Hash: 404d4ae4d315ed8579a91cb127e297229369a284a15768269a1d722c20ea557b
            • Instruction Fuzzy Hash: BF2127B1204244DFDB08DF04C9C4B26BBA9FB88314F24C569D90D0B696C336E846C6B1
            Function 0296D4C4 Relevance: .1, Instructions: 75COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1716860846.000000000296D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0296D000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_296d000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 2fd5a18dff5cfbe8c0b4516ff1fcebafd1e3b8c3dbc4f17fa58a147fa921b6ab
            • Instruction ID: 6f7765bb623e02b2e1298c7ed6a156ee7b8134932e77c4594640f583de5116d9
            • Opcode Fuzzy Hash: 2fd5a18dff5cfbe8c0b4516ff1fcebafd1e3b8c3dbc4f17fa58a147fa921b6ab
            • Instruction Fuzzy Hash: 632103B1604240DFDB15DF14D9C4B36BFA9FB88318F24C969E9090B65AC336D456CAB1
            Function 0297D1D4 Relevance: .1, Instructions: 72COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1716933895.000000000297D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0297D000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_297d000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: ba0c36f55cc1de425d77c15fd01085f9d72b7ad86cdd2258d30106fdaf4ac3cb
            • Instruction ID: 55fe8d6691b779d793b7454c3291b25e7bf0b3cf46d061241b9f28fddc9a152e
            • Opcode Fuzzy Hash: ba0c36f55cc1de425d77c15fd01085f9d72b7ad86cdd2258d30106fdaf4ac3cb
            • Instruction Fuzzy Hash: 2721F2B1604200EFDB05DF14D9C0B26BBA9FF98314F24C9ADE94A4B292C336D447CA71
            Function 0297D01C Relevance: .1, Instructions: 72COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1716933895.000000000297D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0297D000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_297d000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: e7c803960578f1cbbcd33f379b731b329ebd4a549d05bc87209e8d3057890722
            • Instruction ID: e5a6f17c2999220dd840d89a8d72741fc20e8de91ea530dcc291b02f4f779e58
            • Opcode Fuzzy Hash: e7c803960578f1cbbcd33f379b731b329ebd4a549d05bc87209e8d3057890722
            • Instruction Fuzzy Hash: 4D2104B5604200DFDB14DF14D9C0B26BB69FF84314F24C96DE90A4B296C33AD447CA71
            Function 0297D006 Relevance: .1, Instructions: 62COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1716933895.000000000297D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0297D000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_297d000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 7fe10fe29c531ed197be89e32aa9c29efadd5a179895ecd9d60ae4a832c0b7a2
            • Instruction ID: 73df5ad912094f0ac70a15b170455a3bb526757670c20e41a5ec445b749e3ce9
            • Opcode Fuzzy Hash: 7fe10fe29c531ed197be89e32aa9c29efadd5a179895ecd9d60ae4a832c0b7a2
            • Instruction Fuzzy Hash: 8A215E755093808FDB12CF24D994B15BF71EF46214F28C5DAD8898F6A7C33AD84ACB62
            Function 0296D3D3 Relevance: .1, Instructions: 56COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1716860846.000000000296D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0296D000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_296d000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: d470e05bf275f9961b8f2d54e60ae5f944f02dbb38b852c854ecf385a2209709
            • Instruction ID: 9c4488afedf94f42dfab92f257148217f3cc2c6417419272d83af1e7f55ce043
            • Opcode Fuzzy Hash: d470e05bf275f9961b8f2d54e60ae5f944f02dbb38b852c854ecf385a2209709
            • Instruction Fuzzy Hash: FE112672504240CFDB16CF00D5C4B26BFB2FB84324F24C2A9D8094B696C33AE85ACBA1
            Function 0296D4BF Relevance: .1, Instructions: 56COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1716860846.000000000296D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0296D000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_296d000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: d470e05bf275f9961b8f2d54e60ae5f944f02dbb38b852c854ecf385a2209709
            • Instruction ID: 86a2942ea022f95841d41b6169e99f735df0d46d6ce8a221b79c11a288764fcd
            • Opcode Fuzzy Hash: d470e05bf275f9961b8f2d54e60ae5f944f02dbb38b852c854ecf385a2209709
            • Instruction Fuzzy Hash: EF11E676504280CFDB16CF14D5C4B26BFB2FB84318F24C6AAD8494B65AC33AD45ACBA1
            Function 0297D1CF Relevance: .1, Instructions: 53COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1716933895.000000000297D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0297D000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_297d000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 244c614e04a80719a4cbb1e35d09afbc7f52f2045db6f081cea45e42cbbeead8
            • Instruction ID: 8839ccaa852b86206d9ef84610c075d2538f899674262d15b1b0dedc6832a4c2
            • Opcode Fuzzy Hash: 244c614e04a80719a4cbb1e35d09afbc7f52f2045db6f081cea45e42cbbeead8
            • Instruction Fuzzy Hash: 9D118B75504280DFDB16CF14D5C4B15BBA2FF84218F28C6AAD8494B696C33AD44ACB61
            Function 0296D759 Relevance: .0, Instructions: 45COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1716860846.000000000296D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0296D000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_296d000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 6d88c1f67e911f6affc73101437f40fb2ad602fdd37e7fb66f9994f50cf0e259
            • Instruction ID: 7c7be3abb38b75b9e03819e59c08dbb026db219778915e05dc5446722bcf15ca
            • Opcode Fuzzy Hash: 6d88c1f67e911f6affc73101437f40fb2ad602fdd37e7fb66f9994f50cf0e259
            • Instruction Fuzzy Hash: 6401A7B16093449AE7104A65DCC8B76BFECDF51364F18C85AED194A286C7799840C6B2
            Function 0296D758 Relevance: .0, Instructions: 36COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1716860846.000000000296D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0296D000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_296d000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 3cd75d35ba29b792cb867a9584c28a14268171ddda30d958887c2421b34cc9f1
            • Instruction ID: 6900f2e7e0d2cbf3343644f2271c81111d4f0945cc6a7345cd34ad34ce57ecb3
            • Opcode Fuzzy Hash: 3cd75d35ba29b792cb867a9584c28a14268171ddda30d958887c2421b34cc9f1
            • Instruction Fuzzy Hash: A0F062725053449EE7208E16DDC8B66FFECEF51724F18C45AED194A286C379A844CBB1

            Non-executed Functions

            Function 0756AA38 Relevance: .3, Instructions: 333COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1731519758.0000000007560000.00000040.00000800.00020000.00000000.sdmp, Offset: 07560000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7560000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 523d1a0c5b016bddb5f60feb12b3c3143f045aef37f8e02da1d7621e3b0b3e81
            • Instruction ID: c33cc7aa68a8bf4d242648cb3276a94f3df2773a24b51f887a7b1e8605761f39
            • Opcode Fuzzy Hash: 523d1a0c5b016bddb5f60feb12b3c3143f045aef37f8e02da1d7621e3b0b3e81
            • Instruction Fuzzy Hash: D1C1B9B07016118FEB29DB75C5547AFB7E7AF89300F10846AE246AB7A1CF35E901CB61
            Function 07564338 Relevance: .3, Instructions: 326COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1731519758.0000000007560000.00000040.00000800.00020000.00000000.sdmp, Offset: 07560000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7560000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 49ffa177c535ab95d5b19178cc889a9bc02c36dc00c3d795d1b7050fd29025a6
            • Instruction ID: e82023da6d39c1b75ea54dab4f755807fbab700508667349e77c947bee2f7488
            • Opcode Fuzzy Hash: 49ffa177c535ab95d5b19178cc889a9bc02c36dc00c3d795d1b7050fd29025a6
            • Instruction Fuzzy Hash: 24E11CB4E041598FCB14DF99C5849AEFBF2FF89305F24916AD814AB355D730A982CF60
            Function 05150040 Relevance: .3, Instructions: 315COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1723944816.0000000005150000.00000040.00000800.00020000.00000000.sdmp, Offset: 05150000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_5150000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: a65a97e992ae2ffa02bca7585295786d7ce0039c7428f747b646265d401c4c90
            • Instruction ID: e1b4beca0d470d1cd9ae46ed2a1fff861b22d7c238a1c02a06c98882e2cd2ce2
            • Opcode Fuzzy Hash: a65a97e992ae2ffa02bca7585295786d7ce0039c7428f747b646265d401c4c90
            • Instruction Fuzzy Hash: 4D1293B1C817458AE710CF65ED4C2893BA1BB85318FD04A09DA612E2E6DFB4956FCF4C
            Function 07564788 Relevance: .3, Instructions: 312COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1731519758.0000000007560000.00000040.00000800.00020000.00000000.sdmp, Offset: 07560000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7560000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 0aceba18e12df4548e953e727f7de957da12285c3e487b6df2d1deeae8310ac2
            • Instruction ID: 7a8eb42db787537efaff06b65c0beafcdaa39cc660190e0cd2e68588dd884640
            • Opcode Fuzzy Hash: 0aceba18e12df4548e953e727f7de957da12285c3e487b6df2d1deeae8310ac2
            • Instruction Fuzzy Hash: 33E1FCB4E101598FCB14DFA9C5949AEFBF2FF89304F249159D814A7355DB30A982CF60
            Function 07565EC0 Relevance: .3, Instructions: 312COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1731519758.0000000007560000.00000040.00000800.00020000.00000000.sdmp, Offset: 07560000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7560000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: e6aa9c86ac431aff82a83eb46de3e94086edcfb42043be102a7171706e695ab6
            • Instruction ID: 5747675b9a982453e01ddeaaf77ddaaff4531906438188fef406ddeb6ebbaaf3
            • Opcode Fuzzy Hash: e6aa9c86ac431aff82a83eb46de3e94086edcfb42043be102a7171706e695ab6
            • Instruction Fuzzy Hash: CCE10CB4E101198FCB14DF99C6849AEFBF2FF89304F24916AD814AB355D731A982CF61
            Function 07565A88 Relevance: .3, Instructions: 312COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1731519758.0000000007560000.00000040.00000800.00020000.00000000.sdmp, Offset: 07560000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7560000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: a7485ddddb58c80e43a4920cac6e264e756aa64352bf631cc39de425e7e19129
            • Instruction ID: 2f40cd306b5e3cfdc89611c097bb669c668861c949ee29b8c8b000150d4c8bed
            • Opcode Fuzzy Hash: a7485ddddb58c80e43a4920cac6e264e756aa64352bf631cc39de425e7e19129
            • Instruction Fuzzy Hash: 53E1DBB4E141198FDB14DFA9C5849AEBBF2FF89304F24916AD414AB355D730A982CF60
            Function 07566870 Relevance: .3, Instructions: 312COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1731519758.0000000007560000.00000040.00000800.00020000.00000000.sdmp, Offset: 07560000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7560000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 1004d2b84c157d178a2cc9414cbbc2bbb237926e68746e1fc1b2fd06abbc2cf3
            • Instruction ID: 6867dda3a597533d2bb93c94bd8b6043df6704d8685d2ef8bd20440688445a24
            • Opcode Fuzzy Hash: 1004d2b84c157d178a2cc9414cbbc2bbb237926e68746e1fc1b2fd06abbc2cf3
            • Instruction Fuzzy Hash: 9CE1EAB4E101198FDB14DF99C6849AEFBF2FF89304F249169D814AB355D730A982CF60
            Function 02A5D4FC Relevance: .3, Instructions: 264COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1717160041.0000000002A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A50000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_2a50000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 38501a586999e93dec4594186efd4d5d37505f9b84b05a93b9abee3bcd25c45c
            • Instruction ID: d89d4d02db253f1b7af8980280846366d493d3378670095a9b2da36c1f1679af
            • Opcode Fuzzy Hash: 38501a586999e93dec4594186efd4d5d37505f9b84b05a93b9abee3bcd25c45c
            • Instruction Fuzzy Hash: 40A16C32E002158FCF15DFB4C98459EB7B2FF86304B1585AAE901EB665EF31E91ACB50
            Function 05150006 Relevance: .2, Instructions: 234COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1723944816.0000000005150000.00000040.00000800.00020000.00000000.sdmp, Offset: 05150000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_5150000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 398012c6ac32505b12f6f66e078e2f14fd2acfbe02d8234b7cb147d4aa253f48
            • Instruction ID: d59af319b562ffc647592fa8ee3e47aa24ede4d4844aeb72ed20c837e3a53b64
            • Opcode Fuzzy Hash: 398012c6ac32505b12f6f66e078e2f14fd2acfbe02d8234b7cb147d4aa253f48
            • Instruction Fuzzy Hash: 0DC1F3B1C817458AE710CF65ED4C2893BB1FB85324F904A09D9616B2E2DFB8946FCF48
            Function 07565EB0 Relevance: .1, Instructions: 138COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1731519758.0000000007560000.00000040.00000800.00020000.00000000.sdmp, Offset: 07560000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7560000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: fcf6f72eb123d826297d6e39bfee457d95b9d613ea3f10490540395f40f50c48
            • Instruction ID: 1809e1e1c03e5964b5280924fa76c93395ab13de0fb1fb91729493c3e8df0d94
            • Opcode Fuzzy Hash: fcf6f72eb123d826297d6e39bfee457d95b9d613ea3f10490540395f40f50c48
            • Instruction Fuzzy Hash: 56512CB4E002198FCB14DFA9C6845EEFBF2FF89314F24816AD418A7256D7319942CFA1
            Function 0756477F Relevance: .1, Instructions: 130COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1731519758.0000000007560000.00000040.00000800.00020000.00000000.sdmp, Offset: 07560000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7560000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 5907b58a13d76cd3eb3d6081dd4ea81b9ca75fea1d831566b1b31a429dbd4120
            • Instruction ID: 0fb4373d40f80d6d13fded9cbca3c0699bb301a762fe15595e5d854bde44a191
            • Opcode Fuzzy Hash: 5907b58a13d76cd3eb3d6081dd4ea81b9ca75fea1d831566b1b31a429dbd4120
            • Instruction Fuzzy Hash: CF512EB0E102598BDB14DFA9C5845AEFBF2FF89304F24C16AD818A7355D7309A42CFA0
            Function 07564350 Relevance: .1, Instructions: 127COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1731519758.0000000007560000.00000040.00000800.00020000.00000000.sdmp, Offset: 07560000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_7560000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 4d882b904cef974f34a527e407313fdcbe1f65d8d8c9f3803b2bfb8e2a4b2fb1
            • Instruction ID: bee9a52d205dae91e17d4a9552a110f06afc37c83cbad02e96923af010f02b86
            • Opcode Fuzzy Hash: 4d882b904cef974f34a527e407313fdcbe1f65d8d8c9f3803b2bfb8e2a4b2fb1
            • Instruction Fuzzy Hash: 045108B4E002198BDB14CFA9C6855AEFBF2BF89305F24816AD818A7215D7319A42CF60

            Execution Graph

            Execution Coverage:0.5%
            Dynamic/Decrypted Code Coverage:5.8%
            Signature Coverage:5.8%
            Total number of Nodes:69
            Total number of Limit Nodes:8
            execution_graph 93061 4241c3 93062 4241d2 93061->93062 93063 42425c 93062->93063 93064 424219 93062->93064 93067 424257 93062->93067 93069 42cec3 93064->93069 93068 42cec3 RtlFreeHeap 93067->93068 93068->93063 93072 42b3a3 93069->93072 93071 424229 93073 42b3bd 93072->93073 93074 42b3ce RtlFreeHeap 93073->93074 93074->93071 93075 42dfa3 93076 42dfb3 93075->93076 93077 42dfb9 93075->93077 93080 42cfa3 93077->93080 93079 42dfdf 93083 42b353 93080->93083 93082 42cfbe 93082->93079 93084 42b370 93083->93084 93085 42b381 RtlAllocateHeap 93084->93085 93085->93082 93104 42a673 93105 42a690 93104->93105 93108 1252df0 LdrInitializeThunk 93105->93108 93106 42a6b8 93108->93106 93109 423e33 93110 423e4f 93109->93110 93111 423e77 93110->93111 93112 423e8b 93110->93112 93113 42b043 NtClose 93111->93113 93119 42b043 93112->93119 93115 423e80 93113->93115 93116 423e94 93122 42cfe3 RtlAllocateHeap 93116->93122 93118 423e9f 93120 42b05d 93119->93120 93121 42b06e NtClose 93120->93121 93121->93116 93122->93118 93123 41dc53 93124 41dc79 93123->93124 93128 41dd64 93124->93128 93129 42e0d3 93124->93129 93126 41dd08 93127 42a6c3 LdrInitializeThunk 93126->93127 93126->93128 93127->93128 93130 42e043 93129->93130 93131 42cfa3 RtlAllocateHeap 93130->93131 93132 42e0a0 93130->93132 93133 42e07d 93131->93133 93132->93126 93134 42cec3 RtlFreeHeap 93133->93134 93134->93132 93086 416306 93087 41630e 93086->93087 93089 4162cf 93086->93089 93087->93089 93090 42ba83 93087->93090 93092 42ba9b 93090->93092 93091 42babf 93091->93089 93092->93091 93097 42a6c3 93092->93097 93095 42cec3 RtlFreeHeap 93096 42bb22 93095->93096 93096->93089 93098 42a6dd 93097->93098 93101 1252c0a 93098->93101 93099 42a709 93099->93095 93102 1252c11 93101->93102 93103 1252c1f LdrInitializeThunk 93101->93103 93102->93099 93103->93099 93135 401899 93136 4018a0 93135->93136 93139 42e463 93136->93139 93142 42cac3 93139->93142 93141 40196b 93143 42cae9 93142->93143 93145 42cb1e 93143->93145 93146 41a953 NtClose 93143->93146 93145->93141 93146->93145

            Executed Functions

            Function 0042B043 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 19 42b043-42b07c call 4046f3 call 42c0c3 NtClose
            APIs
            Memory Dump Source
            • Source File: 00000006.00000002.2042434401.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_400000_SecuriteInfo.jbxd
            Yara matches
            Similarity
            • API ID: Close
            • String ID:
            • API String ID: 3535843008-0
            • Opcode ID: d2fce80bf96f9aef502c7a706a78167f0df0f39cd2da303e79a79779ee84456a
            • Instruction ID: ffaf1c4e845619c312234e72993fc9ff90263f8a355b3c874327399a7ff256d0
            • Opcode Fuzzy Hash: d2fce80bf96f9aef502c7a706a78167f0df0f39cd2da303e79a79779ee84456a
            • Instruction Fuzzy Hash: ABE04F722042147BC210EA5ADC42F9B776CDFC5714F40441AFA0CA7241C775B9008AF8
            Function 01252DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 28 1252df0-1252dfc LdrInitializeThunk
            APIs
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID: InitializeThunk
            • String ID:
            • API String ID: 2994545307-0
            • Opcode ID: bd2ca955e429a096c1e605327d4e2779d94f50a07d94e4551e31bff3df378c81
            • Instruction ID: ddadd982008dd0c3582b2ae3fb77c4fb723416ef9ace9f7f5fc98771b7459f5a
            • Opcode Fuzzy Hash: bd2ca955e429a096c1e605327d4e2779d94f50a07d94e4551e31bff3df378c81
            • Instruction Fuzzy Hash: 7190027121150453D1117158450470B000D97D0241F95C412A542455CDD6568E92A221
            Function 0042B353 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 9 42b353-42b397 call 4046f3 call 42c0c3 RtlAllocateHeap
            APIs
            • RtlAllocateHeap.NTDLL(?,0041DD08,?,?,00000000,?,0041DD08,?,?,?), ref: 0042B392
            Memory Dump Source
            • Source File: 00000006.00000002.2042434401.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_400000_SecuriteInfo.jbxd
            Yara matches
            Similarity
            • API ID: AllocateHeap
            • String ID:
            • API String ID: 1279760036-0
            • Opcode ID: 67067a5979bf89484583072b10f1e444b18ba938f0cd1e1733e25f412d44e4b4
            • Instruction ID: 08153466ed60f3f2000019d0bfb2e373602b8a1c462ac61380ed6339d86ac2ef
            • Opcode Fuzzy Hash: 67067a5979bf89484583072b10f1e444b18ba938f0cd1e1733e25f412d44e4b4
            • Instruction Fuzzy Hash: 85E06DB22042047BD610EE99DC41FAB37ACEFC5714F40441AF90CA7241D675B9108AB8
            Function 0042B3A3 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 14 42b3a3-42b3e4 call 4046f3 call 42c0c3 RtlFreeHeap
            APIs
            • RtlFreeHeap.NTDLL(00411DFC,?,00411DFC,?,00000000,00411DFC,?,00411DFC,?,?), ref: 0042B3DF
            Memory Dump Source
            • Source File: 00000006.00000002.2042434401.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_400000_SecuriteInfo.jbxd
            Yara matches
            Similarity
            • API ID: FreeHeap
            • String ID:
            • API String ID: 3298025750-0
            • Opcode ID: 13650c0d6e97d53927156756923c6077ca3cb3c8a3d43df0e4b7966925559e16
            • Instruction ID: 80b4c937ed58d4596e4ad6dd3a2aff8a2fca0abc077511e8a490e76b554d259d
            • Opcode Fuzzy Hash: 13650c0d6e97d53927156756923c6077ca3cb3c8a3d43df0e4b7966925559e16
            • Instruction Fuzzy Hash: BFE06D722042147BD610EE99EC41FAB37ACEFC5710F004419F908A7241D675B9108BB8
            Function 01252C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 24 1252c0a-1252c0f 25 1252c11-1252c18 24->25 26 1252c1f-1252c26 LdrInitializeThunk 24->26
            APIs
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID: InitializeThunk
            • String ID:
            • API String ID: 2994545307-0
            • Opcode ID: 7fac117fff3a96680f257ae8f7e4440a634fedbbefbd3d809df47770ad9b87ad
            • Instruction ID: e720c60ffbe95012909ae3f2309eee601de1945d2212726321f68efdbe78b514
            • Opcode Fuzzy Hash: 7fac117fff3a96680f257ae8f7e4440a634fedbbefbd3d809df47770ad9b87ad
            • Instruction Fuzzy Hash: 04B09B719115D5C5DB51E764460871B790477D0701F16C061D7030645F4738C5D1E375

            Non-executed Functions

            Function 01292349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
            • API String ID: 0-2160512332
            • Opcode ID: 04ed8ca29b05aa7950db5a974df0e29611c3951d2dfc5b7c3df61c95ddacb958
            • Instruction ID: 686c2b059733735f5686235bae20dbda368d54727850211252facf6b4ffe3969
            • Opcode Fuzzy Hash: 04ed8ca29b05aa7950db5a974df0e29611c3951d2dfc5b7c3df61c95ddacb958
            • Instruction Fuzzy Hash: 16928D71624342EFEB25CE29C881B6BB7E8BB84754F04492DFB94D7291D770E844CB92
            Function 01248620 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
            Download Yara Rule
            Strings
            • double initialized or corrupted critical section, xrefs: 01285508
            • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 012854CE
            • Critical section address., xrefs: 01285502
            • Thread identifier, xrefs: 0128553A
            • Thread is in a state in which it cannot own a critical section, xrefs: 01285543
            • 8, xrefs: 012852E3
            • Critical section debug info address, xrefs: 0128541F, 0128552E
            • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 012854E2
            • Critical section address, xrefs: 01285425, 012854BC, 01285534
            • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 0128540A, 01285496, 01285519
            • Address of the debug info found in the active list., xrefs: 012854AE, 012854FA
            • Invalid debug info address of this critical section, xrefs: 012854B6
            • undeleted critical section in freed memory, xrefs: 0128542B
            • corrupted critical section, xrefs: 012854C2
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
            • API String ID: 0-2368682639
            • Opcode ID: 0e4baa9acca402b7ad5834e51438a7b190d5c02d4635f50a8884b1628976ab30
            • Instruction ID: 2c55846228be0c280c3298aa9e676f8ec891403a99523f6c6275363b466349e6
            • Opcode Fuzzy Hash: 0e4baa9acca402b7ad5834e51438a7b190d5c02d4635f50a8884b1628976ab30
            • Instruction Fuzzy Hash: 4F81A9B1A51349AFDB25CF9AC845BAEBBF9FB08B14F10415DF604B7290D3B5A940CB60
            Function 012429F9 Relevance: 14.2, Strings: 11, Instructions: 411COMMON
            Download Yara Rule
            Strings
            • RtlpResolveAssemblyStorageMapEntry, xrefs: 0128261F
            • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 01282506
            • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 01282624
            • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 012822E4
            • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 01282412
            • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 012825EB
            • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 012824C0
            • @, xrefs: 0128259B
            • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 01282602
            • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 01282498
            • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 01282409
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
            • API String ID: 0-4009184096
            • Opcode ID: d9d896e4220aa1f3996156c5f36f9bd568c48d44fe31eb770f5fcdddd9fe0daa
            • Instruction ID: 13ce63631c07ea1d7b9be59a860cc432ae067ff61a35a1db6789690e77e43217
            • Opcode Fuzzy Hash: d9d896e4220aa1f3996156c5f36f9bd568c48d44fe31eb770f5fcdddd9fe0daa
            • Instruction Fuzzy Hash: 9902A0F1D11229DBDB35DB59CD80BA9B7B8AF44304F0141DAEB09A7281E7709E84CF69
            Function 012B8B42 Relevance: 12.6, Strings: 10, Instructions: 146COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
            • API String ID: 0-2515994595
            • Opcode ID: 567198efad1c1ce7e2017d73d729e4697154f731a556bdac54daddbb5da80166
            • Instruction ID: ae89f73eb4a488cf5d358424884dfed3d53b3e7c55274eb485762399aaf7afd6
            • Opcode Fuzzy Hash: 567198efad1c1ce7e2017d73d729e4697154f731a556bdac54daddbb5da80166
            • Instruction Fuzzy Hash: 8751C3B15247429BD329DF188884BEBBBECEF98790F14491EEA59C3280E770D544CBD2
            Function 012C0274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
            • API String ID: 0-1700792311
            • Opcode ID: 30673258b38b1177bd96d180afd5f9270d50cdae593628173e5dd826fa1dfae4
            • Instruction ID: 9b5ecf2010ac58c11cfb5679d63d565afac7d0217646e7d6f8cd1a0de6c8817a
            • Opcode Fuzzy Hash: 30673258b38b1177bd96d180afd5f9270d50cdae593628173e5dd826fa1dfae4
            • Instruction Fuzzy Hash: 82D1FD39520686DFDB26DFA8C401AAAFBF2FF59B00F08821DF6459B652C7359940CB18
            Function 012989B3 Relevance: 9.0, Strings: 7, Instructions: 259COMMON
            Download Yara Rule
            Strings
            • VerifierFlags, xrefs: 01298C50
            • VerifierDebug, xrefs: 01298CA5
            • VerifierDlls, xrefs: 01298CBD
            • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 01298A3D
            • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 01298A67
            • AVRF: -*- final list of providers -*- , xrefs: 01298B8F
            • HandleTraces, xrefs: 01298C8F
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
            • API String ID: 0-3223716464
            • Opcode ID: 6e8d13c00f6ca53bf13626d8a2e44fdafdb492347e2030c28d659423415deb3e
            • Instruction ID: d23e45a9bcdc1bac6ba376b7b5d280b0b70f2a2fecf8d1e8affcf3cf90fe8a71
            • Opcode Fuzzy Hash: 6e8d13c00f6ca53bf13626d8a2e44fdafdb492347e2030c28d659423415deb3e
            • Instruction Fuzzy Hash: 1191347266130AAFDF22EF2CC8A1B2B77E8AF55714F080419FA40AB281D7709C40CB95
            Function 0121EA80 Relevance: 8.6, Strings: 6, Instructions: 1073COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T${
            • API String ID: 0-1109411897
            • Opcode ID: 231092ba61cc0a9bfec117b66bac5271324264c756551ed2893a51670d93ac47
            • Instruction ID: e408fa7685eb28106a88da661f04b78fa4f65ff71fcab6585b554aa9e5a911db
            • Opcode Fuzzy Hash: 231092ba61cc0a9bfec117b66bac5271324264c756551ed2893a51670d93ac47
            • Instruction Fuzzy Hash: CCA29970A2526A8FDB25DF18CD98BAABBB5FF55300F1042E9D91DA7254DB709E84CF00
            Function 012463FF Relevance: 7.8, Strings: 6, Instructions: 261COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
            • API String ID: 0-792281065
            • Opcode ID: 3316a74a30691f05245d5ccd20a35f0506bcfb398b1670ac30b033969ad878cd
            • Instruction ID: f973636a9292b532a4a84740bf40d0ff9bdebe4f2d0f6e365c3de0f643027e78
            • Opcode Fuzzy Hash: 3316a74a30691f05245d5ccd20a35f0506bcfb398b1670ac30b033969ad878cd
            • Instruction Fuzzy Hash: 4E913570B21357DBEB3AEF58D855BBA7BE5EB51B24F04011EEA006B2C5D7B09841CB90
            Function 0120645D Relevance: 7.6, Strings: 6, Instructions: 150COMMON
            Download Yara Rule
            Strings
            • apphelp.dll, xrefs: 01206496
            • minkernel\ntdll\ldrinit.c, xrefs: 01269A11, 01269A3A
            • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 01269A2A
            • LdrpInitShimEngine, xrefs: 012699F4, 01269A07, 01269A30
            • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 012699ED
            • Getting the shim engine exports failed with status 0x%08lx, xrefs: 01269A01
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
            • API String ID: 0-204845295
            • Opcode ID: 17fd2837e251f15ff81131b7b299f8586ac335a255854c6f1c819a0c2ade48d3
            • Instruction ID: cde9ecbd7aeb3f17f189f7d3557ab466f4bc18f48aef84b82e0bff631930d44b
            • Opcode Fuzzy Hash: 17fd2837e251f15ff81131b7b299f8586ac335a255854c6f1c819a0c2ade48d3
            • Instruction Fuzzy Hash: 6751B3712683059FDB26DF24D851B6B7BE8FB84B48F00091EF68597191DB70ED84CB92
            Function 01242674 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
            Download Yara Rule
            Strings
            • SXS: %s() passed the empty activation context, xrefs: 01282165
            • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 012821BF
            • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 01282178
            • RtlGetAssemblyStorageRoot, xrefs: 01282160, 0128219A, 012821BA
            • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 01282180
            • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 0128219F
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
            • API String ID: 0-861424205
            • Opcode ID: e767347ffc6ef9457a57e1de9cc95de4505c8c0c510ff6a3b33c20c351820305
            • Instruction ID: 7e701ebf01a0d6e542df932f4451a8e4694567d7ec4bcb60dfdd03e0fb4341a8
            • Opcode Fuzzy Hash: e767347ffc6ef9457a57e1de9cc95de4505c8c0c510ff6a3b33c20c351820305
            • Instruction Fuzzy Hash: 3E313B36F61215F7F719DA9A9C41F6A7E78DF64A90F15005DFB05B7181D3B09A00C7A0
            Function 0124C6A6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
            Download Yara Rule
            Strings
            • Unable to build import redirection Table, Status = 0x%x, xrefs: 012881E5
            • minkernel\ntdll\ldrredirect.c, xrefs: 01288181, 012881F5
            • Loading import redirection DLL: '%wZ', xrefs: 01288170
            • LdrpInitializeProcess, xrefs: 0124C6C4
            • minkernel\ntdll\ldrinit.c, xrefs: 0124C6C3
            • LdrpInitializeImportRedirection, xrefs: 01288177, 012881EB
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
            • API String ID: 0-475462383
            • Opcode ID: 7e81891ebfe3276634a94424693c5e70e3c6b062f8819fa7af38922834c1d852
            • Instruction ID: cbbe84344d4ae59efa11822023fdabc2b840c22adcaf2eb2788df69741a99add
            • Opcode Fuzzy Hash: 7e81891ebfe3276634a94424693c5e70e3c6b062f8819fa7af38922834c1d852
            • Instruction Fuzzy Hash: 1831E2B16653469FD328EB29D946E2AB7D9AFD4B10F00055CFA456B291EB20EC04C7A2
            Function 0125096E Relevance: 6.6, APIs: 4, Instructions: 606COMMON
            Download Yara Rule
            APIs
              • Part of subcall function 01252DF0: LdrInitializeThunk.NTDLL ref: 01252DFA
            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01250BA3
            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01250BB6
            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01250D60
            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01250D74
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
            • String ID:
            • API String ID: 1404860816-0
            • Opcode ID: 0b5907d624606866108f0357c8da0ed3c3cb4c01183556c7a98e6939569a911a
            • Instruction ID: 41d1e09d5bab71c95246dbfc99d355888be81da87a84712ee7036c89faec23ae
            • Opcode Fuzzy Hash: 0b5907d624606866108f0357c8da0ed3c3cb4c01183556c7a98e6939569a911a
            • Instruction Fuzzy Hash: F5425C71910716DFDB61CF28C881BAAB7F5FF44314F1445A9E989EB242E770A984CF60
            Function 0121A3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
            • API String ID: 0-379654539
            • Opcode ID: b93e99dbf185665b4e17831568fcba2c5e17c824c540ea2ef452ad9c57e35705
            • Instruction ID: c9fa0a9c7469d84dd8faa9e61798f4e997ef8c931bdb3bd817faea5e48674cea
            • Opcode Fuzzy Hash: b93e99dbf185665b4e17831568fcba2c5e17c824c540ea2ef452ad9c57e35705
            • Instruction Fuzzy Hash: 5CC18A70529382DFD721CF58C140B6BB7E4FFA4704F04486AFA958B259E774CA49CB52
            Function 01248402 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
            Download Yara Rule
            Strings
            • LdrpInitializeProcess, xrefs: 01248422
            • minkernel\ntdll\ldrinit.c, xrefs: 01248421
            • @, xrefs: 01248591
            • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 0124855E
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
            • API String ID: 0-1918872054
            • Opcode ID: f10c80267380a330ae17cf41a27639b95038a7e631688e768667600d15c83a10
            • Instruction ID: 0ed261fa9a5a91e86c07d33ee0d4475112b1c08e5b1ab6bdcf99d1e12234b8a5
            • Opcode Fuzzy Hash: f10c80267380a330ae17cf41a27639b95038a7e631688e768667600d15c83a10
            • Instruction Fuzzy Hash: E7918E71568345EFD725EFA5CC81FBBBAE8FB84744F40492EFA8492191E334D9048B62
            Function 0124273C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
            Download Yara Rule
            Strings
            • SXS: %s() passed the empty activation context, xrefs: 012821DE
            • .Local, xrefs: 012428D8
            • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 012822B6
            • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 012821D9, 012822B1
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
            • API String ID: 0-1239276146
            • Opcode ID: 7881e514999992ebcd6deae92111676b913c34dc4f282fd4c8f541cc1c1f0e81
            • Instruction ID: 4d6226058ce1580ad5b726c1d7bc2e7cc234513bc8e1e3ca7f0dc1b777627133
            • Opcode Fuzzy Hash: 7881e514999992ebcd6deae92111676b913c34dc4f282fd4c8f541cc1c1f0e81
            • Instruction Fuzzy Hash: 91A1EB3592122ADFDB29DF59DC84BA9B7B0BF58314F2441E9EA08A7251D7709EC0CF90
            Function 012164AB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
            Download Yara Rule
            Strings
            • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 01270FE5
            • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 0127106B
            • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 01271028
            • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 012710AE
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
            • API String ID: 0-1468400865
            • Opcode ID: 16f410114b9fd13865dd3109484ca194d1739b0fba7419fb7bdeaac60dbdcc07
            • Instruction ID: 709cacfde439e653fd443a49648e0ceaccfd407bfe6a11f7b1d73fc4fdf1a87f
            • Opcode Fuzzy Hash: 16f410114b9fd13865dd3109484ca194d1739b0fba7419fb7bdeaac60dbdcc07
            • Instruction Fuzzy Hash: E671D2B1924306AFCB61DF18C885BAB7FE8AF64754F000468FD498B18AD774D588CBD2
            Function 0123245A Relevance: 5.1, Strings: 4, Instructions: 111COMMON
            Download Yara Rule
            Strings
            • apphelp.dll, xrefs: 01232462
            • minkernel\ntdll\ldrinit.c, xrefs: 0127A9A2
            • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 0127A992
            • LdrpDynamicShimModule, xrefs: 0127A998
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
            • API String ID: 0-176724104
            • Opcode ID: 0c5a7fe8da9bb85c1365f207f5c94409c452dea112b335280354a4bf95fa3e41
            • Instruction ID: 47bf1a704400a31062869c42cd696387ef1ce964a25823c101bf4f7264ce8870
            • Opcode Fuzzy Hash: 0c5a7fe8da9bb85c1365f207f5c94409c452dea112b335280354a4bf95fa3e41
            • Instruction Fuzzy Hash: 81314AB1620202EFDB369F5D8891A7FBBFCFB84B14F1A005AEA0067249C7B09951C740
            Function 012229A0 Relevance: 4.7, Strings: 3, Instructions: 966COMMON
            Download Yara Rule
            Strings
            • Unable to release memory at %p for %Ix bytes - Status == %x, xrefs: 0122327D
            • HEAP[%wZ]: , xrefs: 01223255
            • HEAP: , xrefs: 01223264
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
            • API String ID: 0-617086771
            • Opcode ID: a92248a309b78c2fd017afde830b506addc0df2c70e9652f314bc9457d19496f
            • Instruction ID: 2840e9132d2e714380a99a2e84cd735307c7b465b35f0773ab0873dd2e9c3ef8
            • Opcode Fuzzy Hash: a92248a309b78c2fd017afde830b506addc0df2c70e9652f314bc9457d19496f
            • Instruction Fuzzy Hash: BD92CE71A2426AEFDB25CF68C440BAEBBF1FF48300F148059E959AB351D779A941CF50
            Function 01220770 Relevance: 4.2, Strings: 3, Instructions: 414COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
            • API String ID: 0-4253913091
            • Opcode ID: 64fbfa3c4d6721be30c7059ba4ab91049f29a89c962d1b3de10a35679d5415c6
            • Instruction ID: 88929c95797ece16bb6b2f6393706bcb6af28462924b6f59f1b3e0d854df2e38
            • Opcode Fuzzy Hash: 64fbfa3c4d6721be30c7059ba4ab91049f29a89c962d1b3de10a35679d5415c6
            • Instruction Fuzzy Hash: 79F1BB30B20606EFEB25CF68C894B6EB7B5FF44700F148269E6069B391D774E981CB95
            Function 01236962 Relevance: 4.0, Strings: 2, Instructions: 1492COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: $@
            • API String ID: 0-1077428164
            • Opcode ID: fa2f05b2419575df83245e1bbcb807dfcf0dab34964a7b1cebde49e60582da77
            • Instruction ID: 6aff80f90802c81823dd46e7b03dff3d303a750580971cb34c5656cd97b6a639
            • Opcode Fuzzy Hash: fa2f05b2419575df83245e1bbcb807dfcf0dab34964a7b1cebde49e60582da77
            • Instruction Fuzzy Hash: 17C284B16283429FDB25CF28C481BABBBE5AFC8714F04892DFA89C7241D774D945CB52
            Function 0120A197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: FilterFullPath$UseFilter$\??\
            • API String ID: 0-2779062949
            • Opcode ID: 3e15f9986da2bae14fc4189ca5fe548c336b41513aa70036e64fb3573335ddb6
            • Instruction ID: 207a29d10a0b56064674ad197317669977a7bbb4335840ea3fa008cca7dd3e59
            • Opcode Fuzzy Hash: 3e15f9986da2bae14fc4189ca5fe548c336b41513aa70036e64fb3573335ddb6
            • Instruction Fuzzy Hash: 9FA1607192162A9BDB31EF64CC88BEAB7B8EF44710F1001E9DA08A7290D7359ED4CF50
            Function 01230BCB Relevance: 4.0, Strings: 3, Instructions: 210COMMON
            Download Yara Rule
            Strings
            • LdrpCheckModule, xrefs: 0127A117
            • minkernel\ntdll\ldrinit.c, xrefs: 0127A121
            • Failed to allocated memory for shimmed module list, xrefs: 0127A10F
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
            • API String ID: 0-161242083
            • Opcode ID: ac04cc5c16b63f927017cdfaa5b6dd148460998fa7ac81ddb9824765c1a644c8
            • Instruction ID: 5f86d2e6e4a042d9d28b47400bb1874aa8e1af31c1d1f2cd504e1b678ef0a858
            • Opcode Fuzzy Hash: ac04cc5c16b63f927017cdfaa5b6dd148460998fa7ac81ddb9824765c1a644c8
            • Instruction Fuzzy Hash: BE71C4B0A20206DFDB2ADF68C991BBEB7F8FB84704F18442DE90297255E774AD41CB54
            Function 01220A5B Relevance: 3.9, Strings: 3, Instructions: 190COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
            • API String ID: 0-1334570610
            • Opcode ID: af1eb890f9a13a95766b1875eac805678d1091dbab193d532ab79fe9a18bc4ea
            • Instruction ID: eb1c272d59eb09d98d7d5178c92df040f32872a7baad3afa46aa4d021f49d0df
            • Opcode Fuzzy Hash: af1eb890f9a13a95766b1875eac805678d1091dbab193d532ab79fe9a18bc4ea
            • Instruction Fuzzy Hash: F161D070620316EFDB29CF28C485B6ABBE1FF44704F14855AF9598F292D7B0E881CB95
            Function 0124C720 Relevance: 3.9, Strings: 3, Instructions: 141COMMON
            Download Yara Rule
            Strings
            • minkernel\ntdll\ldrinit.c, xrefs: 012882E8
            • LdrpInitializePerUserWindowsDirectory, xrefs: 012882DE
            • Failed to reallocate the system dirs string !, xrefs: 012882D7
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
            • API String ID: 0-1783798831
            • Opcode ID: 17c839ace4483692d0b528d2c5d58ac348be490d207dd985581824d269f89bda
            • Instruction ID: 4b6c6b3d4f85d4e3c35aae3247f977b1e844ae487fc2fa19f3cacbdcd071b5ce
            • Opcode Fuzzy Hash: 17c839ace4483692d0b528d2c5d58ac348be490d207dd985581824d269f89bda
            • Instruction Fuzzy Hash: 124124B1566306ABD72AEB6CDC41B6B77ECEF44750F00452AFA48D3295E770D810CB91
            Function 012CC188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
            Download Yara Rule
            Strings
            • @, xrefs: 012CC1F1
            • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 012CC1C5
            • PreferredUILanguages, xrefs: 012CC212
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
            • API String ID: 0-2968386058
            • Opcode ID: 4cdd78a730930df90ef1d44cf770bd667f27a13cfff7f5d6d6605237888507f6
            • Instruction ID: 43a9a4aaa5ea4928793a3d5f95be5fbc0a41d1c751a0055c39f6323d56734bbc
            • Opcode Fuzzy Hash: 4cdd78a730930df90ef1d44cf770bd667f27a13cfff7f5d6d6605237888507f6
            • Instruction Fuzzy Hash: 86416671D2021AEBDF11DAD8C891FEEBBB9AB14B10F14416EE709B7240D7749A44CB51
            Function 012A4144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
            • API String ID: 0-1373925480
            • Opcode ID: 771b4faeb0bbcc0d67f208f8c8390f81b24e3997ad999aa09301b0d8642bc6de
            • Instruction ID: d7c7087b39d4a97dc1e3a6678e1f80e4a987414a832ff46a492291feaec5a3fe
            • Opcode Fuzzy Hash: 771b4faeb0bbcc0d67f208f8c8390f81b24e3997ad999aa09301b0d8642bc6de
            • Instruction Fuzzy Hash: D4411831920399CBEB25EBE9C940BADBBB4FF55340F580469DA01EB782D7B4D901CB10
            Function 01294755 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
            Download Yara Rule
            Strings
            • minkernel\ntdll\ldrredirect.c, xrefs: 01294899
            • LdrpCheckRedirection, xrefs: 0129488F
            • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 01294888
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
            • API String ID: 0-3154609507
            • Opcode ID: 54f238c7352bc5209d4ec995407e1565de87f2cfe92d98ad7f0895fa0212a79d
            • Instruction ID: 2aa4b5f7ca198be9ddc57106ee3a7ea8d49e5d264213ce910e3df7bcd1aa1982
            • Opcode Fuzzy Hash: 54f238c7352bc5209d4ec995407e1565de87f2cfe92d98ad7f0895fa0212a79d
            • Instruction Fuzzy Hash: 2541F132A346928FCF26EE5DDA40A6A7BE4BF49A54F05055DEE499B351D330D802CB80
            Function 01220BBE Relevance: 3.8, Strings: 3, Instructions: 70COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
            • API String ID: 0-2558761708
            • Opcode ID: 9fd1841ecef1e6675ea379802d5cedf3964062277c081f03aafe1966c5a39535
            • Instruction ID: ab01151cc0f85809af08247ad1a940a16f40864b33a4bc77ad8af5313ace108c
            • Opcode Fuzzy Hash: 9fd1841ecef1e6675ea379802d5cedf3964062277c081f03aafe1966c5a39535
            • Instruction Fuzzy Hash: 1E11DF31374152AFDB2ACF18C466B3AF7A5EF50615F18852EF506CB292EB30E840CB58
            Function 012920DE Relevance: 3.8, Strings: 3, Instructions: 41COMMON
            Download Yara Rule
            Strings
            • minkernel\ntdll\ldrinit.c, xrefs: 01292104
            • LdrpInitializationFailure, xrefs: 012920FA
            • Process initialization failed with status 0x%08lx, xrefs: 012920F3
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
            • API String ID: 0-2986994758
            • Opcode ID: a4292c86c4405cc10bcb143f506179adfc79b867ed282b9ea5fd68bad1787ace
            • Instruction ID: 3c7232f4b1e5efc1983f0a28f434e604288063870bf63190b3e7ab167639ade9
            • Opcode Fuzzy Hash: a4292c86c4405cc10bcb143f506179adfc79b867ed282b9ea5fd68bad1787ace
            • Instruction Fuzzy Hash: 96F0AF75660209BFEB28E64D9C56FA977ACEB40B54F50006DFB0077286E3B0A950CA91
            Function 012203E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON
            Download Yara Rule
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID: ___swprintf_l
            • String ID: #%u
            • API String ID: 48624451-232158463
            • Opcode ID: ee69f0406a538146de0081ef0cea4470cb8585996284b7ee3a041230d2192859
            • Instruction ID: 65948b0aa320177eb87ebb67b89a4153e86265ec7bcda066f83da93f4c5c7db9
            • Opcode Fuzzy Hash: ee69f0406a538146de0081ef0cea4470cb8585996284b7ee3a041230d2192859
            • Instruction Fuzzy Hash: AD715A71A2015AAFDB05DFA8C994BAEB7F8FF08304F144065EA05E7251EB78ED41CB64
            Function 0121A9D0 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
            Download Yara Rule
            Strings
            • LdrResSearchResource Enter, xrefs: 0121AA13
            • LdrResSearchResource Exit, xrefs: 0121AA25
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
            • API String ID: 0-4066393604
            • Opcode ID: 1cd0332776244868494f077c3566a05119a29389c5d96f7e1e7a9b81c22cf8b8
            • Instruction ID: 8b57580f3bee7b77e8e035343007c032fb3855d250effef16fc97eebeb2de31b
            • Opcode Fuzzy Hash: 1cd0332776244868494f077c3566a05119a29389c5d96f7e1e7a9b81c22cf8b8
            • Instruction Fuzzy Hash: 00E18371E2129ADFEF22CE99D980BAEBBF9BF24310F144425EA01E7245E774D940CB51
            Function 012DA352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: `$`
            • API String ID: 0-197956300
            • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
            • Instruction ID: dc9a2159e2798b73ee8f4d0a91d7b3fe3a6dca69e67bce541f55e15bd334c34e
            • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
            • Instruction Fuzzy Hash: E6C1AE312243429BEB25CF28C841F6BBBE5EFD4318F184A2DF6968B290D7B5D545CB81
            Function 0128E6F2 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID: InitializeThunk
            • String ID: Legacy$UEFI
            • API String ID: 2994545307-634100481
            • Opcode ID: 85036f25700ac47612d48c00eda37e7ecf3b1ee98e629a7c98deca4fe9b763b9
            • Instruction ID: 43cbdb941794575ccef47fd1234cd25c47012d53ec7fc723cf50f652b652acd1
            • Opcode Fuzzy Hash: 85036f25700ac47612d48c00eda37e7ecf3b1ee98e629a7c98deca4fe9b763b9
            • Instruction Fuzzy Hash: F7616D71E212199FDB15EFA8C940BBEBBB9FB54700F15402DEA49EB291D731A940CB50
            Function 012B43D4 Relevance: 2.7, Strings: 2, Instructions: 169COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: @$MUI
            • API String ID: 0-17815947
            • Opcode ID: fb22356ff39cd471b94859e29f56dc4c3df332528efac9fc2b2e830e80508f8b
            • Instruction ID: e6fa709234c7853dd82899d5f0d8d755341efd2913d9dd86a70f2461209bcd46
            • Opcode Fuzzy Hash: fb22356ff39cd471b94859e29f56dc4c3df332528efac9fc2b2e830e80508f8b
            • Instruction Fuzzy Hash: E0514A71D2065EAFDF11DFE9CCC0AEEBBB8EB58794F100529EA11B7281D6349905CB60
            Function 012104E5 Relevance: 2.7, Strings: 2, Instructions: 153COMMON
            Download Yara Rule
            Strings
            • kLsE, xrefs: 01210540
            • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 0121063D
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
            • API String ID: 0-2547482624
            • Opcode ID: 0c2b3f19cae03396039cfb3f03f42f5a600dd53b1950623093bb6789088d54ba
            • Instruction ID: 2efc311bdac41447132595da2df11a12ff95f2491189418adefc50cff9150945
            • Opcode Fuzzy Hash: 0c2b3f19cae03396039cfb3f03f42f5a600dd53b1950623093bb6789088d54ba
            • Instruction Fuzzy Hash: A251CF715207869FC725EF68C4406A7BBE4AFA4304F104C3EFA9987245E770D985CB99
            Function 0121A2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
            Download Yara Rule
            Strings
            • RtlpResUltimateFallbackInfo Exit, xrefs: 0121A309
            • RtlpResUltimateFallbackInfo Enter, xrefs: 0121A2FB
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
            • API String ID: 0-2876891731
            • Opcode ID: b5cd48a0ceb9923478079b2eb8e9c7de55221724026761d60eff4352c70b4b50
            • Instruction ID: 82b8c49771aef93cd9e4d8ab8c32f1da0a31ce4d74fdd84e77fdb95ffbcced43
            • Opcode Fuzzy Hash: b5cd48a0ceb9923478079b2eb8e9c7de55221724026761d60eff4352c70b4b50
            • Instruction Fuzzy Hash: A741AC70A2569ADBDB16CF69C840B7EBBF4FF94700F2440A5EA05DB295E3B5DA00CB50
            Function 0124A5D0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID: InitializeThunk
            • String ID: Cleanup Group$Threadpool!
            • API String ID: 2994545307-4008356553
            • Opcode ID: 75369db83e2d6aab24e21fff805dd03f5d615416651c4bac3294311170d35a80
            • Instruction ID: 798bcace8f5a196ab100f20722686ad0f5f080ea1f51b25f2f18c4075a3837f6
            • Opcode Fuzzy Hash: 75369db83e2d6aab24e21fff805dd03f5d615416651c4bac3294311170d35a80
            • Instruction Fuzzy Hash: 050128B22A0704EFD311DF14CD4AF2677E8E794B29F008939B649C7594E774D804CB4A
            Function 0121C7C0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: MUI
            • API String ID: 0-1339004836
            • Opcode ID: f54f27c24b9c59841f43ec9ee159e37dcd53536dcb2d336aaa6331e00deb6387
            • Instruction ID: 7a163fa276b504dd9cae72b19d8c77932aeeb105e485148d4d820cce962e0410
            • Opcode Fuzzy Hash: f54f27c24b9c59841f43ec9ee159e37dcd53536dcb2d336aaa6331e00deb6387
            • Instruction Fuzzy Hash: 48829C79E60219CBEB25CFA8C8847EDBBF1FF68310F148169DA19AB258D7709941CF50
            Function 01296420 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID: 0-3916222277
            • Opcode ID: 53ee7a60d0bf8cc5434a9c5b8fde4089d9dbb84c42123a20f1c63aaeae3a4988
            • Instruction ID: d4336a46b7d45f8ffe283a1942ec14f304468a61d87182186ccd8b654d6bb556
            • Opcode Fuzzy Hash: 53ee7a60d0bf8cc5434a9c5b8fde4089d9dbb84c42123a20f1c63aaeae3a4988
            • Instruction Fuzzy Hash: EB9151B1A6021AAFDB21DF99CD85FAEBBB8EF58750F104055F700AB190D775AD04CB90
            Function 012BE10E Relevance: 1.5, Strings: 1, Instructions: 255COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID: 0-3916222277
            • Opcode ID: aab6bdf0c43ff65d1408b043fe7d4a8e9556814c9f025b01055081967f9b000d
            • Instruction ID: f7f67460616a75e94b51efb9049e210ebee6bbc982444c570290bdf1872c564a
            • Opcode Fuzzy Hash: aab6bdf0c43ff65d1408b043fe7d4a8e9556814c9f025b01055081967f9b000d
            • Instruction Fuzzy Hash: C591AE7292160ABFDB26ABA4DC84FFFBB79EF45780F150025F601A7250E778A941CB50
            Function 0124A660 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: GlobalTags
            • API String ID: 0-1106856819
            • Opcode ID: 11498650fcc42d2236770a194f41a4781bc9bae43cebddd352ccee1acbf56d69
            • Instruction ID: 71fa5477e02a64fc5417ffdc5afbb28a4776fb41b6eefc1f92652b4fd0980135
            • Opcode Fuzzy Hash: 11498650fcc42d2236770a194f41a4781bc9bae43cebddd352ccee1acbf56d69
            • Instruction Fuzzy Hash: 9C7190B5E2121ACFDF28EF9CD5916ADBBB2FF48700F14812EE605A7281E7708945CB50
            Function 012B4978 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: .mui
            • API String ID: 0-1199573805
            • Opcode ID: 3beb592335b5ab9d1b33b57ad9795d0545a47173959c9b47fb086e3e6cf77786
            • Instruction ID: 1abc1a0a197be9153e01b7d14b1361571fffcd0645ad37be2fac87a469c06e9c
            • Opcode Fuzzy Hash: 3beb592335b5ab9d1b33b57ad9795d0545a47173959c9b47fb086e3e6cf77786
            • Instruction Fuzzy Hash: CB51B672D2026A9BDB14EF99D8D0AEEBBB9BF14750F054129EA12B7241D3749C01CBE0
            Function 0122E627 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: EXT-
            • API String ID: 0-1948896318
            • Opcode ID: 3b3f05b985fb8e0e5125929308a6dab0753dd78386af3e38ce75e32516c2f9e3
            • Instruction ID: 8b8fa7a518714e8d85a675cd16a5e5b7ad271b028acb993b2289c0a79f8ce850
            • Opcode Fuzzy Hash: 3b3f05b985fb8e0e5125929308a6dab0753dd78386af3e38ce75e32516c2f9e3
            • Instruction Fuzzy Hash: 4541A072528322BBD724DA75C840BAFBBE8AF98714F45092DFA84E7180E774D904D792
            Function 0128C730 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: BinaryHash
            • API String ID: 0-2202222882
            • Opcode ID: 0aa4d8ec204f4329b728ce3418a02691dd20bbf7992b55c93d66c1027ad28d9f
            • Instruction ID: b0d6d9c35ef497cc92ac65ed86a27f51b494c9c1b18ea86abcaf2c315e364f2b
            • Opcode Fuzzy Hash: 0aa4d8ec204f4329b728ce3418a02691dd20bbf7992b55c93d66c1027ad28d9f
            • Instruction Fuzzy Hash: 914146B1D6112DABDF21EB50CC84FEEB77CAB44714F0045A5EB08A7180DB709E998FA4
            Function 012A6B40 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: #
            • API String ID: 0-1885708031
            • Opcode ID: a10fba2b6037c4027092ae36dea5ebb4a9812e9cd01f1e4126ad12613c687bd0
            • Instruction ID: 1415d80b70c8316a7f89a4974ae103128f7cc802ccf6c13910fa71c5522a66d9
            • Opcode Fuzzy Hash: a10fba2b6037c4027092ae36dea5ebb4a9812e9cd01f1e4126ad12613c687bd0
            • Instruction Fuzzy Hash: 30316131A203599BDB32DF68C858BFEB7B9DF04704F984069EA40AB281D775D805CB50
            Function 0128CA72 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: BinaryName
            • API String ID: 0-215506332
            • Opcode ID: f60e7bee796e592aed7820f218a2521a5f8b0b487f1a5beb112ba7b58c42828c
            • Instruction ID: bd33b11d14c7379dff9b573fd378fd84e0a5e99336e3c58803d91025ad3f16c2
            • Opcode Fuzzy Hash: f60e7bee796e592aed7820f218a2521a5f8b0b487f1a5beb112ba7b58c42828c
            • Instruction Fuzzy Hash: B931E876911916EFDB15EA59C845EBFBB74FB40720F018129EA05A7290E7309D14D7F0
            Function 0129892A Relevance: 1.3, Strings: 1, Instructions: 47COMMON
            Download Yara Rule
            Strings
            • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 0129895E
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
            • API String ID: 0-702105204
            • Opcode ID: 215fc40779c47e5c7a3be737d404805102b260dd8fbecfff8a29021f4950f170
            • Instruction ID: 09c8cab07478fb0a1d6c26ce8c88310f02de5fd0a170c4ff2f58e1c96f2bb640
            • Opcode Fuzzy Hash: 215fc40779c47e5c7a3be737d404805102b260dd8fbecfff8a29021f4950f170
            • Instruction Fuzzy Hash: 9201FC3233020A5FFF365B5DCC94B667BA9EF97254F0C001DF74106651CB606841CB92
            Function 012B2000 Relevance: .8, Instructions: 757COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 70ea6917a4372391574b3ed72d106d5ce5b771409a22b0f28fa3fc000e4a57db
            • Instruction ID: 1e63a46d9c718b4002c6a405785667b6f456c8587060859d058c622d6ccf2d4a
            • Opcode Fuzzy Hash: 70ea6917a4372391574b3ed72d106d5ce5b771409a22b0f28fa3fc000e4a57db
            • Instruction Fuzzy Hash: 9B42B431628342DBD715CF68C8D0AABBBE5EF88380F08492DFA9697251D774E845CB52
            Function 012A8158 Relevance: .6, Instructions: 617COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 089d715b682143dc3979ee85e61e71fc3850270373e0f04e9f77d6ec26cd86eb
            • Instruction ID: d99275399761265e0da96db63bcd8fffd689a85c0ce4063c87a45d4ca5f0bee8
            • Opcode Fuzzy Hash: 089d715b682143dc3979ee85e61e71fc3850270373e0f04e9f77d6ec26cd86eb
            • Instruction Fuzzy Hash: 36426D75E202198FEB24CF69C881BADBBF5FF88301F548199EA49EB241D7349985CF50
            Function 01222840 Relevance: .6, Instructions: 605COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: ac8baef189c787c71d777526cf3732001b6e301390033686895404e1904c744b
            • Instruction ID: 8059a78c157803434443594a8951bb435ba09c1c109adc10c9dfaecb87fa58d8
            • Opcode Fuzzy Hash: ac8baef189c787c71d777526cf3732001b6e301390033686895404e1904c744b
            • Instruction Fuzzy Hash: A732FC70A20B568FEB25CF69C8547BFBBF2BF84300F24411DD6869B285D775A806CB50
            Function 012BA118 Relevance: .6, Instructions: 591COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: dc241d3ee28a39d09785f17b887812ceaf9984063ca0ced146258f0bd441ddca
            • Instruction ID: 35478d605a347918c0d6e01431a9d0aa790b48a6131a77f686d98bd2c4af5657
            • Opcode Fuzzy Hash: dc241d3ee28a39d09785f17b887812ceaf9984063ca0ced146258f0bd441ddca
            • Instruction Fuzzy Hash: 4422D0706346528FEB25CF2DC0D53B6BBF1AF44380F08845ADA968B286D775E582DB60
            Function 01216A50 Relevance: .5, Instructions: 548COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 7dc5fd1f17148531a3b2069a9f881838d87a88e8ffca62a679c339715932441c
            • Instruction ID: 27d563eb4d0c45937f068f0802d78742036089271bf271d557ea6c73cbd48e49
            • Opcode Fuzzy Hash: 7dc5fd1f17148531a3b2069a9f881838d87a88e8ffca62a679c339715932441c
            • Instruction Fuzzy Hash: 6A32E071A20216CFDB25CF68C480BAEBBF1FF58300F148569EA55AB395D7B0E851CB90
            Function 01234A35 Relevance: .4, Instructions: 423COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
            • Instruction ID: 00f20ac4dc7736c7486d1d8b928e98d1cef32fb9cd1f5670107594b777a2440a
            • Opcode Fuzzy Hash: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
            • Instruction Fuzzy Hash: 37F194B1E2024A9BDF15DF99D580BAEBBF5BF88714F088169EA05AB340E774DC41CB50
            Function 012A892B Relevance: .4, Instructions: 386COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 7c13b534c3ae39f0424707d7802368f7d277aadc1d41c7a2f48f6dd3b0e5fb36
            • Instruction ID: 3f9fd22a349c2a6d90c687d06165698ba27338f3d5ee9eded2b27f1d47457bd2
            • Opcode Fuzzy Hash: 7c13b534c3ae39f0424707d7802368f7d277aadc1d41c7a2f48f6dd3b0e5fb36
            • Instruction Fuzzy Hash: 13D10372E2060A9BDF09CF69C841AFEB7F2BF88305F588169D955E7241E735E901CB60
            Function 012165D0 Relevance: .4, Instructions: 383COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: cb05d5c7b95541b517b709a278c5a4958e2375f1e99ec8a7a23817edf8bd2733
            • Instruction ID: 193b4d1667968661682d31e7b06f8b2143fffdb07fef7dbb13b9eb7b83f5a010
            • Opcode Fuzzy Hash: cb05d5c7b95541b517b709a278c5a4958e2375f1e99ec8a7a23817edf8bd2733
            • Instruction Fuzzy Hash: C8E1D171618342CFC715CF28C080A6EBBE1FF99314F05896DE9958B355EBB1E905CB92
            Function 01208397 Relevance: .4, Instructions: 380COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: f8bdc779f0eed6a4327867bdfa093ce6b78074cf4120c24e2f4f727276b79a46
            • Instruction ID: d4c15881f1c1655daebdc30d14efaca9f3ef7ea0581850410c2f4d8c0d5cb4b2
            • Opcode Fuzzy Hash: f8bdc779f0eed6a4327867bdfa093ce6b78074cf4120c24e2f4f727276b79a46
            • Instruction Fuzzy Hash: C3D1E371B206079BDB1ADF28C891ABB77A5FF54304F054229EA15DB2D2EB30D991CB50
            Function 01298243 Relevance: .3, Instructions: 322COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
            • Instruction ID: 0b2b139b2f4c1a81415216e281082eff49448c315ba5bdbd55171307ea6de5b4
            • Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
            • Instruction Fuzzy Hash: 17B16574A106499FDF24DF5DC940EABBBB5FF86304F18446EAA42D7790DA34E905CB10
            Function 01220535 Relevance: .3, Instructions: 300COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
            • Instruction ID: c3e61181de36052f27b584cfbce6eee41aabaa74978018dfd8046a13feb456bb
            • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
            • Instruction Fuzzy Hash: 72B10831620656AFDB26DB68C850BBFBBF6BF88300F140559E652DB281DB70ED41CB94
            Function 012183C0 Relevance: .3, Instructions: 281COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: cbedd9c22fb0c931b29d5ec17a8d00e42e3c589e5349867c18fdbbe1776acc73
            • Instruction ID: af4f8ec4790090d68a79177af1be8a8ac8c9b7136693940fcf66c58cba87048e
            • Opcode Fuzzy Hash: cbedd9c22fb0c931b29d5ec17a8d00e42e3c589e5349867c18fdbbe1776acc73
            • Instruction Fuzzy Hash: E9C157741283418FE764CF18C484BABBBE5FF98304F44495DEA8987291D774E944CF92
            Function 0120C427 Relevance: .3, Instructions: 280COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: c07170825b7c91a68d6a571ed7562b3f82e2cddf8ad902e67dd6436f8a9fb13e
            • Instruction ID: 8012d39be85f422d5c48d37c9c540a26e114a6652554e248805a6d504306a17f
            • Opcode Fuzzy Hash: c07170825b7c91a68d6a571ed7562b3f82e2cddf8ad902e67dd6436f8a9fb13e
            • Instruction Fuzzy Hash: B8B181B4A202668BDB35CF58D880BB9B7B5EF44700F0486E9D50AE7281EB71DDC5CB20
            Function 0123E5E7 Relevance: .3, Instructions: 278COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 9acbdd7018c8094c7304c0fa27b79ee5fdff69f2692a271a577c83b6de7a7d58
            • Instruction ID: a5ba43304c4691ddd695a0c04aa188f7d7ba4a492d27e2dc5345bc3b7bdc758a
            • Opcode Fuzzy Hash: 9acbdd7018c8094c7304c0fa27b79ee5fdff69f2692a271a577c83b6de7a7d58
            • Instruction Fuzzy Hash: AAA127B1E24616AFEB22DB5CC944BBEBBA4BF44710F060115EB20AB2D1D7749D44CBD1
            Function 01250185 Relevance: .3, Instructions: 276COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: c4dbe88efdb2a9b790065408a54e4c0f1079adcd83fd358a2f5053a1388b32c6
            • Instruction ID: 0fcda33aeb97795535567eecaff7d7705e6726a3fda48c7769b4c5fabee30cb7
            • Opcode Fuzzy Hash: c4dbe88efdb2a9b790065408a54e4c0f1079adcd83fd358a2f5053a1388b32c6
            • Instruction Fuzzy Hash: FFA1DF70B216169FEB65DF69C8D1BBABBA4FF44318F004029EF0597282EB74E851CB54
            Function 012E4500 Relevance: .3, Instructions: 275COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: c4a34a7cb0772edbafc489d0e9838f6228441be27720ec23ffde4ba92fd47138
            • Instruction ID: 7e7f450b180093f3860fd22970d965b583367c4bd30b0e31155b57f83e170562
            • Opcode Fuzzy Hash: c4a34a7cb0772edbafc489d0e9838f6228441be27720ec23ffde4ba92fd47138
            • Instruction Fuzzy Hash: 18A1DDB2A20292EFC716EF18CD84B6ABBE9FF58314F850529E645DB650D334ED10CB91
            Function 012E2B57 Relevance: .3, Instructions: 266COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
            • Instruction ID: 30a0dc9784a4bc34a87a6cb94761ffcab59c510cc693f3afc234794fe2df06cc
            • Opcode Fuzzy Hash: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
            • Instruction Fuzzy Hash: 47B15971E1061ADFDF19CFA9C884AADBBF9FF48310F548169EA16A7350D730A941CB90
            Function 012960E0 Relevance: .3, Instructions: 264COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 93907b209a1288d080228385056cd55a3444dda8f752beb2a46e7a7b4c33e8db
            • Instruction ID: 6ff4db2a0e91d80bc8f4486d53cfcf7fc857c6beb62d5ab74e0993c62670bca7
            • Opcode Fuzzy Hash: 93907b209a1288d080228385056cd55a3444dda8f752beb2a46e7a7b4c33e8db
            • Instruction Fuzzy Hash: 799191B1D1021AAFDF15CFACD894BBEBBF9AF48710F154169EA10AB341D734D9009BA4
            Function 0122E3F0 Relevance: .3, Instructions: 261COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: e56d2aa84b989d44dfccec90fd1f0906839785891a8c1d3e794f130f503d7fc3
            • Instruction ID: 9653ca27ae830fa3f356487a9d3131d3ccf1036e38c95966aad2516bc2216262
            • Opcode Fuzzy Hash: e56d2aa84b989d44dfccec90fd1f0906839785891a8c1d3e794f130f503d7fc3
            • Instruction Fuzzy Hash: 56915671A30636EBEB24DB5CD841B7E7BE1FF94724F068069EA059B380EA74D841D750
            Function 012DAB40 Relevance: .2, Instructions: 222COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
            • Instruction ID: c2dfc51f746b3d8cb2f51d3e4cd1bf2ef520c953beafa97981bbc3cb17b9f332
            • Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
            • Instruction Fuzzy Hash: A1819231A2020A9FDF19CF98C881ABEBBF6FF94310F188569D9169B385D774E941CB50
            Function 0124E284 Relevance: .2, Instructions: 212COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: fdec0b4dc6015a1a9077e6a7e7346de7dccd400f0d6340bcb5f8f15773385280
            • Instruction ID: db500089eb1ecc1a74b7a8a12090161714dc4ed22400d2901da076cdf07e3ef0
            • Opcode Fuzzy Hash: fdec0b4dc6015a1a9077e6a7e7346de7dccd400f0d6340bcb5f8f15773385280
            • Instruction Fuzzy Hash: 3181837191060AEFEB26DFA9C880BEEBBF9FF88314F114429E655A7250D770AC45CB50
            Function 0122C640 Relevance: .2, Instructions: 206COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: eaa9d7e7d351cc4018315c656a7d659ee035f6d7629d1692c05049115671b2f0
            • Instruction ID: 407afd2e7b48bf8ed64ef87c2c22fe8b84ca01519828140bc213ac4d35a134c6
            • Opcode Fuzzy Hash: eaa9d7e7d351cc4018315c656a7d659ee035f6d7629d1692c05049115671b2f0
            • Instruction Fuzzy Hash: 8171B1B5D24666EFCB2A8F69C8917BEBBF9FF58710F14411AE941AB350D3709810CB90
            Function 012C47A0 Relevance: .2, Instructions: 202COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 8bd6c54172cfd6a487319acd29abf1412df47e7316617563d3c0d1eadd3ad683
            • Instruction ID: da53ac42cc5fb61cbca319e67a3c5ba3194479c09801d62fc8d525dc28b5f457
            • Opcode Fuzzy Hash: 8bd6c54172cfd6a487319acd29abf1412df47e7316617563d3c0d1eadd3ad683
            • Instruction Fuzzy Hash: 857171B0920246EFDB21EF99D975AABBBF8EF90B10F10525EE70497298C7318950CB54
            Function 0122260B Relevance: .2, Instructions: 201COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 9d0956b410b62211f037020ce7a7a6504981901194e76c2cbfcad875f9e5167c
            • Instruction ID: 92f8b174f35e3e58378f8f1b8bce65a432e7d527a171c4181df09453fc0354d9
            • Opcode Fuzzy Hash: 9d0956b410b62211f037020ce7a7a6504981901194e76c2cbfcad875f9e5167c
            • Instruction Fuzzy Hash: C871E332624652DFD326CF2CC480B3AB7E5FF88300F0485A9E9548B352DB78D845CB91
            Function 0129035C Relevance: .2, Instructions: 198COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
            • Instruction ID: 12644a61db75d7df052ecc72a7e8c178c91ff5424b95bccb46c5cd294d5bf6f8
            • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
            • Instruction Fuzzy Hash: B2716C71E2061AAFDB10DFA9C984EEEBBB8FF48710F104569E505E7250DB34EA41CB94
            Function 012A62A0 Relevance: .2, Instructions: 198COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 7bfe5c0d1546500aab50f6ea9ec886ff25e1ae687d18de1b5edb71422f414909
            • Instruction ID: 8da0ee63a84db5807717380f7f197c3a4838f8a470aab7d35c1e68922039e667
            • Opcode Fuzzy Hash: 7bfe5c0d1546500aab50f6ea9ec886ff25e1ae687d18de1b5edb71422f414909
            • Instruction Fuzzy Hash: 6F71E172260B02EFE732DF18C845F6ABBA6EF44720F584428E7568B2E0D775E945CB50
            Function 01218AA0 Relevance: .2, Instructions: 197COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 32550e8e2ac849b8bf7ad38f5e6231b2a230b6858c7da2ed9ad4fc612580d322
            • Instruction ID: e13177e5ea3f46580de7b4cde4e07ce3e244b90efd7f8dd5c3101db8b228eb0f
            • Opcode Fuzzy Hash: 32550e8e2ac849b8bf7ad38f5e6231b2a230b6858c7da2ed9ad4fc612580d322
            • Instruction Fuzzy Hash: 2181BC72A24316CFDB25CF98D584BAEBBF5BB58310F15412EDA00AB285E774DE40CB94
            Function 012E8324 Relevance: .2, Instructions: 192COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: fb748c3a5514494fc432690a04a28bdafba2f5e65df118fe7eaf59ff4b42a599
            • Instruction ID: 8686aee338bea6563674c42f9a52ecd36eeb020d575fe021d94be0cd42ecb355
            • Opcode Fuzzy Hash: fb748c3a5514494fc432690a04a28bdafba2f5e65df118fe7eaf59ff4b42a599
            • Instruction Fuzzy Hash: 90712C71E2021AEFDF16DF94C885FEEBBB8FB04350F104119EA54A7290E774AA05CB90
            Function 012CA250 Relevance: .2, Instructions: 184COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 413e0687462081ee4aeecbed7fe4bb4c08cdfbe1159aae6651cc6265dfa901a7
            • Instruction ID: 7d7821d529e01bdaf37085bad621aa14f833d4f34210ce6951fb98ad5cd9d2c1
            • Opcode Fuzzy Hash: 413e0687462081ee4aeecbed7fe4bb4c08cdfbe1159aae6651cc6265dfa901a7
            • Instruction Fuzzy Hash: F151B072524756AFD722DE68C884E6BF7E9EBC4B50F014A2DBB40DB150E670ED04C7A2
            Function 012B8350 Relevance: .2, Instructions: 161COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 9a7d6732dd358fdc99d3e660fd248ceccbfe60f4f4645ffb086bcbaddf220c2e
            • Instruction ID: 13d30137da3d27e353daf6559e70d9c1f9eac628bfc0c82eb1a631ecd679a08f
            • Opcode Fuzzy Hash: 9a7d6732dd358fdc99d3e660fd248ceccbfe60f4f4645ffb086bcbaddf220c2e
            • Instruction Fuzzy Hash: 72519C70920706DBD721CF6AC8C0AABFBF8FF94750F10461EE29A576A0D7B0A945CB50
            Function 0124E443 Relevance: .2, Instructions: 158COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 641cc6f6c0191088443b572ec148bb70f15007808934830e13706e218e9bfbce
            • Instruction ID: b166bb0387fc07ea795d079a3eda0b4fb53013f81e9cea913ea2849a44c06413
            • Opcode Fuzzy Hash: 641cc6f6c0191088443b572ec148bb70f15007808934830e13706e218e9bfbce
            • Instruction Fuzzy Hash: 56519F71220A16EFDB26EF69C980EAAB3FDFF58754F41046AE60197660D738ED40CB50
            Function 012B4180 Relevance: .2, Instructions: 156COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 9e9450d428ab503619d218f8fc696db03f5acbbae4d984c2d7182c15e7b6ed0d
            • Instruction ID: 5af5f40f0ac82914031393344117d8b2fa29431b8fb7a84b539ea451afe7bb26
            • Opcode Fuzzy Hash: 9e9450d428ab503619d218f8fc696db03f5acbbae4d984c2d7182c15e7b6ed0d
            • Instruction Fuzzy Hash: 575168716283829FD750EF29C8C1AABB7E5BFC8348F58492DF586C7251D730D9058B52
            Function 012345B1 Relevance: .2, Instructions: 156COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
            • Instruction ID: 7b6d0a3b5d75adc3c223587f76e76d6ab563d9437ac840989f1f994e63ff2844
            • Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
            • Instruction Fuzzy Hash: F5518FB1E1025AAFDF16EF95C440BFEBBB9AF85350F0440A9EA05AB340D774D944CBA0
            Function 0129E9E0 Relevance: .2, Instructions: 154COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
            • Instruction ID: d448ed537cce5ced54262398f2a62dbebb9f9e555b4225789036cfe1a3c642e7
            • Opcode Fuzzy Hash: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
            • Instruction Fuzzy Hash: C551C931D2021AEFEF11DF9CC8A1BAEBB75BF14314F164665DA1267290E7749D40C7A0
            Function 012D8B28 Relevance: .2, Instructions: 152COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: a2ccd13213c7a37248d7607576c09765c7461b170caef878967eced957f6f7fa
            • Instruction ID: 4e184f758190068123fa8ed1266328c7cc26770c199af20e08e347fa4d1270af
            • Opcode Fuzzy Hash: a2ccd13213c7a37248d7607576c09765c7461b170caef878967eced957f6f7fa
            • Instruction Fuzzy Hash: 6F41F5707256129BDB29DB2DC894F7FBBAAEF90620F048219EA55C72C1EB74D801C791
            Function 0129CBF0 Relevance: .1, Instructions: 148COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: fb8c978cd78d8fa8fd6688c740afc2e56256bb75e774fa90ac9e42e9668d2cf0
            • Instruction ID: e3dba6ef5fa6025a420d79397a4dcb82063506c3b8cd2cb91938890cf39c3366
            • Opcode Fuzzy Hash: fb8c978cd78d8fa8fd6688c740afc2e56256bb75e774fa90ac9e42e9668d2cf0
            • Instruction Fuzzy Hash: 57519FB191021ADFCF21DFADC9909AEBBF9FF58354B50451AD605A3708D730AE11CBA0
            Function 0124A430 Relevance: .1, Instructions: 139COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 2b60b9e955d0d0a1223b1b3271045668ba1c7c07026214ccaa32f14e44580a37
            • Instruction ID: 6e7605c7b40fcf79f4a745d64b8e62c1389cfd5f33573d753fb1531c38f850c7
            • Opcode Fuzzy Hash: 2b60b9e955d0d0a1223b1b3271045668ba1c7c07026214ccaa32f14e44580a37
            • Instruction Fuzzy Hash: 03412071761256DFCB2EEF69A891B3D37ACEB54708F00002DEE069B246D7B19810C750
            Function 012DA9D3 Relevance: .1, Instructions: 139COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
            • Instruction ID: 88a206689858936c0c8843343455fb2081637b44089dc364505eb88516c08463
            • Opcode Fuzzy Hash: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
            • Instruction Fuzzy Hash: 2E410971620717AFCB25CF68C880E7AB7A9FF80210B04862EEA5687240EB70FC14C7D1
            Function 012401F8 Relevance: .1, Instructions: 138COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: c6cf3af9d15c36cae2f4ba467f6f54d7164da860c977458e745ae2f4e850a3e8
            • Instruction ID: db01ed6f22d1cb2dc35e309bf798e25647d9895057ea12f9e378c5086c3eb540
            • Opcode Fuzzy Hash: c6cf3af9d15c36cae2f4ba467f6f54d7164da860c977458e745ae2f4e850a3e8
            • Instruction Fuzzy Hash: 3041AD3592121ADBDB18DF98C440AEEBBB4FF48710F14816AFA15E7380D7759D81CBA8
            Function 0123EBFC Relevance: .1, Instructions: 138COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: d13888e67304ea9e80f385208e19b0ced968f069406004d4fa25cde33ed370ee
            • Instruction ID: 90a67e5dffd55f159b00a129b540d3093900eed0c9e9f074ac5b48fc08a59240
            • Opcode Fuzzy Hash: d13888e67304ea9e80f385208e19b0ced968f069406004d4fa25cde33ed370ee
            • Instruction Fuzzy Hash: AE41E7B12243069FDB25DF28C884A6BB7E9FF88214F014C2AE667C3715DB71E858CB50
            Function 01252750 Relevance: .1, Instructions: 137COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
            • Instruction ID: 9ecd7317b0d652e536034ba1df065b167b77bc8b2a11519e271e946f5c3cd062
            • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
            • Instruction Fuzzy Hash: 10517E75A11216CFDB15DF5CC480AADF7B2FF84710F1481AAD916A7391DB70AE41CB90
            Function 01216154 Relevance: .1, Instructions: 133COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: a36707218009b7b4e84405b4b34867a7568c951b86b4923d2c72700565d1d42e
            • Instruction ID: c74364b4bd6a798992a121b98b5171522a48b3234cf4fc4a3a0920969f57ef29
            • Opcode Fuzzy Hash: a36707218009b7b4e84405b4b34867a7568c951b86b4923d2c72700565d1d42e
            • Instruction Fuzzy Hash: A351E4B0920217DBDB26CB28CC01BFDBBF1EF25314F1482A9E625A76D9D7B45981CB40
            Function 01210BCD Relevance: .1, Instructions: 130COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 93e37269f02fb40ac38b479bc3e0b20079593f0fbd5ed9de4226b97adb1f6e7a
            • Instruction ID: 8b9bbc0db6905ffffda5f96f30a184f7664fd33391566c5a1210f031084de741
            • Opcode Fuzzy Hash: 93e37269f02fb40ac38b479bc3e0b20079593f0fbd5ed9de4226b97adb1f6e7a
            • Instruction Fuzzy Hash: 91418275A20229DBDB21DF6CC940BEE77B8EF65750F0100A5EA08AB281D7749EC1CF95
            Function 012D866E Relevance: .1, Instructions: 129COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
            • Instruction ID: a9970ed05e58a682150c0ecdaea3a3110035438e92c27b79ec0fa8dcab24d11b
            • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
            • Instruction Fuzzy Hash: 7641D475B20206AFEB15DF99CC85ABFBBBAAF88350F154069EA00E7341D670DD40C7A0
            Function 01210887 Relevance: .1, Instructions: 128COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: ba9654e8d3919f9685a0a28a0bfabc731666fe7961fdcc3f13e65ff65f2ec964
            • Instruction ID: e47d76f816e61a5a682a1dce6f9a14b89d0a3fd51af8d79f59620a8519f4120f
            • Opcode Fuzzy Hash: ba9654e8d3919f9685a0a28a0bfabc731666fe7961fdcc3f13e65ff65f2ec964
            • Instruction Fuzzy Hash: 4C41F8B0620702DFE725CF28C490A26B7F9FF58314B108A6DE64787A58E771F895CB94
            Function 0123A470 Relevance: .1, Instructions: 127COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 7195d67196e7e26997f87b99b9c8ebfc2409231bc5dd773f73d9ad2a2c757ffb
            • Instruction ID: ee5252377dc2e25dfc9600c02ec3a78c5bda345e1cc39b323c0adb66824041e3
            • Opcode Fuzzy Hash: 7195d67196e7e26997f87b99b9c8ebfc2409231bc5dd773f73d9ad2a2c757ffb
            • Instruction Fuzzy Hash: 3B410371924205CFDB22DF68E8957EE7BF4FB98310F0401AAD611E72D1DB759A04CB60
            Function 01218BF0 Relevance: .1, Instructions: 124COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 48031a5fa9e2804543b3b264ba1d904c465b57644ec916c91a86db902a196a8e
            • Instruction ID: be929365cce92c67c24490bbe5707c5355f8b05d5708324d221ceb9d679a8c32
            • Opcode Fuzzy Hash: 48031a5fa9e2804543b3b264ba1d904c465b57644ec916c91a86db902a196a8e
            • Instruction Fuzzy Hash: 60410731921202DBD729DF58C8C0A6ABBF9FFA4704F14812EE6015B259D775D941CF90
            Function 01208918 Relevance: .1, Instructions: 123COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 5c25f2be6789a1d171db7b13f8c487459d8ae2bfb6d5c45b13a3c47dc18b3977
            • Instruction ID: c449444d08eee1b2726845c31a1b2eda0d0542f0019a949fd04845fbb672c263
            • Opcode Fuzzy Hash: 5c25f2be6789a1d171db7b13f8c487459d8ae2bfb6d5c45b13a3c47dc18b3977
            • Instruction Fuzzy Hash: CC4185715283469ED312EF64C841A6BF7E9EF84B54F40092AFA44D7290E774DE448BD3
            Function 0120A020 Relevance: .1, Instructions: 122COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
            • Instruction ID: d092752182c732d2177ed4d79b538a52b6edeaf80c81b47237dd8a1c97ea4ae4
            • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
            • Instruction Fuzzy Hash: CE414B31B20316DBEB12DF1884407BAB766EB50750F55816AFB45CB2C2D6738DC0C790
            Function 012109AD Relevance: .1, Instructions: 122COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: a7f2f844ad93130bef900bbc4ff4c45e0179119dee6d663c0b8bb309e534c1a2
            • Instruction ID: b5ca06f81efebd1420b540264bc35ec301b59aa9be0972ea316bd84bfbb33731
            • Opcode Fuzzy Hash: a7f2f844ad93130bef900bbc4ff4c45e0179119dee6d663c0b8bb309e534c1a2
            • Instruction Fuzzy Hash: 22418E72620702EFD721CF18C840B26BBF5FF64714F20856AE649CB255E771E981CB94
            Function 01240710 Relevance: .1, Instructions: 121COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
            • Instruction ID: 39e314bb507b08032c4678921c2926ddff121a1c31ba3390d42f708f55a54004
            • Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
            • Instruction Fuzzy Hash: 7B415071A10705EFDB28CF98C980AAABBF4FF18700B10496DE656D7691E370EA84CF55
            Function 0121262C Relevance: .1, Instructions: 119COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: dfb4a62331a9a772fa108d6bb6c16ab8b6456104ce4a83021d5dc9ce86048f2b
            • Instruction ID: 5d7b9bf1e409b8cdfcb4f557d39e074e4c9115edcf58d3cc989984b425cd68ff
            • Opcode Fuzzy Hash: dfb4a62331a9a772fa108d6bb6c16ab8b6456104ce4a83021d5dc9ce86048f2b
            • Instruction Fuzzy Hash: 3C4125B0521305CFCB26EF28D90172ABBF5FF64314F208569D5169B2E9DB309941CF40
            Function 0124C8F9 Relevance: .1, Instructions: 116COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: d1b6a3979f9f47cc145876ff422ccfa620c91bdd568f5d30f90079cdede1f6ef
            • Instruction ID: f5241caf341ec562bf19a719003d2b00d7b0443a91430cc40c0d19404db3988a
            • Opcode Fuzzy Hash: d1b6a3979f9f47cc145876ff422ccfa620c91bdd568f5d30f90079cdede1f6ef
            • Instruction Fuzzy Hash: 89319CB2911256EFDB15DF5CC4407A9BBF0EB08714F2085AED119EB291D3329902CB90
            Function 012907C3 Relevance: .1, Instructions: 114COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: d90b4fafdd5d8c272db87b89883c9df64b513e41cd5aeeced704bc7b67406650
            • Instruction ID: 48d238dc40a36c937b6c2a6e244ebd69d5e1cb97e563d3782b72e42eafefe9d2
            • Opcode Fuzzy Hash: d90b4fafdd5d8c272db87b89883c9df64b513e41cd5aeeced704bc7b67406650
            • Instruction Fuzzy Hash: CB419DB1614345AFD760DF29C845BABBBE8FF88754F004A2EFA98C7251D7709844CB92
            Function 012080A0 Relevance: .1, Instructions: 111COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 12345a6db00affdc4c81d63f82840e7adf4cca7e9e90b2707ffb8bd9af37a419
            • Instruction ID: 8253174cf615b63a9784da2d21acc2ca7fbab570d491459083a9a34e9038e6d0
            • Opcode Fuzzy Hash: 12345a6db00affdc4c81d63f82840e7adf4cca7e9e90b2707ffb8bd9af37a419
            • Instruction Fuzzy Hash: 9541D071E24616EFDB02DF18C8806AAF7B5BF54760F248329D915A72C2D771ED418BD0
            Function 012905A7 Relevance: .1, Instructions: 111COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: a12aa7ed8a0bdc0b760a45f14d61ae91e30c64be7495468efe9df74c0d3369e2
            • Instruction ID: 323214ef64553d81cc3da51f7d4af99cdec0fed66a27c1d3184e2d3e972faf9e
            • Opcode Fuzzy Hash: a12aa7ed8a0bdc0b760a45f14d61ae91e30c64be7495468efe9df74c0d3369e2
            • Instruction Fuzzy Hash: 0141C4725146469FC720DF6CD840A7AB7E9FFC8700F144629FA54D7680E730E904C7AA
            Function 01214859 Relevance: .1, Instructions: 111COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: fdf11868dd531cc33f08d14ed24bed821f5b4cf63980b672a30e0e6c190e575b
            • Instruction ID: 712bc0afc6b3f79f39c179c893f2d331cce92c88d816cb84b2175d2b2cb9c158
            • Opcode Fuzzy Hash: fdf11868dd531cc33f08d14ed24bed821f5b4cf63980b672a30e0e6c190e575b
            • Instruction Fuzzy Hash: 934119702203428FD725EF1CD854B3ABBEAFFA0760F14442DE6498B299D770D811CB51
            Function 01208B50 Relevance: .1, Instructions: 111COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 7793d8e0400cb8843d34fc86c1f6b2d52ac41902f493ff5a3c4892cdbc06423b
            • Instruction ID: c2a4ac5cc2c159818cc49bccdd12965a971ae1df84ece561aafd1dec6f983874
            • Opcode Fuzzy Hash: 7793d8e0400cb8843d34fc86c1f6b2d52ac41902f493ff5a3c4892cdbc06423b
            • Instruction Fuzzy Hash: 1541A371E21605CFCB16DF69C9809AEBBF1FF98320B10862ED566E72D2D7349941CB40
            Function 012202E1 Relevance: .1, Instructions: 106COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
            • Instruction ID: f69610382259029dce290188a069b5d96668b08fa5f4ba0a1e97e002a3b59724
            • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
            • Instruction Fuzzy Hash: 85311832A24255BFDB12DB68CC44BEFBFE9AF14350F044165F855D7352C6B49844CBA8
            Function 012BE3DB Relevance: .1, Instructions: 105COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 2acde31cf93f9ba4a78b8208bc7518770e9cc8339b21b89a8e92d2897d8f315e
            • Instruction ID: b810601c217fe54d6bacaf30b9ea52958d86c2b1604ab80554b199d5bcf6b110
            • Opcode Fuzzy Hash: 2acde31cf93f9ba4a78b8208bc7518770e9cc8339b21b89a8e92d2897d8f315e
            • Instruction Fuzzy Hash: D131BC75760716ABD726AF658C81FFF76B5EB58B50F010025F600AB391DAB8DC00C7A0
            Function 012C4B4B Relevance: .1, Instructions: 104COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: f2eef94f508fdccfbbf0fa989d5a30132d9a20347b61492373572d50824b3932
            • Instruction ID: 7f084f4e0236cc74872b6982c160ff5fa3f302e4e3ba72510e33a47655c267b5
            • Opcode Fuzzy Hash: f2eef94f508fdccfbbf0fa989d5a30132d9a20347b61492373572d50824b3932
            • Instruction Fuzzy Hash: 48312672614252CFC321EF1DD8A1E2BB7E9FF80720F09416EEA558B225D731E910CB80
            Function 01214260 Relevance: .1, Instructions: 102COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: b4af53b188024c125164d4e34a5d079262dbfc55902e52ff44843e23e5cec06f
            • Instruction ID: 49d0fd855b998077a2a12d963cfadf38fe7fb169ca34d7bf68fc25b7cb6b8430
            • Opcode Fuzzy Hash: b4af53b188024c125164d4e34a5d079262dbfc55902e52ff44843e23e5cec06f
            • Instruction Fuzzy Hash: AE41D132220B46DFC726DF28C881FEB7BE9BF59314F108429E6598B250D774E804CB94
            Function 012C4BB0 Relevance: .1, Instructions: 101COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 08856b36a445b3e828a3e664e381f69ec4d83c4762b60beacd639a83688b3fa7
            • Instruction ID: 14931e5e3f9e67028222114d844e199c32650e32ff1d7899a2e7e6e2cf237d83
            • Opcode Fuzzy Hash: 08856b36a445b3e828a3e664e381f69ec4d83c4762b60beacd639a83688b3fa7
            • Instruction Fuzzy Hash: 1F31CF716242428FD324EF28C8A1A2BB7E5FB84B10F05462DFB558B265E730EE10CB91
            Function 0128EB1D Relevance: .1, Instructions: 100COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: dc19f8c366d6c61cb0350cf4845b84594e1b3ff194d7f01f458640f38000ab4e
            • Instruction ID: a46b3c44ba16cdfbc595fc73a8d0c3def401a1ee26a4f34b8c0b4445fc9a24e1
            • Opcode Fuzzy Hash: dc19f8c366d6c61cb0350cf4845b84594e1b3ff194d7f01f458640f38000ab4e
            • Instruction Fuzzy Hash: 7E31F5317226D7ABF322B75DCD48B297BD8BF45744F1E00A0EB458B6D2EB68D840C225
            Function 012D61C3 Relevance: .1, Instructions: 97COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 21fb81e15307b68a635a3994439f5162cf128d4009d54ab20c83157771d66265
            • Instruction ID: 4af3ee3d8129b698184df39bed4fc624cb0c5f1976c15d9d2a71e71cd726ba3c
            • Opcode Fuzzy Hash: 21fb81e15307b68a635a3994439f5162cf128d4009d54ab20c83157771d66265
            • Instruction Fuzzy Hash: EC310175A1025AABDB15DF98CC84FBEF7B9FB48B40F104168EA00AB244D770ED40CBA0
            Function 012B483A Relevance: .1, Instructions: 96COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 90defac850f49fd8d69193107432cba37dd670b035c00476b9feaef2d2611dce
            • Instruction ID: 75f6e404ac7228fa7f1fe40f0416e2577dd871a03c7735fa5f58e029a1554a90
            • Opcode Fuzzy Hash: 90defac850f49fd8d69193107432cba37dd670b035c00476b9feaef2d2611dce
            • Instruction Fuzzy Hash: 8F317336A5016DABCF21EF54DCC4BDEBBF9AB98350F1000A5E909A7251CB30DE918F90
            Function 0123EB20 Relevance: .1, Instructions: 96COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: f6decd658612a291c02895bfae839293535a24d69573cf652771412e23f864b9
            • Instruction ID: 75f0b4181f0b18c46012578c90abd26239d236fec67e82f074f0a4626b5614df
            • Opcode Fuzzy Hash: f6decd658612a291c02895bfae839293535a24d69573cf652771412e23f864b9
            • Instruction Fuzzy Hash: 8631C972E20216AFDB22DFA9CD40AAFBBF9FF44750F014425E515D7250E2709E048BA0
            Function 012D60B8 Relevance: .1, Instructions: 95COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: fa2be5c2604ddfb61646ec723b682508d33e681952a28c9e964db3b83caca2b8
            • Instruction ID: 676fd2d12db101d3e91b3e24247df0af3e3c41e0842c147fd1f629a41bdcb882
            • Opcode Fuzzy Hash: fa2be5c2604ddfb61646ec723b682508d33e681952a28c9e964db3b83caca2b8
            • Instruction Fuzzy Hash: 5431C071A20616EFDB229FA9C850B7EB7F9BF44754F044069E605EB382DA70DD018B90
            Function 012107AF Relevance: .1, Instructions: 95COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: fc59e7d240234de2fafd06ee7706e47e36c06ee73eda33fe658c0b1afcaa38e6
            • Instruction ID: 90fe9791efdb0100580c6acbe066ed743350bd92987eb7542720b9a91b615d3a
            • Opcode Fuzzy Hash: fc59e7d240234de2fafd06ee7706e47e36c06ee73eda33fe658c0b1afcaa38e6
            • Instruction Fuzzy Hash: BA310872A28312DBC712DE288840A7FBBE6AFA4650F024529FD5597349DA30DC5187D5
            Function 01218550 Relevance: .1, Instructions: 94COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 631f3d84170824c0d63f88e26b763e120816f384139ee6a1b57c4e0fb169b6f2
            • Instruction ID: 33d24eab778c2f62d8c265c608e5ea3c2082edcfa46a9865590b66de99f0bf0e
            • Opcode Fuzzy Hash: 631f3d84170824c0d63f88e26b763e120816f384139ee6a1b57c4e0fb169b6f2
            • Instruction Fuzzy Hash: D53180B1629302DFE721CF19C840B2BBBE5FBA8710F05496DEA8497395D770E844CBA1
            Function 0124A6C7 Relevance: .1, Instructions: 92COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
            • Instruction ID: c79d75ed4516aa25fc2a446bac56b61570bafce9c380a4356a53302ae2bf8de2
            • Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
            • Instruction Fuzzy Hash: B8312EB2B61701AFD779CF69CD41B5BBBF8AB08650F04452DA65BC3651E670E900CB50
            Function 012BEBD0 Relevance: .1, Instructions: 91COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 2cddd12c73d5df3bd847e49aa0a007a54604f69739be72767daa173bc3d45831
            • Instruction ID: eb6020207035c4a63d2968bfb2a5822fea9d54dd38c705801d335925aa7e2c4a
            • Opcode Fuzzy Hash: 2cddd12c73d5df3bd847e49aa0a007a54604f69739be72767daa173bc3d45831
            • Instruction Fuzzy Hash: 0931EDB1525302DFC712DF19C4809AABBF1FF89758F0589AEE5889B351E331E944CB82
            Function 0123438F Relevance: .1, Instructions: 89COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 21b6a4f153d60c48065db34544c9372e9c71091c2ea0793636757634fcce17e2
            • Instruction ID: a9ec12611e1d96a85d55d2fc2dccec071210da3cce686cd31c9235c8eb251aec
            • Opcode Fuzzy Hash: 21b6a4f153d60c48065db34544c9372e9c71091c2ea0793636757634fcce17e2
            • Instruction Fuzzy Hash: 6B31E2B2B202869FD720EFB8C981A6EBBF9EBD4704F00847AD605D7254D734D941CB90
            Function 0120CB7E Relevance: .1, Instructions: 89COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
            • Instruction ID: 1a9f5cb0f32bba6090c47d4da15fd82fefa8eb4dbb8da1a3ed98cc02316b8fac
            • Opcode Fuzzy Hash: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
            • Instruction Fuzzy Hash: 59213672E6125BAADB01DBB9C801BBFBBB9AF15740F0581759E15F7380E270C95087A0
            Function 0120C156 Relevance: .1, Instructions: 88COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: bf3afaef8a52213edec0267cd0551b229c1f53084e1d5a30a3d9d11ce18fa41b
            • Instruction ID: 1f909a97457dd9a0db27aac34db5ed6a46c57fb4e3fde2e9e587e3d0a8e95cee
            • Opcode Fuzzy Hash: bf3afaef8a52213edec0267cd0551b229c1f53084e1d5a30a3d9d11ce18fa41b
            • Instruction Fuzzy Hash: F8318BB16202199BD736AF58CC41B7877B8FF50314F4481A9DA859B3C6DA78DCC2CB90
            Function 012CC3CD Relevance: .1, Instructions: 88COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
            • Instruction ID: 9d554ffe9bd30d29685e874cb5977f11ec659954e1c61d590987c7462630035e
            • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
            • Instruction Fuzzy Hash: 5F21203A610E52B7CB25AB958810ABAFB74EF40B10F40C11EFB9987A51E634D950C360
            Function 0120E420 Relevance: .1, Instructions: 88COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 55d7eb9840fa32855f0b419de8e946a7d4019a4662508bd223716257b87c90b8
            • Instruction ID: 7f0fe6ad5723001a458a02133dd29320394d2134e6e6564f092076062a9362c9
            • Opcode Fuzzy Hash: 55d7eb9840fa32855f0b419de8e946a7d4019a4662508bd223716257b87c90b8
            • Instruction Fuzzy Hash: FD310A31A2012D9BDB32DF18DC41FEEB7B9EB15740F0209A1E645A72D1D6B49EC08FA0
            Function 01244588 Relevance: .1, Instructions: 87COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
            • Instruction ID: c27963c7d1bf1dc63bb67f4fc2ab0a81ff2c916c139d7aeb8b1698921d305b6b
            • Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
            • Instruction Fuzzy Hash: F9219F32A10649EFCB19EF58D980A9EBBB9FF48314F108069EE159F241D670EA058B90
            Function 012444B0 Relevance: .1, Instructions: 87COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 51052269597ed1bfc93968c3e6fa2978e1be320a5789392fc4ccb9e0651c7dc5
            • Instruction ID: 902856030ca4d9d784da0f46e105457870effe76208e902dedc97e99fb057395
            • Opcode Fuzzy Hash: 51052269597ed1bfc93968c3e6fa2978e1be320a5789392fc4ccb9e0651c7dc5
            • Instruction Fuzzy Hash: BD21D4725247869BCB25EF18D440F6B77E4FB98760F004519FD449B640D730D9018BD1
            Function 0120E388 Relevance: .1, Instructions: 86COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
            • Instruction ID: 7fd50368bab2721bfd6e7654e473aed447a21ba7ca9318f28e8403d44a5d0625
            • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
            • Instruction Fuzzy Hash: B8319E31620609EFD722CF68C984F6AB7B9FF45354F114AA9E6518B281E770ED41CB50
            Function 0128E609 Relevance: .1, Instructions: 86COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 964abd51b7ac95784f44dccf2769a3110f87149459fe2d9359ff2d6e3dd90ad9
            • Instruction ID: faa4e4d0c6a80fa5da632c5acf5ec85fdf2aff3ebea7b5400b1473c5f26ed2d6
            • Opcode Fuzzy Hash: 964abd51b7ac95784f44dccf2769a3110f87149459fe2d9359ff2d6e3dd90ad9
            • Instruction Fuzzy Hash: 2431DFB5620216DFCB15EF0CC8949AEB7F5FF84308B16845AE8099B3D1E771EA50CB90
            Function 012906F1 Relevance: .1, Instructions: 79COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 73e2c0eb65edd98cbe3f8363a082bf1f44378d065a5585346552a74474deb764
            • Instruction ID: c28b37107d8a0105fbaa7085ef77970d458b1b019d6b585df5e657135db87e58
            • Opcode Fuzzy Hash: 73e2c0eb65edd98cbe3f8363a082bf1f44378d065a5585346552a74474deb764
            • Instruction Fuzzy Hash: 4821807591012AABCF25DF59C881ABEB7F8FF48750F50006AF941A7240D778AD41CBA4
            Function 0129019F Relevance: .1, Instructions: 78COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 0e1c024629e2ebd9a1b102347afc80da7f4fee31e6d9d8ac408ef37f0d395208
            • Instruction ID: 61ed4a5b92a9531b11e1e38bee5446ecdba9858ff491d909a5a810677ddb280c
            • Opcode Fuzzy Hash: 0e1c024629e2ebd9a1b102347afc80da7f4fee31e6d9d8ac408ef37f0d395208
            • Instruction Fuzzy Hash: 26219C71A10659BFDB15DB6DC880F6AB7B8FF48740F140069FA04D7691D678ED40CB68
            Function 01290283 Relevance: .1, Instructions: 74COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: f8e723820e862100910b66748e559a943fc5f2774448b4727dfcb153660b51c4
            • Instruction ID: 4ca9f6a9fde393f3985af696ac12beee4ccdfe41e33d3015815c510eb2f40dfb
            • Opcode Fuzzy Hash: f8e723820e862100910b66748e559a943fc5f2774448b4727dfcb153660b51c4
            • Instruction Fuzzy Hash: EC21D37291434A9BDB11EF5DC844B6FBBDCAF91240F0804A6BE84C7251D734C904C7A9
            Function 01232835 Relevance: .1, Instructions: 73COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: af38572f5cce95e998a6863f743479a1b0b6138519f5c6ba1ef1950584b34bd7
            • Instruction ID: 53372c332f8db493fb6e4649641b7d95566c0fb07bd34a81c34e5390fecd135e
            • Opcode Fuzzy Hash: af38572f5cce95e998a6863f743479a1b0b6138519f5c6ba1ef1950584b34bd7
            • Instruction Fuzzy Hash: 0D21F971635682EBE722976C8C04B293B95BF85774F280360FB209B6E2D7B8C8418250
            Function 0124A30B Relevance: .1, Instructions: 70COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 7a6637f2f64f4bc6a726269b8b79e7b6f794c7ced7c2e3b1f1398c9a28f44e16
            • Instruction ID: 0bf443d7f9aad311cb1d0c6678a0e79ab15d1aae7391de57afca252baccccf75
            • Opcode Fuzzy Hash: 7a6637f2f64f4bc6a726269b8b79e7b6f794c7ced7c2e3b1f1398c9a28f44e16
            • Instruction Fuzzy Hash: 9521BE75261611AFC729EF29CC01B5677F5FF08B04F148468E50ACB762E375E942CB94
            Function 012CA49A Relevance: .1, Instructions: 70COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: ab26b3e295ee53f11f788a2de4235875890213ac7b49b1bc19bada67f95445bd
            • Instruction ID: 1db27a3292574a37cd273528ae60a8bbe1ce0643965f3f123010e7e68fa9329e
            • Opcode Fuzzy Hash: ab26b3e295ee53f11f788a2de4235875890213ac7b49b1bc19bada67f95445bd
            • Instruction Fuzzy Hash: F111E7726A0B15BBD3225595AC41F77B699DBE4FA0F11412CB718CB180FB70DC018795
            Function 01290946 Relevance: .1, Instructions: 70COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: a2c765dfd3e1b822fa8e56b9f7ddf568f76c548952589200ea51fefee51041c5
            • Instruction ID: 01dbdbc246847ed99450b634c2d73c701ee0a5fcca6606ddacd10be1053b3020
            • Opcode Fuzzy Hash: a2c765dfd3e1b822fa8e56b9f7ddf568f76c548952589200ea51fefee51041c5
            • Instruction Fuzzy Hash: 8E2114B1E10209ABDB25DFAAD8909AEFBF8FF98B10F10012FE505A7244D7709941CF64
            Function 012A80A8 Relevance: .1, Instructions: 69COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
            • Instruction ID: c1372d0de2af0148ca2e81d42c68ddec83c0db4f2f3a6b8f64b7cc0937cec396
            • Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
            • Instruction Fuzzy Hash: 0C21AE72A1020AFFDF128F98CC40BAEBBB9EF48311F204415F910A7250D774ED508B50
            Function 01240124 Relevance: .1, Instructions: 68COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
            • Instruction ID: 33b85734a37752a4bd93cd26e69b7032d464fef684c577961e3dcc3b31bb25b8
            • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
            • Instruction Fuzzy Hash: BB11E272610606BFD7269F54CC41FEABBB8EB80754F104029F7098B180D671ED84DB54
            Function 01218770 Relevance: .1, Instructions: 68COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 53cd3936d6ed50bfc6f7a6556479a19e08a511fa38868d8ef000df3fcddf35fa
            • Instruction ID: 986c69816d58920cc189235fae5ab7503b4d0520c519ec3a77936ff7155a4ff5
            • Opcode Fuzzy Hash: 53cd3936d6ed50bfc6f7a6556479a19e08a511fa38868d8ef000df3fcddf35fa
            • Instruction Fuzzy Hash: EC11C8767206169BDB15CF4DC4C0926BBE5EF66754B29406DEE089F308D6B2D902C790
            Function 012180E9 Relevance: .1, Instructions: 66COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 272c34e41dc48676afa352c777aa0234ccf53791dcaf32baf1f9ccd8677cb286
            • Instruction ID: 85a706ad3c1da94c35d5061f123d8bd0632c5807daa611bc5c67bd1ed4e4ff67
            • Opcode Fuzzy Hash: 272c34e41dc48676afa352c777aa0234ccf53791dcaf32baf1f9ccd8677cb286
            • Instruction Fuzzy Hash: 84218B72A1020ADFCB14CF98C581AAEBBF5FB89318F20416DD205AB314CB71AD06CB90
            Function 0124674D Relevance: .1, Instructions: 65COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 0b55205fd85eecc0a53c5caf6daf55dd9043fd8a7e68b08e1b01d14f20fec164
            • Instruction ID: db2990bf762a46877eb4f51d45cc13d59937c82a06f1397d9b23e7d8cc2252dc
            • Opcode Fuzzy Hash: 0b55205fd85eecc0a53c5caf6daf55dd9043fd8a7e68b08e1b01d14f20fec164
            • Instruction Fuzzy Hash: 49219D75620A01EFD729DF69C881F76B7F8FF85350F00882DE69AC7250DA71A950CB60
            Function 012A6870 Relevance: .1, Instructions: 63COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: deaf08609c850d2dc5e2058e8c27c8ba957abec3bde85489823dd0d329e92ae8
            • Instruction ID: ba7734c7a4a4bcfce76377d933e759a715bf091a1840a991618e4d9e665a522f
            • Opcode Fuzzy Hash: deaf08609c850d2dc5e2058e8c27c8ba957abec3bde85489823dd0d329e92ae8
            • Instruction Fuzzy Hash: BF11E332260616EFC722CB9DC940FAA77A8EF99B60F454025F201DB250EB70EC05CB90
            Function 0123E8C0 Relevance: .1, Instructions: 63COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: bac4882cb174c412444e4814217eddbbba9093cd3a1f25e7c866ca295da380d2
            • Instruction ID: 377155b824d2e068467db19659860d73b1fa8f375172e181b61cddbb8b9d3ed8
            • Opcode Fuzzy Hash: bac4882cb174c412444e4814217eddbbba9093cd3a1f25e7c866ca295da380d2
            • Instruction Fuzzy Hash: A3116F773241119FCB1ADB28CD41A3F72A6DFD5774B264529D522CB291E9309C05C390
            Function 012466B0 Relevance: .1, Instructions: 61COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 9ee78fe581bd55562e181b6c97fc20dbad7e799d12dc40c8081e378d865b4eee
            • Instruction ID: 5f9b5c8ea72b56f376d166e1e173f92d9e567e1ae524ea2519c6d73d033e3567
            • Opcode Fuzzy Hash: 9ee78fe581bd55562e181b6c97fc20dbad7e799d12dc40c8081e378d865b4eee
            • Instruction Fuzzy Hash: 8411E3B6A21216EFCB2ECF59C580A5ABBF8EF85710F05807ADA059B315E674DD00CB90
            Function 012DA8E4 Relevance: .1, Instructions: 61COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
            • Instruction ID: 3820225a895637abeaf875bd93211ceae62401e9d62ffca865faa9c54d21e390
            • Opcode Fuzzy Hash: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
            • Instruction Fuzzy Hash: 12110436A1091AAFDB19CB58C801FADBBF5FF84210F058269E84597340E675AD41CB80
            Function 0129E7E1 Relevance: .1, Instructions: 59COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
            • Instruction ID: 8f46c242cfca6a3a2a3b1e80e105af6ae643551bc21d98711a46bb342d120d66
            • Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
            • Instruction Fuzzy Hash: 54118F71620602EBEF21DB8CC840B667BAAFF55754F068468EA099F160DB71DC40DB90
            Function 012327ED Relevance: .1, Instructions: 58COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 14b4b4a5ed2cfb99bb520a6db1e2d8d94f4e33b3c74d84d1175119f8cbe61cc0
            • Instruction ID: 7da7163212158cf40bf6db75bf7a9a1d7358ebd6606511b20fd42112795d9039
            • Opcode Fuzzy Hash: 14b4b4a5ed2cfb99bb520a6db1e2d8d94f4e33b3c74d84d1175119f8cbe61cc0
            • Instruction Fuzzy Hash: 8501D671735646AFE316A66EDC85F3B6B9CFF80764F090065FA008B291D964DC00C2B1
            Function 01214690 Relevance: .1, Instructions: 57COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 7fd65563c619bbbaf7e7ecb5c7a1e800b549c359530134020095f2581a3ef02e
            • Instruction ID: 6ef8b6632218fa69d990d187ee9b9385d107c807ff4a3bda820f8d577ec62231
            • Opcode Fuzzy Hash: 7fd65563c619bbbaf7e7ecb5c7a1e800b549c359530134020095f2581a3ef02e
            • Instruction Fuzzy Hash: 8A11E935260785AFD729EF59D844F567BE4EBA6B64F044119FA0887258C770F842CF60
            Function 012E4B00 Relevance: .1, Instructions: 57COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 196272065a13a827df56e4e2088ab9d51ddd038eff6684830e29b376c997b637
            • Instruction ID: 9afcc0cc83be150d2efbc5a04e3995b08347f9704c02a9e43aaad72de7ae992b
            • Opcode Fuzzy Hash: 196272065a13a827df56e4e2088ab9d51ddd038eff6684830e29b376c997b637
            • Instruction Fuzzy Hash: C11129326206529FDB22EA29D848F27B7E5FFC4710F95441DEB46C7250FA30E802C790
            Function 01246620 Relevance: .1, Instructions: 56COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: b308a38f6a15896699cca42dec329cc03b44c253f37d7496265f0ddce9a1cc8d
            • Instruction ID: 961795ad0cf5ebc8b063dbbb0fc7868a7b2173446c2d40465d7d2b6327a1e234
            • Opcode Fuzzy Hash: b308a38f6a15896699cca42dec329cc03b44c253f37d7496265f0ddce9a1cc8d
            • Instruction Fuzzy Hash: D111E572A10716AFDB26DF59C980B6EFBF8FF89750F500055EA01A7200D739AD058B50
            Function 0123EA2E Relevance: .1, Instructions: 56COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 9b881e6c9ef4500321860b8372664c85df27748d1fd92d06db67fae10032808a
            • Instruction ID: 21ee876ab7d06d2a0fef55aea1647771cc62807fc1dfb99e039e7e6b2fa17333
            • Opcode Fuzzy Hash: 9b881e6c9ef4500321860b8372664c85df27748d1fd92d06db67fae10032808a
            • Instruction Fuzzy Hash: 290192B551010A9FC726DB19D458F26BBF9FBD5318F22816AE1058B264D7B0AC4ACF90
            Function 0123E53E Relevance: .1, Instructions: 55COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
            • Instruction ID: 682daad34802c71c267ab269fc59ba14898dd9bc4e15acbe03fb1c3992a375a5
            • Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
            • Instruction Fuzzy Hash: 2511E5B26396C3DBE723972CDA44B263BD4BB41744F1A00A0DF5187683F378C842C251
            Function 0129E75D Relevance: .1, Instructions: 54COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
            • Instruction ID: 3075ade1e7b3147c416aed723be334c18d8efa87cc948a2a4113748907f9febc
            • Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
            • Instruction Fuzzy Hash: 92018032620106AFFF29DB5CC801BAE7BA9EF55750F068424EA059B260E771DD81CB91
            Function 0120A250 Relevance: .1, Instructions: 52COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
            • Instruction ID: d0bc60dae1ce160720975ebd67edfc022c5140b5c93996ffbe94af6886d477f2
            • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
            • Instruction Fuzzy Hash: D201C4715257269FCB228F199C40A767BB5EB55760740863DFE958B6C2D731D400CB60
            Function 012E4940 Relevance: .1, Instructions: 52COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: cce083a3b20668960d3e26487c97976b0d7561b7308f0c0fedc92b5c33d012bd
            • Instruction ID: 288022dbdc315df546a30e53a78e9451cfcdff9250800ff4abb8282264240ca2
            • Opcode Fuzzy Hash: cce083a3b20668960d3e26487c97976b0d7561b7308f0c0fedc92b5c33d012bd
            • Instruction Fuzzy Hash: 860126724611529FC732EF1CD808E26B7E8EB85370B554255EA68EB1A6D730D801C7D0
            Function 0128E1D0 Relevance: .1, Instructions: 51COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 3acb466906e3bceab950efd01d5eb19874f8a02e6edc7cb3408c205d3d5ab16d
            • Instruction ID: a4f505285293d8a3d7c5826e1f02153840d51cbe2b5056a5ed0f0381df90c191
            • Opcode Fuzzy Hash: 3acb466906e3bceab950efd01d5eb19874f8a02e6edc7cb3408c205d3d5ab16d
            • Instruction Fuzzy Hash: BC118E71251241EFDB16EF19CD91F267BB8FF58B54F110065EA059B6A1C335ED01CB90
            Function 01216259 Relevance: .1, Instructions: 51COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 3816710c464b2ee3c432b992cb1a7c63dac1fb60d1edb1877ee8cea955829550
            • Instruction ID: 1a7f94970d8a9b41debc5ce98bcb293851612d6e22a388c4e333492ba793cdcc
            • Opcode Fuzzy Hash: 3816710c464b2ee3c432b992cb1a7c63dac1fb60d1edb1877ee8cea955829550
            • Instruction Fuzzy Hash: F6119A71511229EBEB65EB24CC82FEDB2B4AB18710F504194A718A60E0DA709E81CF84
            Function 01296050 Relevance: .0, Instructions: 50COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 0a50cb9b9759f017d2c5e40b4e35deb272c5a50d04ed80e8f6d1a7594ec0c272
            • Instruction ID: 63e172efb28fb24b952738fd3027ce466ba9e113396d0156aae115a5e422b84a
            • Opcode Fuzzy Hash: 0a50cb9b9759f017d2c5e40b4e35deb272c5a50d04ed80e8f6d1a7594ec0c272
            • Instruction Fuzzy Hash: 80111772900019ABCF16DB98CC84DEFBBBCFF48254F044166E906A7211EA34AA15CBA0
            Function 0121208A Relevance: .0, Instructions: 50COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
            • Instruction ID: 00551ed57a220aa5b714192c57144884eaab1d10cb51e595986cd061eeff9840
            • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
            • Instruction Fuzzy Hash: BE01F532620112CBDF11DA19D880B6677AABFE4600F6546A5EE018F24AEAB28881C390
            Function 012A6500 Relevance: .0, Instructions: 50COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: bec1abd8360d8048816b51b84405c7038e5f8e387dc52e59b40640d6c6c4c167
            • Instruction ID: 651d62bcbbe43652bbf49372a5b04c1f57575b7803f394035a0170147969106f
            • Opcode Fuzzy Hash: bec1abd8360d8048816b51b84405c7038e5f8e387dc52e59b40640d6c6c4c167
            • Instruction Fuzzy Hash: ED11E1326101469FC311CF58E800BA6BBB9FB5A304F4C8159E9888B315D732EC80CBA0
            Function 0129C810 Relevance: .0, Instructions: 50COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 31249a5ab5681c847c209fbe93e4c4d7fd4f978e287450f5311420274fb22657
            • Instruction ID: f7c1cf0ebf033be34cc6e6cba52843e52f112ff4a85c9f9f44b0bba4aee3a440
            • Opcode Fuzzy Hash: 31249a5ab5681c847c209fbe93e4c4d7fd4f978e287450f5311420274fb22657
            • Instruction Fuzzy Hash: E91118B1A10209ABCB04DFA9D581AAEBBF8FF58350F10406AE905E7351D674EA018BA4
            Function 012BEA60 Relevance: .0, Instructions: 50COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: b62decd109b411b7d20117130a47c76c941e4c8d6a2ecb28cf23b26afae13dbe
            • Instruction ID: a858ceb4ea6db8ef7d464dce954ba1b70fd155f59801f4e2e8635a552b2266e9
            • Opcode Fuzzy Hash: b62decd109b411b7d20117130a47c76c941e4c8d6a2ecb28cf23b26afae13dbe
            • Instruction Fuzzy Hash: AE01B175160222AFC736AE1984809FABBADFF917A0B06842AE2555B251CB21AC41CB91
            Function 0120C020 Relevance: .0, Instructions: 49COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
            • Instruction ID: f23948e62526ede6ac5c0858f33c18f117a8afa79d8a14acb2e5bbcad3c76cbf
            • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
            • Instruction Fuzzy Hash: 7401287222074ADFEB23D6A9D800FB777EEFFC5610F044959E6868B980DAB0E441CB50
            Function 012520F0 Relevance: .0, Instructions: 49COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 64fa44feaf75f2f25e4c29824be1242345a5a6c0043e6ccfa3895212f40a3cca
            • Instruction ID: a8fa32f4d6ac29ecef5f7c1436465e489234f8b8d0c9b1eade67d35c587d7ea3
            • Opcode Fuzzy Hash: 64fa44feaf75f2f25e4c29824be1242345a5a6c0043e6ccfa3895212f40a3cca
            • Instruction Fuzzy Hash: 44116D35A2124DEBDF15EF64C891FAFBBB5FB44344F008059EE0197291EA35AE11CB90
            Function 0124E5CF Relevance: .0, Instructions: 49COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 4dcc05f0da524dcf638eb6407bf9208cd50290bebc3720b25b7b612a99871936
            • Instruction ID: 600fa48dd43d558886712fb6379b46b7bee738b0a520e807696152adf82d0a6b
            • Opcode Fuzzy Hash: 4dcc05f0da524dcf638eb6407bf9208cd50290bebc3720b25b7b612a99871936
            • Instruction Fuzzy Hash: F201F7B1221522BFD711BF39CD80E2BBBECFF986647000525F205935A0DB29EC11C6E0
            Function 012A69C0 Relevance: .0, Instructions: 49COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: ed262727ccc4d60060a2e2fb8dc16eb6b15066d8ffe0eda6f22f77b4d387b9f0
            • Instruction ID: d1f9c1a214accd8a5450079fa5ded990e73b0bc3bbaecfdb69777723423a81e4
            • Opcode Fuzzy Hash: ed262727ccc4d60060a2e2fb8dc16eb6b15066d8ffe0eda6f22f77b4d387b9f0
            • Instruction Fuzzy Hash: 97014C322342029BC320DF79C888977FBA8FF88760F644129E958871D1E7309905C7D1
            Function 0129C460 Relevance: .0, Instructions: 48COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: a0aedb3a93bf5ce3d785e526fba0c54c8f7d910cca3f226e92489590f5317d15
            • Instruction ID: 6d4edef9b375c69aa2e83546b9b93914a76751700f2ad3caafa853d0acb0ddb0
            • Opcode Fuzzy Hash: a0aedb3a93bf5ce3d785e526fba0c54c8f7d910cca3f226e92489590f5317d15
            • Instruction Fuzzy Hash: 10115B75A10249ABDF15EF68C840EBEBBB5FF48344F004059FD0197340DA34E961CB90
            Function 0129C97C Relevance: .0, Instructions: 48COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 4f8265eb41fe74bc61faad36abb31b0d072f8c8a6f8c40eedaa215b68358bc60
            • Instruction ID: 67df046b711518c8c2c17204d7b63ab2db9371e72336e17dac717259839c25f4
            • Opcode Fuzzy Hash: 4f8265eb41fe74bc61faad36abb31b0d072f8c8a6f8c40eedaa215b68358bc60
            • Instruction Fuzzy Hash: F9117CB16243059FC700DF6DC44195BBBE4FF98310F00451AF998D7351E630E900CB92
            Function 0129CA11 Relevance: .0, Instructions: 48COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: faa9a32dfd58495a39a015f412ab45b2f2fe4efa4fa4f3eb6728935e1f5b05f2
            • Instruction ID: f41975e80e64eb9a588ecc00296b76a4fd3dbd2d71a53feafd49c1acd19b3030
            • Opcode Fuzzy Hash: faa9a32dfd58495a39a015f412ab45b2f2fe4efa4fa4f3eb6728935e1f5b05f2
            • Instruction Fuzzy Hash: 311179B1A283099FC710DF6DC44195BBBE8FF99350F00852AF958D73A4E674E900CB92
            Function 0122E016 Relevance: .0, Instructions: 46COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
            • Instruction ID: 732612439ec3b81d94e02e72758754f4d84364b2b705c856bbabbe6dfee37b06
            • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
            • Instruction Fuzzy Hash: A201DF32220581AFE722871DC908F3A7BDCEF44744F0A00A1FA05DB6E1DA7CDD81C221
            Function 0120826B Relevance: .0, Instructions: 46COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 1b0fe61f415f9620a3ebf6aaf8614231320020dbb3ade3d52f4dff1298d3cf32
            • Instruction ID: c55c5a47873e450309fd103868ee4d170511ec63a558ad404313685f258bed9b
            • Opcode Fuzzy Hash: 1b0fe61f415f9620a3ebf6aaf8614231320020dbb3ade3d52f4dff1298d3cf32
            • Instruction Fuzzy Hash: EE01D435B30946DFDB15EB6AD8519BBBBF9FF80220F1541699A01A7285DE30D801C690
            Function 012BEB50 Relevance: .0, Instructions: 46COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID: InitializeThunk
            • String ID:
            • API String ID: 2994545307-0
            • Opcode ID: 60a74224ff69fcbe3a6fef739a6dd5d57fbc3327ae39f6e9e7e592dbc0f44e91
            • Instruction ID: fdc6ea0fe8526c011aaccffaa9815a63be76f41a046fc193f2529281e8ae269a
            • Opcode Fuzzy Hash: 60a74224ff69fcbe3a6fef739a6dd5d57fbc3327ae39f6e9e7e592dbc0f44e91
            • Instruction Fuzzy Hash: 32018FB12A0B11AFD3325A1AD891B96BAE8EF55F90F01442AE7069B390E6B198418B54
            Function 01212582 Relevance: .0, Instructions: 45COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: a9ee684549d78c2e69095af5ee572cf291eb418be70ad40216683396726240dd
            • Instruction ID: 3e7a7b70891fabcdb7ffdbaed291dfb2c65dc6268a7890c49840ec4e5f65f306
            • Opcode Fuzzy Hash: a9ee684549d78c2e69095af5ee572cf291eb418be70ad40216683396726240dd
            • Instruction Fuzzy Hash: CBF0F432661A25B7C735DB5A9D80F5BBAEEEB94BA0F104029F60597640DA30ED01CBA0
            Function 0123C073 Relevance: .0, Instructions: 43COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
            • Instruction ID: 5183b5c8f4e706ca3169da9058fc2a8cdf971b466e4cd00689b3f53d1072004c
            • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
            • Instruction Fuzzy Hash: E1F0C2F2600611ABD324CF4DDC40E67FBEADBD1A80F048129E605DB220EA31DD04CB90
            Function 0120C310 Relevance: .0, Instructions: 43COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
            • Instruction ID: 9933138b9b229e14511f23d9c7634bc6838b1a7e6abd3f782dbf731286e3056d
            • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
            • Instruction Fuzzy Hash: BFF028B32346239BD7331B594840B3BA7958FD5B64F190375E3059B281C9B4CD1163D0
            Function 012E634F Relevance: .0, Instructions: 43COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: e2a74d32bc258e31f034df57b9fa466065f34cf5beb9915bb353a4398ac7cca8
            • Instruction ID: 1579d70adeed11d64c28b401da1748d04605da78eff51d97246a0c445c5cfa9d
            • Opcode Fuzzy Hash: e2a74d32bc258e31f034df57b9fa466065f34cf5beb9915bb353a4398ac7cca8
            • Instruction Fuzzy Hash: 37018F71A2020AEFCB04DFA9D455AAEB7F8FF58704F10406AF904E7350D6749A008BA0
            Function 012E625D Relevance: .0, Instructions: 43COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 15b4daa6c66e3743e0c9d005c83b9bdf87681178a35634f07b0a18f0a2e96939
            • Instruction ID: 93f6bcea6a2c8f6c58a6e1574424b5d775f7276ebada9f1d28fd2d5d3e6567d7
            • Opcode Fuzzy Hash: 15b4daa6c66e3743e0c9d005c83b9bdf87681178a35634f07b0a18f0a2e96939
            • Instruction Fuzzy Hash: D4018F71E2020AEFCB04DFA9D491AAEB7F8FF58304F50406AF900E7351D674AA00CBA4
            Function 012E62D6 Relevance: .0, Instructions: 43COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 966dc5df709d5e9282de8a96444647db81b9f94ff8fdbd24e5b13c19f27ad994
            • Instruction ID: 1aada1116a18ad3760dffb33dda4781dd35a3f9cdd894b2f4c7bcf2a31641d1c
            • Opcode Fuzzy Hash: 966dc5df709d5e9282de8a96444647db81b9f94ff8fdbd24e5b13c19f27ad994
            • Instruction Fuzzy Hash: A6018471A10249EFCB04DFA9D4459AEB7F8FF58704F50405AF904E7350D6749D008BA0
            Function 0124CA6F Relevance: .0, Instructions: 42COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
            • Instruction ID: 46b834802d56fb85935fe34efb7a8a77ed22def2262e31707f0fd5371bf1ff9a
            • Opcode Fuzzy Hash: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
            • Instruction Fuzzy Hash: 9901F932222696ABD326DB1DC805F59BFD8FF41750F084465FB048B6A2D6B8C810C250
            Function 012E61E5 Relevance: .0, Instructions: 41COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: cddeefb7fc407a1369ec9dd6d17ec984a01940b705e8a66f63b181ebc23b0012
            • Instruction ID: 2e6f074994d2583d2f443725bb5fc27010988295255a610ee02420be3d6fd4f1
            • Opcode Fuzzy Hash: cddeefb7fc407a1369ec9dd6d17ec984a01940b705e8a66f63b181ebc23b0012
            • Instruction Fuzzy Hash: FE018F71A2024AABCB04DFA9D445AEEBBF8BF58310F14005AE900A7280D774EA01CB94
            Function 012963C0 Relevance: .0, Instructions: 41COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
            • Instruction ID: b50d07509e2be454ac6e5efc159b86fcd4da05c0547a01a007833aa4c4ec3072
            • Opcode Fuzzy Hash: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
            • Instruction Fuzzy Hash: 1FF0127211001DBFEF019F94DD80DBF7BBDFB592E8B114125FA1196160D635DD21A7A0
            Function 0129A4B0 Relevance: .0, Instructions: 40COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 822c68daafa6fba25ffd381d63fa605274b66ccb9eab637dfa7ae9bb901ced5e
            • Instruction ID: fa371e26173677fcacb34a74021bc03205772a353d16f0284c43e89ac8e8635d
            • Opcode Fuzzy Hash: 822c68daafa6fba25ffd381d63fa605274b66ccb9eab637dfa7ae9bb901ced5e
            • Instruction Fuzzy Hash: 45014936610259ABCF129E88D840EDA7FA6FB4C764F068115FE1966220C736D971EF81
            Function 0120C0F0 Relevance: .0, Instructions: 39COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 0ce742381b93476db13099bb6d686579b4ab524a60e928142f26b714d3a86801
            • Instruction ID: 381685b3fe4c4598d5df2d5a6fa7e7e99fd368084aa0bece8cf31f4c20c6c1bc
            • Opcode Fuzzy Hash: 0ce742381b93476db13099bb6d686579b4ab524a60e928142f26b714d3a86801
            • Instruction Fuzzy Hash: 74F02BB12243425BF71696599D01F3272D6EBD0750F2582A5EB058B2C2EA70DC1183D4
            Function 0124656A Relevance: .0, Instructions: 39COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 39af1fd0ca97c9448cf6cbae5822dacbd6741507bdf60c9a3a546e62649a6582
            • Instruction ID: caec418bd38e1f9b334f3ccbb6ba2023f87882f9d8ad6df3a11c172f845acab7
            • Opcode Fuzzy Hash: 39af1fd0ca97c9448cf6cbae5822dacbd6741507bdf60c9a3a546e62649a6582
            • Instruction Fuzzy Hash: B501A470221AC3DBF336AB2CDD48B2937E8BB45B04F580191FB018BAD6D768D8018610
            Function 012B437C Relevance: .0, Instructions: 37COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
            • Instruction ID: 7d14ec82671e2be4e92ef48557e3a219423ad3b01fbe4489494dee8accad2418
            • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
            • Instruction Fuzzy Hash: 2FF0B431362A9347E735BB2D84D0ABEA6559F90B80B2D052C97168B642DF60D9818780
            Function 0129E872 Relevance: .0, Instructions: 36COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
            • Instruction ID: aea05dbaae0b0328ef5b81bdeccc0b1ff68aa9bf209ec31578648f865b35bddd
            • Opcode Fuzzy Hash: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
            • Instruction Fuzzy Hash: E9F05432731522ABDB21DE8DCC80F16B768BFD9A60F1A0065A7149F670C764EC0187D0
            Function 0129C89D Relevance: .0, Instructions: 36COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: e7bde98c3a01200abb963daab6d53d7a8c7ab9d7f358fdd147939711b1848fbe
            • Instruction ID: b011c6ab731ca705e75f53bac79a501ea6e5231e9cd60ce636a46ae1226b8d16
            • Opcode Fuzzy Hash: e7bde98c3a01200abb963daab6d53d7a8c7ab9d7f358fdd147939711b1848fbe
            • Instruction Fuzzy Hash: B5F08C706253449FC714EF28C442A2BB7E4FF98710F40465AB898DB394E634E901CB96
            Function 01240854 Relevance: .0, Instructions: 35COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
            • Instruction ID: b9d66d97969cc621acbccc958bbddbd14bafe7afc8b3c78577f70599534e409d
            • Opcode Fuzzy Hash: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
            • Instruction Fuzzy Hash: 33F0B472620205AFE718DF26CD01F96B6E9EF98340F158078A645D71A0FAB0DD41CA58
            Function 0129C912 Relevance: .0, Instructions: 34COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: bafac8e2a1dd0f49ad15b85a0f29def48cd4f5b7730b6b64eec318c233b8b1d6
            • Instruction ID: 6856e65ca51b682144f6ac7b0926fa9a6ec04efc5bed575827a6515ef09794ed
            • Opcode Fuzzy Hash: bafac8e2a1dd0f49ad15b85a0f29def48cd4f5b7730b6b64eec318c233b8b1d6
            • Instruction Fuzzy Hash: E5F0C270A20249EFDB04EF69C551A6EB7F4FF18300F008056B905EB385DA78EA01CB50
            Function 012147FB Relevance: .0, Instructions: 33COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: c441d8983a635e915efd714ce62a5a3a7835299f019039add12d57a99eece649
            • Instruction ID: 1a187e7f24b9ba88eb7095c35c2d940dac8f17d9a74c206393b916890f397a82
            • Opcode Fuzzy Hash: c441d8983a635e915efd714ce62a5a3a7835299f019039add12d57a99eece649
            • Instruction Fuzzy Hash: 7FF0B4319366E29FE732FB5CC844B227BD49B20738F0A896ADE4D87546C774D880C651
            Function 012D0115 Relevance: .0, Instructions: 32COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: b983372a0b73b37053357a9d5b1e30585e2c1373eaf8741c89e2aec23eb67ef5
            • Instruction ID: 2d54c8b207b625320985eecb36ca3f16116241dd8b7cff4086f8ecc2e9bcc06f
            • Opcode Fuzzy Hash: b983372a0b73b37053357a9d5b1e30585e2c1373eaf8741c89e2aec23eb67ef5
            • Instruction Fuzzy Hash: E6F027B64356C64ACB335B3CA8613E12B98A791610F09104AE6A157219C574D493C328
            Function 0124C5ED Relevance: .0, Instructions: 31COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: dcb29a0c93120c03346f636c8cf8f7c078d6df4feb5941e5377c1551c46bc4ed
            • Instruction ID: 9e3816ad15369dc610c434a1ac0be3c91eb32760c68863760ad570b7c26ceeea
            • Opcode Fuzzy Hash: dcb29a0c93120c03346f636c8cf8f7c078d6df4feb5941e5377c1551c46bc4ed
            • Instruction Fuzzy Hash: A5F0E2719336929FE32B9B1CC148B217BD89B807A0F09D535D616C7662C7B4E8A0CA51
            Function 01252619 Relevance: .0, Instructions: 31COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
            • Instruction ID: a2e8af141d00014a7707d35a50b563f2ce4b4993330eaefa79d7c7698a692dea
            • Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
            • Instruction Fuzzy Hash: 82E09232310601ABEB519E598CC0F67776E9F92B10F044479BA045E291CAF2DC0982A4
            Function 012A6030 Relevance: .0, Instructions: 29COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
            • Instruction ID: 17478fa0d96a318590e604de35b77bcce8306d5fc1e4b0c081e32f6f508ecf80
            • Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
            • Instruction Fuzzy Hash: 6FF06572164604EFE3218F09D944FA2B7F8FB05364F89C025E7099B561D379EC80CBA4
            Function 01210710 Relevance: .0, Instructions: 28COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
            • Instruction ID: 09c46dff34d3d87cb371f83d8f927f6a7727cbba94e7ea9351ccc38032511349
            • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
            • Instruction Fuzzy Hash: 86F0E5392243459BDB1ADF19C040AAA7BE8FB65350B010454F9428B341E771E9C2CB55
            Function 012449D0 Relevance: .0, Instructions: 28COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
            • Instruction ID: fa5d8df22ac65aa828779045376ead247c381b4b73cce7daa021998152c50171
            • Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
            • Instruction Fuzzy Hash: 97E0D8322745E6ABD3253E598821F7A77A5DBD87A0F154439E3008B150DFB0EC40CBD8
            Function 012E4164 Relevance: .0, Instructions: 27COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: b1a26cf9de0dfd57b491432b707d85e4b9ec7198cb7f9d78d81adf717ac33aff
            • Instruction ID: ccc0843772f91f14456ff2e4ab8183c1d8c01ee620789d8adf772c800b58b1fc
            • Opcode Fuzzy Hash: b1a26cf9de0dfd57b491432b707d85e4b9ec7198cb7f9d78d81adf717ac33aff
            • Instruction Fuzzy Hash: C9F0E531A359D24FEB72E72CE248F5577E0AB50670F8A0554D600CB912C324DC80C650
            Function 012B678E Relevance: .0, Instructions: 27COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
            • Instruction ID: d82bd02249b82a83bc1ee1c770531257e3ca28429fc66d8b587f20db32621808
            • Opcode Fuzzy Hash: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
            • Instruction Fuzzy Hash: 9BE0DF73A50120FBEB25A7998D01FEABFADDB90FA0F154064F700E7090E530DE00D690
            Function 012E08C0 Relevance: .0, Instructions: 25COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
            • Instruction ID: 35c2eab5f8258dfa2418fc92c2fb1ac0b0efaaf1c551cc3ceb62f798c0c992fb
            • Opcode Fuzzy Hash: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
            • Instruction Fuzzy Hash: 5CE09B317503568BCB25CA1FC145A63BBE8DF95660F558079EE0547612C2B1F853C6D4
            Function 012125E0 Relevance: .0, Instructions: 23COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: f712a2b3b867e8a9291078297ee76a1f5809b271d45073c8e8fca8e2a787f7e4
            • Instruction ID: 51dde2cc8eafa08c65dcf455ddbf481112e7fb801c920239d8e60913156653d2
            • Opcode Fuzzy Hash: f712a2b3b867e8a9291078297ee76a1f5809b271d45073c8e8fca8e2a787f7e4
            • Instruction Fuzzy Hash: 60E09272110594ABC322FF29DD11FAA7BDAEB74370F114515F11557194CB34A810C7C4
            Function 012CA456 Relevance: .0, Instructions: 23COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
            • Instruction ID: 05f6a422c7411fbb5fac9cf36439dfd3b5856a941e69b56bbaac12140b18962f
            • Opcode Fuzzy Hash: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
            • Instruction Fuzzy Hash: F6E09231030652DFE7366F2AD848B66BAE0FF50B11F148C2CE296124B0D77598C1CA40
            Function 01294000 Relevance: .0, Instructions: 22COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
            • Instruction ID: 3b76fbc401d750ff70e2fc0685ce217b7f88cd782d556018def631642ae165cb
            • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
            • Instruction Fuzzy Hash: 0DE0C2343103468FEB19DF1DC140B627BB6BFD5A10F28C068AA488F205EB32E843CB40
            Function 0124CA38 Relevance: .0, Instructions: 22COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 97389cfbb9b071707249a191b5eca59daf1cfcc9a332354c53eaf14125a91b7d
            • Instruction ID: c111557ba9c8d5066ef0c51ffd38bac6a1b9c17bcdb0ae892404bc923bd47f09
            • Opcode Fuzzy Hash: 97389cfbb9b071707249a191b5eca59daf1cfcc9a332354c53eaf14125a91b7d
            • Instruction Fuzzy Hash: A2D0C2325A20316BCB2AE91D7C04FE33A9D9B50620F018861F20892011D564CC9183D4
            Function 0120823B Relevance: .0, Instructions: 21COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
            • Instruction ID: adcbd4c7736a6aa48b9060cebe316ff9cba8eb68f10950f47cd3ffba59bfbb76
            • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
            • Instruction Fuzzy Hash: 3BE0C231970A61EFDB332F15DC00F6276A5FF58B20F104A29E181064E5D7B4AC81CB44
            Function 01212050 Relevance: .0, Instructions: 20COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: a421286d80fb283f0db0e315d7544437e654960cc289da2be08bc956f0f7c5ff
            • Instruction ID: b16dd9c5665da0fec9dddba328999a535d3964410535373567e6922ceb270af2
            • Opcode Fuzzy Hash: a421286d80fb283f0db0e315d7544437e654960cc289da2be08bc956f0f7c5ff
            • Instruction Fuzzy Hash: CBE08C321104A4ABC212FA5DDD11F6A77DEEBB8370F100221F15487698CA24AC00C794
            Function 01266AA4 Relevance: .0, Instructions: 17COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
            • Instruction ID: 6e7bb0875386450f91d732c4593830fa9a9dcbd962d3b7775c7151a07a44212b
            • Opcode Fuzzy Hash: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
            • Instruction Fuzzy Hash: D3D05E36521A50EFC3329F1BEA00C17BBF9FBC8A20705062EE54583920C674AC46CBA0
            Function 0124E59C Relevance: .0, Instructions: 16COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
            • Instruction ID: df1dd568eedda5c12e74ab578ed00292c57550ebfb31457f784ef7f81709c62b
            • Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
            • Instruction Fuzzy Hash: ABD0A932224620ABDB32AA1CFC00FE333E8BB8C720F060459F008C7090C368AC81CA84
            Function 0128E908 Relevance: .0, Instructions: 16COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
            • Instruction ID: d170f7c65bba18d0d225cd87f2a1f83e27ebeb6bfe9c96251b2279281da1cf3c
            • Opcode Fuzzy Hash: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
            • Instruction Fuzzy Hash: 4FE0EC35961685ABDF12EF59CA40F5EBBF5BB94B40F1A0054E5185B660C668AD01CB40
            Function 0120A0E3 Relevance: .0, Instructions: 15COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
            • Instruction ID: 0de50f76c81b87ef76153245d961560bcad51de2b5324efdc49b02968e92d1b6
            • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
            • Instruction Fuzzy Hash: ACD02232232031A3CB2A9A556800F67A906AB84AA0F0A022CB50AA3840C0088C42C2E0
            Function 0124A830 Relevance: .0, Instructions: 14COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
            • Instruction ID: 451bf4ac26905e06cdddcdcdff878732d4b4bb91497c514e1df6f199496f505d
            • Opcode Fuzzy Hash: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
            • Instruction Fuzzy Hash: BFD012371E055DBBCB11DF66DC01FA57BA9E768BA0F444020F504875A0C63EE950D684
            Function 0124CA24 Relevance: .0, Instructions: 14COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 49fb24f1553f37f7e905a84a6a930507bbeddeea1f66fda96a60d79eb91155ac
            • Instruction ID: b67385b6cb4e3e1e2e30508f641153f2bbf51ec05c81ed0721e36ed96bc20d00
            • Opcode Fuzzy Hash: 49fb24f1553f37f7e905a84a6a930507bbeddeea1f66fda96a60d79eb91155ac
            • Instruction Fuzzy Hash: 39D092396765269BDF2AEF5DCA21A7E7AB4EF18650B800068E701A2560E369D8218A50
            Function 012202A0 Relevance: .0, Instructions: 13COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
            • Instruction ID: b2d7dad620b43d126c07282813ae6127fe466b77b4a8a5c305efab590d4a7b13
            • Opcode Fuzzy Hash: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
            • Instruction Fuzzy Hash: BBD0C935222E81DFD61BCF1DC5A5B1A33A4FB45B44F810591F501CBB22D67CD940CA04
            Function 0124C700 Relevance: .0, Instructions: 12COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
            • Instruction ID: 7f30ef94a36fff345a639b3d2bf28159f0d1841bd2be268bb3ac4bb0a94ff200
            • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
            • Instruction Fuzzy Hash: 37C012322A0648AFC712EE99CD01F167BA9EBACB50F000021F2048B670C639E820EA84
            Function 01230310 Relevance: .0, Instructions: 11COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
            • Instruction ID: 75ebe332bce1ebcc5abac6af06ff2de478eada06d2efa8bd166746a99b45e83b
            • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
            • Instruction Fuzzy Hash: E0D01236110248EFCB01DF45C890DAA772AFBD8710F108019FD19076108A31ED62DA50
            Function 01210750 Relevance: .0, Instructions: 9COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
            • Instruction ID: 083d83a1976f387b9de109416914d3c0ef5e217dc169bf1892c28f8e4774bcb0
            • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
            • Instruction Fuzzy Hash: 49C04C797115428FCF15DB19D2D4F5977E4F744740F150890E905CB726E664E841CA10
            Function 01254340 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: ec5d57c0652458e4c40526935580aa279a91b163562b3baea688a1efd41ec6dd
            • Instruction ID: 216c85d86722de97b28378f107e80c90b525cd91722aa2ff456012a7d6792190
            • Opcode Fuzzy Hash: ec5d57c0652458e4c40526935580aa279a91b163562b3baea688a1efd41ec6dd
            • Instruction Fuzzy Hash: 6B9002716159005291407158488454A4009A7E0301B55C011E5424558CCA148E965361
            Function 01254650 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: a110d8fa24bb37d38e1c9224f3333a6df36f4a84811956aa032741634c04ae6a
            • Instruction ID: ba648ee62c90909cb4a3457771ace22f5e1de84a48928695b632f07794a36ea0
            • Opcode Fuzzy Hash: a110d8fa24bb37d38e1c9224f3333a6df36f4a84811956aa032741634c04ae6a
            • Instruction Fuzzy Hash: 199002A16116008241407158480440A6009A7E1301395C115A5554564CC6188D959369
            Function 01252B60 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: d83bda1979ddc01d40bb147fad0ee235645b253f88c01249398a3f92ea4d6669
            • Instruction ID: 53dcbb4890904f016ee4f0539649c143fddaa8278edb106abb9c9c44b814cb31
            • Opcode Fuzzy Hash: d83bda1979ddc01d40bb147fad0ee235645b253f88c01249398a3f92ea4d6669
            • Instruction Fuzzy Hash: EF9002A12125004341057158441461A400E97E0201B55C021E6014594DC5258DD16225
            Function 01252BA0 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: f51361c11d97b7053dfdd109c4f1f3be2726dd779fb33265013414d2f920faa6
            • Instruction ID: 8dbb1a5768576064cc388c0cd5d808211413ae99912d7935268674986e111877
            • Opcode Fuzzy Hash: f51361c11d97b7053dfdd109c4f1f3be2726dd779fb33265013414d2f920faa6
            • Instruction Fuzzy Hash: BC90027161550842D1507158441474A000997D0301F55C011A5024658DC7558F9577A1
            Function 01252B80 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 225229f74e903f2e8e3dd972a0bbe92a89c3ccb5a166609e9e94bdb826774e4e
            • Instruction ID: 23e68618a2ae67265561767dcc19f2d5e3b19ab7da74965100a572139562c51e
            • Opcode Fuzzy Hash: 225229f74e903f2e8e3dd972a0bbe92a89c3ccb5a166609e9e94bdb826774e4e
            • Instruction Fuzzy Hash: 8F90027121150842D1047158480468A000997D0301F55C011AB024659ED6658DD17231
            Function 01252BE0 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: ceaf5a0b9343468c5659e9fed5c201896c8a54ad40ebbe1cab83d8183db81f91
            • Instruction ID: 89a23bfbf271b489e98b8ae0f115a63716687da53f2b52e8b11e50cbc1a81230
            • Opcode Fuzzy Hash: ceaf5a0b9343468c5659e9fed5c201896c8a54ad40ebbe1cab83d8183db81f91
            • Instruction Fuzzy Hash: 8890027121554882D14071584404A4A001997D0305F55C011A5064698DD6258E95B761
            Function 01252BF0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 76886ea9cede22f079f545f7a7d84f8c8db491c0143ae584fd21707958516aab
            • Instruction ID: db812905a5b41fd888c32bcc979080b9215e6427d89973b7b4ab1b1b4789aa25
            • Opcode Fuzzy Hash: 76886ea9cede22f079f545f7a7d84f8c8db491c0143ae584fd21707958516aab
            • Instruction Fuzzy Hash: EB90027121150842D1807158440464E000997D1301F95C015A5025658DCA158F9977A1
            Function 01252AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 12c7cad0e95354f6976e6787784cfeafb30e7685ac941ce98b7682bdfdd42047
            • Instruction ID: ff7135328451a8e3d723faffae49eef8f43415c4ba3cebbbaa06d30b6059ad6e
            • Opcode Fuzzy Hash: 12c7cad0e95354f6976e6787784cfeafb30e7685ac941ce98b7682bdfdd42047
            • Instruction Fuzzy Hash: 009002E1211640D24500B2588404B0E450997E0201B55C016E6054564CC5258D919235
            Function 01252AF0 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 02c75be9dbb46f569cec74702a84357d4c3f1a3e7f75ecb54ca5b904dc58c783
            • Instruction ID: 913fc2cffd3ea42a13ce2988a2f9a3ddc33d35141eac1cd4f6d1bd1bb008ec48
            • Opcode Fuzzy Hash: 02c75be9dbb46f569cec74702a84357d4c3f1a3e7f75ecb54ca5b904dc58c783
            • Instruction Fuzzy Hash: 56900265231500420145B558060450F0449A7D6351395C015F6416594CC6218DA55321
            Function 01252AD0 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 03fa441899f3a9fd11f6f383629f8f9cdc5ec143d5b21c105d612774e939d8af
            • Instruction ID: ba585cc0716d66b67e9cdefb4e353ed98b1ea7b947100f322fc606edc7bc71e6
            • Opcode Fuzzy Hash: 03fa441899f3a9fd11f6f383629f8f9cdc5ec143d5b21c105d612774e939d8af
            • Instruction Fuzzy Hash: C5900475331500430105F55C070450F004FD7D5351355C031F7015554CD731CDF15331
            Function 01252D30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: e535766c23133896e4b97851dcfd15ee3ceec49e7d29d09c80ea1b4d89a04ef6
            • Instruction ID: 96daeb55f54cc993eed074d2411785761fc5a74f4ff10004e67e716ed72ef66b
            • Opcode Fuzzy Hash: e535766c23133896e4b97851dcfd15ee3ceec49e7d29d09c80ea1b4d89a04ef6
            • Instruction Fuzzy Hash: D990026131150043D1407158541860A4009E7E1301F55D011E5414558CD9158D965322
            Function 01252D00 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 11aea6089e04d4b56e239bfce18668cda3158c8754d3c053d3e222ee8b5cd1a6
            • Instruction ID: 7b92731911e61b806650aa5b81a38c3e6638825680c3cfa4b05eed8cb5436f83
            • Opcode Fuzzy Hash: 11aea6089e04d4b56e239bfce18668cda3158c8754d3c053d3e222ee8b5cd1a6
            • Instruction Fuzzy Hash: 0890026121554482D10075585408A0A000997D0205F55D011A6064599DC6358D91A231
            Function 01252D10 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 167df9a54080ddc71b7c0a40c8bb029c1388fed1e692366092b1cf5db386222a
            • Instruction ID: 5daac14894dd0c21b74314169dc7f377b44fb4b20b74a28d588f94c787afab37
            • Opcode Fuzzy Hash: 167df9a54080ddc71b7c0a40c8bb029c1388fed1e692366092b1cf5db386222a
            • Instruction Fuzzy Hash: 8090026922350042D1807158540860E000997D1202F95D415A501555CCC9158DA95321
            Function 01252DB0 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: b6027067e862f455fc83d2b298b75742d69445daf6aebd65e9a07f78f7e348ed
            • Instruction ID: 18797e50daf0df3a54c5cbbe882454b8ceb673177aa159c3f2286bc50b4e4e77
            • Opcode Fuzzy Hash: b6027067e862f455fc83d2b298b75742d69445daf6aebd65e9a07f78f7e348ed
            • Instruction Fuzzy Hash: 3990027125150442D1417158440460A000DA7D0241F95C012A5424558EC6558F96AB61
            Function 01252DD0 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 3af2ce12d57aebb3e048713c3578360cecf79c1a8f4c6914d74ca2163f5b91ab
            • Instruction ID: 52a23264dabbc4b018969e5ae02bb122c724e97f24f5bafe79a4b24ca8f2e446
            • Opcode Fuzzy Hash: 3af2ce12d57aebb3e048713c3578360cecf79c1a8f4c6914d74ca2163f5b91ab
            • Instruction Fuzzy Hash: B9900261252541925545B158440450B400AA7E0241795C012A6414954CC5269D96D721
            Function 01252C60 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 3212777293cff5a7efabfc456bded67f2837a115ea3ba5adaeeb2fec5fd497df
            • Instruction ID: 4efda5384280d7adb30473ccc0bd369dc2b4c2a088641c8fb35b5df2b5187a4a
            • Opcode Fuzzy Hash: 3212777293cff5a7efabfc456bded67f2837a115ea3ba5adaeeb2fec5fd497df
            • Instruction Fuzzy Hash: C990027121150882D10071584404B4A000997E0301F55C016A5124658DC615CD917621
            Function 01252C70 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 265d192879d02d6a85b1dbe8b8d25a0e96a9d314521490e03d72335ddac8128d
            • Instruction ID: 2421918ad524549274c5b173578f7221ffd6ff103f56670bfad72f401d162dee
            • Opcode Fuzzy Hash: 265d192879d02d6a85b1dbe8b8d25a0e96a9d314521490e03d72335ddac8128d
            • Instruction Fuzzy Hash: FB90027121158842D1107158840474E000997D0301F59C411A942465CDC6958DD17221
            Function 01252CA0 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: e32ba194ae3cbf60933feb53028a171ce6e4990c3ba553768ee0c57b6537e0c1
            • Instruction ID: c5a44ecb7876af57ad21561f2f8fa5310f0d99b84be7ebc3f40831c05bfe7f85
            • Opcode Fuzzy Hash: e32ba194ae3cbf60933feb53028a171ce6e4990c3ba553768ee0c57b6537e0c1
            • Instruction Fuzzy Hash: 6990027121150442D1007598540864A000997E0301F55D011AA024559EC6658DD16231
            Function 01252CF0 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: ff891f515c0cf1d431bfe9e930ece561df2d31e4e0d4a45b4cac8ab4bcf44aa6
            • Instruction ID: 3554002edf68a9abcff9403c63f399ef21f299aaba8a25be296aa6e1af27f64c
            • Opcode Fuzzy Hash: ff891f515c0cf1d431bfe9e930ece561df2d31e4e0d4a45b4cac8ab4bcf44aa6
            • Instruction Fuzzy Hash: 2D90047131150443D100715C550C70F000DD7D0301F55D411F543455CDD757CDD17331
            Function 01252CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 617357837134eaea23b7774fba4b07c104e222a44aa7e4753a607701d8c307aa
            • Instruction ID: d9c2a4b8f0317d6cedb499824afddcfab818218a62c72672359d5c9abcd9abd6
            • Opcode Fuzzy Hash: 617357837134eaea23b7774fba4b07c104e222a44aa7e4753a607701d8c307aa
            • Instruction Fuzzy Hash: 5290026161550442D1407158541870A001997D0201F55D011A5024558DC6598F9567A1
            Function 01252F30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 7be5b95f9eaab638ca3f886f2bf1bf7d815dc2343ee9a24d4a4be8c461d289a6
            • Instruction ID: 030a3c73928af71e46fc206b16a1bf568a526faa6a5df66115f8d5b41624d079
            • Opcode Fuzzy Hash: 7be5b95f9eaab638ca3f886f2bf1bf7d815dc2343ee9a24d4a4be8c461d289a6
            • Instruction Fuzzy Hash: 4A9002A135150482D10071584414B0A0009D7E1301F55C015E6064558DC619CD926226
            Function 01252F60 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 418566753cbca7e07d63ae82c7f5f27c5cc41fce8f47ebff378d890918bb29b0
            • Instruction ID: ec6d50f52701d04e81198861e37396bf621ca0ba5f4e9559f8f4ca2478d02482
            • Opcode Fuzzy Hash: 418566753cbca7e07d63ae82c7f5f27c5cc41fce8f47ebff378d890918bb29b0
            • Instruction Fuzzy Hash: B69002A122150082D1047158440470A004997E1201F55C012A7154558CC5298DA15225
            Function 01252FA0 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: f1e0b85da3d5e25a029fd95d41c21c4842049eafea17df5f1e371b30ed579d29
            • Instruction ID: 25622764e0c6395285426ca0a36da586bef88dc06548e722db32555c7b0bb223
            • Opcode Fuzzy Hash: f1e0b85da3d5e25a029fd95d41c21c4842049eafea17df5f1e371b30ed579d29
            • Instruction Fuzzy Hash: 9990027121190442D1007158480874B000997D0302F55C011AA164559EC665CDD16631
            Function 01252FB0 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 75f0373577407590f425c9cd1013dd9ff047ccce1bb0ae502409fd7307a5cb78
            • Instruction ID: ac6dac8acb9c2adebd602451b6d3021fc43b9fba89ed4aed7c6f47beac6af361
            • Opcode Fuzzy Hash: 75f0373577407590f425c9cd1013dd9ff047ccce1bb0ae502409fd7307a5cb78
            • Instruction Fuzzy Hash: A49002616115008241407168884490A4009BBE1211755C121A5998554DC5598DA55765
            Function 01252F90 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: e9daea36b202f6f257fd3ca4e1bc82fa507ccb3ac7b9494cefba2fb3bf674a91
            • Instruction ID: 8e1f0c3d3542ecd51ef61a86b58f202b0909e0ad279e136f6fd1b1187cf6b539
            • Opcode Fuzzy Hash: e9daea36b202f6f257fd3ca4e1bc82fa507ccb3ac7b9494cefba2fb3bf674a91
            • Instruction Fuzzy Hash: 4690027121190442D1007158481470F000997D0302F55C011A6164559DC6258D916671
            Function 01252FE0 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 45486911a501a6dc47ab5dbdac4efb281664f1dc8ee7bbc4599fe1edea24aa47
            • Instruction ID: 88644551f3c1bb65e4367af01cbfcdd38f3e45d16cb913f3a866a7dafb1b9426
            • Opcode Fuzzy Hash: 45486911a501a6dc47ab5dbdac4efb281664f1dc8ee7bbc4599fe1edea24aa47
            • Instruction Fuzzy Hash: AB900261221D0082D20075684C14B0B000997D0303F55C115A5154558CC9158DA15621
            Function 01252E30 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: db9f0ecae441c03d439346ac17fff9b9ba698f5c3e83c78d153df3470572e54d
            • Instruction ID: c8f6647adc825b508547d4b064dd5c2bd36ae61a67bb45c7b18f70582fcb00ec
            • Opcode Fuzzy Hash: db9f0ecae441c03d439346ac17fff9b9ba698f5c3e83c78d153df3470572e54d
            • Instruction Fuzzy Hash: 3B90026131150442D1027158441460A000DD7D1345F95C012E6424559DC6258E93A232
            Function 01252EA0 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 29ec07f9db3c796710e584ce0d53af93c5098813b596b7d170ca5199c7da97c7
            • Instruction ID: 665d2263f7a8e680fefa9d711abe45838ef8f29ec1ff7ac24e4bb5f1f321877d
            • Opcode Fuzzy Hash: 29ec07f9db3c796710e584ce0d53af93c5098813b596b7d170ca5199c7da97c7
            • Instruction Fuzzy Hash: 649002B121150442D1407158440474A000997D0301F55C011AA064558EC6598ED56765
            Function 01252E80 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 8d2b21614a8bf50ea0f165253f8ac411f4a79df9b476b31d64135b73b7b4a905
            • Instruction ID: 1f43b0b8895eaa87ff0bf3f32b70be39d76f54cb9281f15f90c41a7e332980eb
            • Opcode Fuzzy Hash: 8d2b21614a8bf50ea0f165253f8ac411f4a79df9b476b31d64135b73b7b4a905
            • Instruction Fuzzy Hash: 1390026161150542D1017158440461A000E97D0241F95C022A6024559ECA258ED2A231
            Function 01252EE0 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: cec8735a6070b7167f4af1d666b40eb3490f4d0360021c7262c12d6add5e1f09
            • Instruction ID: c3fe91db80c9b105b6775b509aa89eaae22748ee3e67c29d20f70c4b9c2f0be8
            • Opcode Fuzzy Hash: cec8735a6070b7167f4af1d666b40eb3490f4d0360021c7262c12d6add5e1f09
            • Instruction Fuzzy Hash: 6B9002A121190443D1407558480460B000997D0302F55C011A7064559ECA298D916235
            Function 01253010 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 6fef0659ad7480359f0998d07fa0a3837baddac4f93ff59d69cba4f1f022f1f4
            • Instruction ID: f2a371a020a592b7bac4f2a82a26a85f2a9f48d0401312d8a526c2738d3e5ec1
            • Opcode Fuzzy Hash: 6fef0659ad7480359f0998d07fa0a3837baddac4f93ff59d69cba4f1f022f1f4
            • Instruction Fuzzy Hash: 0490026121194482D14072584804B0F410997E1202F95C019A9156558CC9158D955721
            Function 01253090 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 899afa417a9ffd83116003d9eefa89735f5e60e051fcad56c814bd971a9d4ca0
            • Instruction ID: e2857321b6a0e0703296dd235467d5d8ec318ab9e82c0d341a470d5e26972025
            • Opcode Fuzzy Hash: 899afa417a9ffd83116003d9eefa89735f5e60e051fcad56c814bd971a9d4ca0
            • Instruction Fuzzy Hash: 1790026125150842D1407158841470B000AD7D0601F55C011A5024558DC6168EA567B1
            Function 012535C0 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: fcf2988936fb3179e0c2e7197fb282a2df73a89303974366466ec01ef21f1434
            • Instruction ID: 9e202fa21d73b18c6a081f93ba37c6df63e5644dabe98c6bd4694e1132cf1b1d
            • Opcode Fuzzy Hash: fcf2988936fb3179e0c2e7197fb282a2df73a89303974366466ec01ef21f1434
            • Instruction Fuzzy Hash: 2C90027161560442D1007158451470A100997D0201F65C411A542456CDC7958E9166A2
            Function 012539B0 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: b9e9a5e10a04c1f9abe1d054bcc0e10a68f332c7f7cad5a2459ef0a0f1f849fa
            • Instruction ID: a54e9c4cc8dc9e8a3bccabed399403143926277d91ae93ca13bc74d8bd16a162
            • Opcode Fuzzy Hash: b9e9a5e10a04c1f9abe1d054bcc0e10a68f332c7f7cad5a2459ef0a0f1f849fa
            • Instruction Fuzzy Hash: 0F90026125555142D150715C440461A4009B7E0201F55C021A5814598DC5558D956321
            Function 01253D10 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 4fbac0de4ea1c81048376ac500c58c9c6f082b895b44e9e1f144dc4a1f574a16
            • Instruction ID: e9a19c67624a4e28db2193a15673eb7476526a9714ed855faf6a67cde563a45a
            • Opcode Fuzzy Hash: 4fbac0de4ea1c81048376ac500c58c9c6f082b895b44e9e1f144dc4a1f574a16
            • Instruction Fuzzy Hash: 6A90027121250182954072585804A4E410997E1302B95D415A5015558CC9148DA15321
            Function 01253D70 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 5b826f6a86a7cf08034e7f21b497b3b5309517b39692f2d64916fd3cf91a0403
            • Instruction ID: 0977193c4c3ed2e101220a1480ed9e0467fe5206fff38e5c5b78e62d86674a1f
            • Opcode Fuzzy Hash: 5b826f6a86a7cf08034e7f21b497b3b5309517b39692f2d64916fd3cf91a0403
            • Instruction Fuzzy Hash: EC90027521150442D5107158580464A004A97D0301F55D411A542455CDC6548DE1A221
            Function 01252C00 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
            • Instruction ID: 82197116f8334ac40cc408a478e3713dc8fec5e1a0314284f04f41833dd3c5f4
            • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
            • Instruction Fuzzy Hash:
            Function 01252890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
            Download Yara Rule
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID: ___swprintf_l
            • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
            • API String ID: 48624451-2108815105
            • Opcode ID: 791a1af263e20ae3bd609712f335c5752ad5e523cb559d6125f33af323f2d876
            • Instruction ID: 91caa3499c2b9921afbe61d6bf2d0a7ae3ec2df3398b3d4cb587cb243f15c637
            • Opcode Fuzzy Hash: 791a1af263e20ae3bd609712f335c5752ad5e523cb559d6125f33af323f2d876
            • Instruction Fuzzy Hash: 6C51E4B6A24117EFCB55DB9C89C097EFBB8BB08240714822AE965D7681D774DE4087A0
            Function 012C2410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
            Download Yara Rule
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID: ___swprintf_l
            • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
            • API String ID: 48624451-2108815105
            • Opcode ID: f72a8d943ff2fc3a9713c4c7b502db07eadef5c42461372ada01cf4b2625f133
            • Instruction ID: d07549efe902843016ce86fe5393f1c662a40d0e44994c7d0ae4b8b50af5d66e
            • Opcode Fuzzy Hash: f72a8d943ff2fc3a9713c4c7b502db07eadef5c42461372ada01cf4b2625f133
            • Instruction Fuzzy Hash: AF512775A20646EFCB35CF5CC88087FFBF8EF54640B00855EE696D3682DAB0DA408760
            Function 01247630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
            Download Yara Rule
            Strings
            • Execute=1, xrefs: 01284713
            • CLIENT(ntdll): Processing section info %ws..., xrefs: 01284787
            • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 01284655
            • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 01284742
            • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 012846FC
            • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 01284725
            • ExecuteOptions, xrefs: 012846A0
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
            • API String ID: 0-484625025
            • Opcode ID: 036ff1d12e8a1155b3184a2653dd19e3d4beaaa71ddc87573f37ead2dc05f6d5
            • Instruction ID: 9f98f5f4e352539d1c0bb7352ef6f35aba5f407ec29c1bdf07aed5c73bb94b10
            • Opcode Fuzzy Hash: 036ff1d12e8a1155b3184a2653dd19e3d4beaaa71ddc87573f37ead2dc05f6d5
            • Instruction Fuzzy Hash: 14511731A2025ABFEF29FAA9DC85FBE77ADEF14304F040099DA15A71C1E7709A458F50
            Function 012E6940 Relevance: 9.4, APIs: 6, Instructions: 416COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: d8848935565deeecae3b40dc4d36252ac36c0d5f22eb4f09df1253b8d6557a4c
            • Instruction ID: fd174921c25c93c60ae5681d4d22839f705967cdc392c724670fadc3615b1097
            • Opcode Fuzzy Hash: d8848935565deeecae3b40dc4d36252ac36c0d5f22eb4f09df1253b8d6557a4c
            • Instruction Fuzzy Hash: D7022671528342AFD705CF19C498E6FBBE5EFD8700F84892DBA895B250DB31E905CB82
            Function 0125B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
            Download Yara Rule
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID: __aulldvrm
            • String ID: +$-$0$0
            • API String ID: 1302938615-699404926
            • Opcode ID: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
            • Instruction ID: 965fae88967aa7fadc35bdd36069122d66030802a5581f9db81579636264533e
            • Opcode Fuzzy Hash: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
            • Instruction Fuzzy Hash: 2081B071E3524A9EEF698E6CC8D17FEBBA3AF45320F184159DE61A72D1C7348840CB61
            Function 012C20E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
            Download Yara Rule
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID: ___swprintf_l
            • String ID: %%%u$[$]:%u
            • API String ID: 48624451-2819853543
            • Opcode ID: 35717cb591807c0ceefe2e352e70bce730c5e3f3097253c6998d0c77c8a13ef6
            • Instruction ID: ef8bdc331abf2e8becac08c53d3b91aa55f73e734053b32764cbc1de0976da45
            • Opcode Fuzzy Hash: 35717cb591807c0ceefe2e352e70bce730c5e3f3097253c6998d0c77c8a13ef6
            • Instruction Fuzzy Hash: 1C21567AA2011ADBDB11DE69CC409BEBBFCEF94644F04021AEB05E3241EB7099018BA1
            Function 0123F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
            Download Yara Rule
            Strings
            • RTL: Re-Waiting, xrefs: 0128031E
            • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 012802BD
            • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 012802E7
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
            • API String ID: 0-2474120054
            • Opcode ID: ce37508cc50e673b578b619774a104218380df3ebc3d313aea85388db081e879
            • Instruction ID: b4a70c3381872435b62e74c12e36ae947324f20944fb368f5ee2b3c77e222440
            • Opcode Fuzzy Hash: ce37508cc50e673b578b619774a104218380df3ebc3d313aea85388db081e879
            • Instruction Fuzzy Hash: B9E1C070A24742DFE725DF28D985B2ABBE0BB84314F140A5DF6A5CB2E1D774D848CB42
            Function 0124BED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
            Download Yara Rule
            Strings
            • RTL: Re-Waiting, xrefs: 01287BAC
            • RTL: Resource at %p, xrefs: 01287B8E
            • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 01287B7F
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
            • API String ID: 0-871070163
            • Opcode ID: 90368266ec6ff1e0b28ccdefc3f9eb90a065b132e1dcfefe9489f3d9c485d833
            • Instruction ID: ce1506990bcc5a6e3c606231fffc95f86057350ff48b9df0261326957ffd7537
            • Opcode Fuzzy Hash: 90368266ec6ff1e0b28ccdefc3f9eb90a065b132e1dcfefe9489f3d9c485d833
            • Instruction Fuzzy Hash: 434124357217039FDB29DE29C941B2AB7E5EF98710F100A1DFA5ADB280DB71E805CB91
            Function 0124B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
            Download Yara Rule
            APIs
            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0128728C
            Strings
            • RTL: Re-Waiting, xrefs: 012872C1
            • RTL: Resource at %p, xrefs: 012872A3
            • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 01287294
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
            • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
            • API String ID: 885266447-605551621
            • Opcode ID: 8ef667b6fc1bc89c31f5f162a7e16439d01b2ae6a114b9940b763231e7cf1165
            • Instruction ID: 9eacc0c29e6b1e76ec0d9e58eca6019f76b73e8e25c69745d8d04a1d92be8c8c
            • Opcode Fuzzy Hash: 8ef667b6fc1bc89c31f5f162a7e16439d01b2ae6a114b9940b763231e7cf1165
            • Instruction Fuzzy Hash: CA41F035661203ABDB25EE29CC41B66BBA5FB94710F200619FE55EB280DB31E852CBD1
            Function 012C2300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
            Download Yara Rule
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID: ___swprintf_l
            • String ID: %%%u$]:%u
            • API String ID: 48624451-3050659472
            • Opcode ID: d9575b2c52aafffbf42c29bb6013e9e059ccbd9d3d0eba2ce12c5fd6aa09f7e7
            • Instruction ID: 9341c93cd817b45b9d8f826b23555c4365af1e2b9301f4733848301bc386d4f9
            • Opcode Fuzzy Hash: d9575b2c52aafffbf42c29bb6013e9e059ccbd9d3d0eba2ce12c5fd6aa09f7e7
            • Instruction Fuzzy Hash: 3E315772620119DFDB21DF29DC40BFEB7F8FB54610F44459AEA49E3240EF309A549B60
            Function 01257D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
            Download Yara Rule
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID: __aulldvrm
            • String ID: +$-
            • API String ID: 1302938615-2137968064
            • Opcode ID: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
            • Instruction ID: 4ae0482b05ab8b2d6285d22830b62db03794b62640541450e3d49402d684f9cd
            • Opcode Fuzzy Hash: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
            • Instruction Fuzzy Hash: 9E91D270EA02079BEFA4DF6DC8C1ABEBBA5BF44320F94451AEE55E72C0E77089408711
            Function 01219126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000006.00000002.2042820303.00000000011E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 011E0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_6_2_11e0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: $$@
            • API String ID: 0-1194432280
            • Opcode ID: 94a65c59daebcc48f46851c736d1b79966e735a820168fa6a559fa1cc58ec16c
            • Instruction ID: 69cc35d6e7571ca55245ea9df21fd23d215e238bd75cb107da114d762d811b50
            • Opcode Fuzzy Hash: 94a65c59daebcc48f46851c736d1b79966e735a820168fa6a559fa1cc58ec16c
            • Instruction Fuzzy Hash: 8F812B71D1026ADBDB35CB54CC55BEEB7B8AB48714F0041EAEA19B7280D7709E84CFA4