Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
PO STS_2184_06_2024.exe

Overview

General Information

Sample name:PO STS_2184_06_2024.exe
Analysis ID:1467073
MD5:f9a3edaa59e9e93035aea302cfdeca9a
SHA1:ad0e341a060b8e70aedbe56622d872066768dc3a
SHA256:0d7f81bf5df4bb53947a85f21d0e83dccd3e151b2fbabfc00bd2eb584a273f0b
Tags:exe
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected AntiVM3
Yara detected FormBook
.NET source code contains potential unpacker
.NET source code contains very large array initializations
AI detected suspicious sample
Adds a directory exclusion to Windows Defender
Loading BitLocker PowerShell Module
Machine Learning detection for sample
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
May sleep (evasive loops) to hinder dynamic analysis
PE / OLE file has an invalid certificate
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: Powershell Defender Exclusion
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • PO STS_2184_06_2024.exe (PID: 3136 cmdline: "C:\Users\user\Desktop\PO STS_2184_06_2024.exe" MD5: F9A3EDAA59E9E93035AEA302CFDECA9A)
    • powershell.exe (PID: 5340 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\PO STS_2184_06_2024.exe" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 3516 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • RegSvcs.exe (PID: 1032 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe" MD5: 9D352BC46709F0CB5EC974633A0C3C94)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000005.00000002.2630248642.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000005.00000002.2630248642.0000000000400000.00000040.00000400.00020000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x2de43:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0x173f2:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    00000005.00000002.2630538405.0000000000D40000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000005.00000002.2630538405.0000000000D40000.00000004.00001000.00020000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
      • 0x2a8a0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
      • 0x13e4f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
      Process Memory Space: PO STS_2184_06_2024.exe PID: 3136JoeSecurity_AntiVM_3Yara detected AntiVM_3Joe Security

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        5.2.RegSvcs.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          5.2.RegSvcs.exe.400000.0.unpackWindows_Trojan_Formbook_1112e116unknownunknown
          • 0x2d043:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
          • 0x165f2:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
          5.2.RegSvcs.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            5.2.RegSvcs.exe.400000.0.raw.unpackWindows_Trojan_Formbook_1112e116unknownunknown
            • 0x2de43:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
            • 0x173f2:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01

            Sigma Signatures

            System Summary

            barindex
            Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
            Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\PO STS_2184_06_2024.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\PO STS_2184_06_2024.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\PO STS_2184_06_2024.exe", ParentImage: C:\Users\user\Desktop\PO STS_2184_06_2024.exe, ParentProcessId: 3136, ParentProcessName: PO STS_2184_06_2024.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\PO STS_2184_06_2024.exe", ProcessId: 5340, ProcessName: powershell.exe
            Sigma detected: Powershell Defender Exclusion
            Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\PO STS_2184_06_2024.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\PO STS_2184_06_2024.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\PO STS_2184_06_2024.exe", ParentImage: C:\Users\user\Desktop\PO STS_2184_06_2024.exe, ParentProcessId: 3136, ParentProcessName: PO STS_2184_06_2024.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\PO STS_2184_06_2024.exe", ProcessId: 5340, ProcessName: powershell.exe
            Sigma detected: Non Interactive PowerShell Process Spawned
            Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\PO STS_2184_06_2024.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\PO STS_2184_06_2024.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\PO STS_2184_06_2024.exe", ParentImage: C:\Users\user\Desktop\PO STS_2184_06_2024.exe, ParentProcessId: 3136, ParentProcessName: PO STS_2184_06_2024.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\PO STS_2184_06_2024.exe", ProcessId: 5340, ProcessName: powershell.exe

            Snort Signatures

            No Snort rule has matched

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Multi AV Scanner detection for submitted file
            Source: PO STS_2184_06_2024.exeReversingLabs: Detection: 31%
            Yara detected FormBook
            Source: Yara matchFile source: 5.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 5.2.RegSvcs.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000005.00000002.2630248642.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.2630538405.0000000000D40000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
            AI detected suspicious sample
            Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
            Machine Learning detection for sample
            Source: PO STS_2184_06_2024.exeJoe Sandbox ML: detected

            Compliance

            barindex
            Detected unpacking (overwrites its own PE header)
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeUnpacked PE file: 0.2.PO STS_2184_06_2024.exe.850000.0.unpack
            Source: PO STS_2184_06_2024.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: PO STS_2184_06_2024.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: Binary string: wntdll.pdbUGP source: RegSvcs.exe, 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: RegSvcs.exe, RegSvcs.exe, 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeCode function: 4x nop then mov dword ptr [ebp-1Ch], 00000000h0_2_04CE1AA0
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeCode function: 4x nop then mov dword ptr [ebp-1Ch], 00000000h0_2_04CE569D
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeCode function: 4x nop then push dword ptr [ebp-20h]0_2_04CE580C
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeCode function: 4x nop then mov dword ptr [ebp-1Ch], 7FFFFFFFh0_2_04CE580C
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeCode function: 4x nop then push dword ptr [ebp-20h]0_2_04CE5818
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeCode function: 4x nop then mov dword ptr [ebp-1Ch], 7FFFFFFFh0_2_04CE5818
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeCode function: 4x nop then xor edx, edx0_2_04CE5A65
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeCode function: 4x nop then xor edx, edx0_2_04CE5A70
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeCode function: 4x nop then push dword ptr [ebp-24h]0_2_04CE5B2D
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeCode function: 4x nop then mov dword ptr [ebp-1Ch], 7FFFFFFFh0_2_04CE5B2D
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeCode function: 4x nop then push dword ptr [ebp-24h]0_2_04CE5B38
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeCode function: 4x nop then mov dword ptr [ebp-1Ch], 7FFFFFFFh0_2_04CE5B38
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeCode function: 4x nop then mov ecx, dword ptr [ebp-38h]0_2_052BB798
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeCode function: 4x nop then mov ecx, dword ptr [ebp-38h]0_2_052B9CFC
            Source: PO STS_2184_06_2024.exeString found in binary or memory: http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q
            Source: PO STS_2184_06_2024.exeString found in binary or memory: http://crl.comodoca.com/COMODORSACodeSigningCA.crl0t
            Source: PO STS_2184_06_2024.exeString found in binary or memory: http://ocsp.comodoca.com0
            Source: PO STS_2184_06_2024.exe, 00000000.00000002.2186793071.0000000002C71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
            Source: PO STS_2184_06_2024.exeString found in binary or memory: https://www.chiark.greenend.org.uk/~sgtatham/putty/0

            E-Banking Fraud

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 5.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 5.2.RegSvcs.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000005.00000002.2630248642.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.2630538405.0000000000D40000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

            System Summary

            barindex
            Malicious sample detected (through community Yara rule)
            Source: 5.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 5.2.RegSvcs.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000005.00000002.2630248642.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000005.00000002.2630538405.0000000000D40000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            .NET source code contains very large array initializations
            Source: 0.2.PO STS_2184_06_2024.exe.4cc0000.10.raw.unpack, -Module-.csLarge array initialization: _200D_200D_202B_206F_206A_206B_202B_200B_200D_206D_200C_206B_206A_200B_202E_200C_200E_202A_200E_206D_206F_202D_206F_206D_206C_200F_206A_202D_206C_202B_206A_206F_202A_206A_200E_200F_200B_200F_202E_202D_202E: array initializer size 3088
            Source: 0.2.PO STS_2184_06_2024.exe.2c9ab9c.2.raw.unpack, -Module-.csLarge array initialization: _200D_200D_202B_206F_206A_206B_202B_200B_200D_206D_200C_206B_206A_200B_202E_200C_200E_202A_200E_206D_206F_202D_206F_206D_206C_200F_206A_202D_206C_202B_206A_206F_202A_206A_200E_200F_200B_200F_202E_202D_202E: array initializer size 3088
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess Stats: CPU usage > 49%
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0042B2F3 NtClose,5_2_0042B2F3
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012E2B60 NtClose,LdrInitializeThunk,5_2_012E2B60
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012E2DF0 NtQuerySystemInformation,LdrInitializeThunk,5_2_012E2DF0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012E2C70 NtFreeVirtualMemory,LdrInitializeThunk,5_2_012E2C70
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012E35C0 NtCreateMutant,LdrInitializeThunk,5_2_012E35C0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012E4340 NtSetContextThread,5_2_012E4340
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012E4650 NtSuspendThread,5_2_012E4650
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012E2BA0 NtEnumerateValueKey,5_2_012E2BA0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012E2B80 NtQueryInformationFile,5_2_012E2B80
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012E2BE0 NtQueryValueKey,5_2_012E2BE0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012E2BF0 NtAllocateVirtualMemory,5_2_012E2BF0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012E2AB0 NtWaitForSingleObject,5_2_012E2AB0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012E2AF0 NtWriteFile,5_2_012E2AF0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012E2AD0 NtReadFile,5_2_012E2AD0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012E2D30 NtUnmapViewOfSection,5_2_012E2D30
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012E2D00 NtSetInformationFile,5_2_012E2D00
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012E2D10 NtMapViewOfSection,5_2_012E2D10
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012E2DB0 NtEnumerateKey,5_2_012E2DB0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012E2DD0 NtDelayExecution,5_2_012E2DD0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012E2C00 NtQueryInformationProcess,5_2_012E2C00
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012E2C60 NtCreateKey,5_2_012E2C60
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012E2CA0 NtQueryInformationToken,5_2_012E2CA0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012E2CF0 NtOpenProcess,5_2_012E2CF0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012E2CC0 NtQueryVirtualMemory,5_2_012E2CC0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012E2F30 NtCreateSection,5_2_012E2F30
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012E2F60 NtCreateProcessEx,5_2_012E2F60
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012E2FA0 NtQuerySection,5_2_012E2FA0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012E2FB0 NtResumeThread,5_2_012E2FB0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012E2F90 NtProtectVirtualMemory,5_2_012E2F90
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012E2FE0 NtCreateFile,5_2_012E2FE0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012E2E30 NtWriteVirtualMemory,5_2_012E2E30
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012E2EA0 NtAdjustPrivilegesToken,5_2_012E2EA0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012E2E80 NtReadVirtualMemory,5_2_012E2E80
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012E2EE0 NtQueueApcThread,5_2_012E2EE0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012E3010 NtOpenDirectoryObject,5_2_012E3010
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012E3090 NtSetValueKey,5_2_012E3090
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012E39B0 NtGetContextThread,5_2_012E39B0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012E3D10 NtOpenProcessToken,5_2_012E3D10
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012E3D70 NtOpenThread,5_2_012E3D70
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeCode function: 0_2_02AB13780_2_02AB1378
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeCode function: 0_2_02AB26710_2_02AB2671
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeCode function: 0_2_02AB35980_2_02AB3598
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeCode function: 0_2_02AB1BD00_2_02AB1BD0
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeCode function: 0_2_02AB52F80_2_02AB52F8
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeCode function: 0_2_02AB12F00_2_02AB12F0
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeCode function: 0_2_02AB20D10_2_02AB20D1
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeCode function: 0_2_02AB57200_2_02AB5720
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeCode function: 0_2_02AB57300_2_02AB5730
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeCode function: 0_2_02AB34A10_2_02AB34A1
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeCode function: 0_2_02AB44600_2_02AB4460
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeCode function: 0_2_02AB44700_2_02AB4470
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeCode function: 0_2_02AB5B010_2_02AB5B01
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeCode function: 0_2_02AB5B100_2_02AB5B10
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeCode function: 0_2_02AB58E80_2_02AB58E8
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeCode function: 0_2_02AB58D80_2_02AB58D8
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeCode function: 0_2_02AB08D00_2_02AB08D0
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeCode function: 0_2_02AB4FE80_2_02AB4FE8
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeCode function: 0_2_02AB4FD90_2_02AB4FD9
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeCode function: 0_2_02AB5D000_2_02AB5D00
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeCode function: 0_2_04CE24580_2_04CE2458
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeCode function: 0_2_04CE67C80_2_04CE67C8
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeCode function: 0_2_04CE71580_2_04CE7158
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeCode function: 0_2_04CEACF00_2_04CEACF0
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeCode function: 0_2_04CE244F0_2_04CE244F
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeCode function: 0_2_04CE25EB0_2_04CE25EB
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeCode function: 0_2_04CE67B80_2_04CE67B8
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeCode function: 0_2_04CE00400_2_04CE0040
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeCode function: 0_2_04CEE1C80_2_04CEE1C8
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeCode function: 0_2_04CEE1D80_2_04CEE1D8
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeCode function: 0_2_04CE71480_2_04CE7148
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeCode function: 0_2_04CE01200_2_04CE0120
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeCode function: 0_2_04CE01300_2_04CE0130
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeCode function: 0_2_04CE02B10_2_04CE02B1
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeCode function: 0_2_04CE620A0_2_04CE620A
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeCode function: 0_2_04CE62180_2_04CE6218
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeCode function: 0_2_04CEACE00_2_04CEACE0
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeCode function: 0_2_04CE0C6B0_2_04CE0C6B
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeCode function: 0_2_04CE0C780_2_04CE0C78
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeCode function: 0_2_04CE2D880_2_04CE2D88
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeCode function: 0_2_04CE2D980_2_04CE2D98
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeCode function: 0_2_04CEDDA00_2_04CEDDA0
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeCode function: 0_2_04CEF8800_2_04CEF880
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeCode function: 0_2_04CE29800_2_04CE2980
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeCode function: 0_2_04CED9580_2_04CED958
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeCode function: 0_2_04CE4BC00_2_04CE4BC0
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeCode function: 0_2_04CE4BB00_2_04CE4BB0
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeCode function: 0_2_052B8B4A0_2_052B8B4A
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeCode function: 0_2_052B6B4C0_2_052B6B4C
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeCode function: 0_2_052B8B580_2_052B8B58
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_004100135_2_00410013
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_004010EA5_2_004010EA
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_004010F05_2_004010F0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0040E0935_2_0040E093
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_004049455_2_00404945
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_004012A05_2_004012A0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_00402B715_2_00402B71
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_004033105_2_00403310
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_00402B805_2_00402B80
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_004014D05_2_004014D0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_004024E05_2_004024E0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0040FDF35_2_0040FDF3
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0041675E5_2_0041675E
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_004167635_2_00416763
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0042D7335_2_0042D733
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_00402F885_2_00402F88
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_00402F905_2_00402F90
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012A01005_2_012A0100
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0134A1185_2_0134A118
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_013381585_2_01338158
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_013641A25_2_013641A2
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_013701AA5_2_013701AA
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_013681CC5_2_013681CC
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_013420005_2_01342000
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0136A3525_2_0136A352
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_013703E65_2_013703E6
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012BE3F05_2_012BE3F0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_013502745_2_01350274
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_013302C05_2_013302C0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012B05355_2_012B0535
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_013705915_2_01370591
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_013544205_2_01354420
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_013624465_2_01362446
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0135E4F65_2_0135E4F6
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012B07705_2_012B0770
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012D47505_2_012D4750
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012AC7C05_2_012AC7C0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012CC6E05_2_012CC6E0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012C69625_2_012C6962
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012B29A05_2_012B29A0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0137A9A65_2_0137A9A6
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012BA8405_2_012BA840
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012B28405_2_012B2840
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012968B85_2_012968B8
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012DE8F05_2_012DE8F0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0136AB405_2_0136AB40
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_01366BD75_2_01366BD7
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012AEA805_2_012AEA80
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012BAD005_2_012BAD00
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0134CD1F5_2_0134CD1F
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012C8DBF5_2_012C8DBF
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012AADE05_2_012AADE0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012B0C005_2_012B0C00
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_01350CB55_2_01350CB5
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012A0CF25_2_012A0CF2
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_01352F305_2_01352F30
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012F2F285_2_012F2F28
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012D0F305_2_012D0F30
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_01324F405_2_01324F40
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0132EFA05_2_0132EFA0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012BCFE05_2_012BCFE0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012A2FC85_2_012A2FC8
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0136EE265_2_0136EE26
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012B0E595_2_012B0E59
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0136CE935_2_0136CE93
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012C2E905_2_012C2E90
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0136EEDB5_2_0136EEDB
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012E516C5_2_012E516C
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0129F1725_2_0129F172
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0137B16B5_2_0137B16B
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012BB1B05_2_012BB1B0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0136F0E05_2_0136F0E0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_013670E95_2_013670E9
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012B70C05_2_012B70C0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0135F0CC5_2_0135F0CC
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0136132D5_2_0136132D
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0129D34C5_2_0129D34C
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012F739A5_2_012F739A
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012B52A05_2_012B52A0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_013512ED5_2_013512ED
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012CB2C05_2_012CB2C0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_013675715_2_01367571
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0134D5B05_2_0134D5B0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0136F43F5_2_0136F43F
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012A14605_2_012A1460
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0136F7B05_2_0136F7B0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_013616CC5_2_013616CC
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_013459105_2_01345910
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012B99505_2_012B9950
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012CB9505_2_012CB950
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0131D8005_2_0131D800
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012B38E05_2_012B38E0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0136FB765_2_0136FB76
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012CFB805_2_012CFB80
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_01325BF05_2_01325BF0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012EDBF95_2_012EDBF9
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_01323A6C5_2_01323A6C
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_01367A465_2_01367A46
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0136FA495_2_0136FA49
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012F5AA05_2_012F5AA0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_01351AA35_2_01351AA3
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0134DAAC5_2_0134DAAC
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0135DAC65_2_0135DAC6
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_01367D735_2_01367D73
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012B3D405_2_012B3D40
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_01361D5A5_2_01361D5A
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012CFDC05_2_012CFDC0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_01329C325_2_01329C32
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0136FCF25_2_0136FCF2
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0136FF095_2_0136FF09
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0136FFB15_2_0136FFB1
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012B1F925_2_012B1F92
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_01273FD55_2_01273FD5
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_01273FD25_2_01273FD2
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012B9EB05_2_012B9EB0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: String function: 0129B970 appears 280 times
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: String function: 012E5130 appears 58 times
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: String function: 012F7E54 appears 102 times
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: String function: 0132F290 appears 105 times
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: String function: 0131EA12 appears 86 times
            Source: PO STS_2184_06_2024.exeStatic PE information: invalid certificate
            Source: PO STS_2184_06_2024.exe, 00000000.00000002.2185411365.0000000000DEE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs PO STS_2184_06_2024.exe
            Source: PO STS_2184_06_2024.exe, 00000000.00000002.2201729243.0000000005310000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs PO STS_2184_06_2024.exe
            Source: PO STS_2184_06_2024.exe, 00000000.00000002.2197738822.0000000004CC0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameRT.dll. vs PO STS_2184_06_2024.exe
            Source: PO STS_2184_06_2024.exe, 00000000.00000000.2142957897.0000000000956000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameAlqG.exe, vs PO STS_2184_06_2024.exe
            Source: PO STS_2184_06_2024.exe, 00000000.00000002.2186793071.0000000002C71000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameRT.dll. vs PO STS_2184_06_2024.exe
            Source: PO STS_2184_06_2024.exeBinary or memory string: OriginalFilenameAlqG.exe, vs PO STS_2184_06_2024.exe
            Source: PO STS_2184_06_2024.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: 5.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 5.2.RegSvcs.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000005.00000002.2630248642.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000005.00000002.2630538405.0000000000D40000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: PO STS_2184_06_2024.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: 0.2.PO STS_2184_06_2024.exe.5310000.13.raw.unpack, mu7XGoSJWJCOu9AiPw.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.PO STS_2184_06_2024.exe.40898e8.9.raw.unpack, fCVoOaCipWKvGri6GG.csSecurity API names: _0020.SetAccessControl
            Source: 0.2.PO STS_2184_06_2024.exe.40898e8.9.raw.unpack, fCVoOaCipWKvGri6GG.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.PO STS_2184_06_2024.exe.40898e8.9.raw.unpack, fCVoOaCipWKvGri6GG.csSecurity API names: _0020.AddAccessRule
            Source: 0.2.PO STS_2184_06_2024.exe.5310000.13.raw.unpack, fCVoOaCipWKvGri6GG.csSecurity API names: _0020.SetAccessControl
            Source: 0.2.PO STS_2184_06_2024.exe.5310000.13.raw.unpack, fCVoOaCipWKvGri6GG.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.PO STS_2184_06_2024.exe.5310000.13.raw.unpack, fCVoOaCipWKvGri6GG.csSecurity API names: _0020.AddAccessRule
            Source: 0.2.PO STS_2184_06_2024.exe.3fc5cc8.8.raw.unpack, fCVoOaCipWKvGri6GG.csSecurity API names: _0020.SetAccessControl
            Source: 0.2.PO STS_2184_06_2024.exe.3fc5cc8.8.raw.unpack, fCVoOaCipWKvGri6GG.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.PO STS_2184_06_2024.exe.3fc5cc8.8.raw.unpack, fCVoOaCipWKvGri6GG.csSecurity API names: _0020.AddAccessRule
            Source: 0.2.PO STS_2184_06_2024.exe.40898e8.9.raw.unpack, mu7XGoSJWJCOu9AiPw.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.PO STS_2184_06_2024.exe.3fc5cc8.8.raw.unpack, mu7XGoSJWJCOu9AiPw.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.PO STS_2184_06_2024.exe.2f426e0.1.raw.unpack, ReactionVessel.csSuspicious method names: .ReactionVessel.Inject
            Source: 0.2.PO STS_2184_06_2024.exe.2f618ac.4.raw.unpack, ReactionVessel.csSuspicious method names: .ReactionVessel.Inject
            Source: 0.2.PO STS_2184_06_2024.exe.4d00000.12.raw.unpack, ReactionVessel.csSuspicious method names: .ReactionVessel.Inject
            Source: classification engineClassification label: mal100.troj.evad.winEXE@6/6@0/0
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\PO STS_2184_06_2024.exe.logJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3516:120:WilError_03
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4rgiecup.p4s.ps1Jump to behavior
            Source: PO STS_2184_06_2024.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: PO STS_2184_06_2024.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.98%
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: PO STS_2184_06_2024.exeReversingLabs: Detection: 31%
            Source: unknownProcess created: C:\Users\user\Desktop\PO STS_2184_06_2024.exe "C:\Users\user\Desktop\PO STS_2184_06_2024.exe"
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\PO STS_2184_06_2024.exe"
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\PO STS_2184_06_2024.exe"Jump to behavior
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"Jump to behavior
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeSection loaded: dwrite.dllJump to behavior
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeSection loaded: windowscodecs.dllJump to behavior
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeSection loaded: edputil.dllJump to behavior
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeSection loaded: urlmon.dllJump to behavior
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeSection loaded: windows.staterepositoryps.dllJump to behavior
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeSection loaded: appresolver.dllJump to behavior
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeSection loaded: bcp47langs.dllJump to behavior
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeSection loaded: slc.dllJump to behavior
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeSection loaded: sppc.dllJump to behavior
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeSection loaded: onecorecommonproxystub.dllJump to behavior
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
            Source: Window RecorderWindow detected: More than 3 window changes detected
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
            Source: PO STS_2184_06_2024.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
            Source: PO STS_2184_06_2024.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
            Source: PO STS_2184_06_2024.exeStatic file information: File size 1101320 > 1048576
            Source: PO STS_2184_06_2024.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x103000
            Source: PO STS_2184_06_2024.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: Binary string: wntdll.pdbUGP source: RegSvcs.exe, 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: RegSvcs.exe, RegSvcs.exe, 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp

            Data Obfuscation

            barindex
            Detected unpacking (changes PE section rights)
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeUnpacked PE file: 0.2.PO STS_2184_06_2024.exe.850000.0.unpack .text:ER;.rsrc:R;.reloc:R; vs Unknown_Section0:ER;Unknown_Section1:R;Unknown_Section2:R;
            Detected unpacking (overwrites its own PE header)
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeUnpacked PE file: 0.2.PO STS_2184_06_2024.exe.850000.0.unpack
            .NET source code contains potential unpacker
            Source: 0.2.PO STS_2184_06_2024.exe.4cc0000.10.raw.unpack, -Module-.cs.Net Code: _200D_200D_202B_206F_206A_206B_202B_200B_200D_206D_200C_206B_206A_200B_202E_200C_200E_202A_200E_206D_206F_202D_206F_206D_206C_200F_206A_202D_206C_202B_206A_206F_202A_206A_200E_200F_200B_200F_202E_202D_202E System.Reflection.Assembly.Load(byte[])
            Source: 0.2.PO STS_2184_06_2024.exe.4cc0000.10.raw.unpack, PingPong.cs.Net Code: _206E_206D_206E_206E_202E_202E_200C_206A_202D_206E_200C_202B_200F_206E_200B_202E_200E_202A_202D_200E_200E_200E_200E_202B_200E_202C_200C_200B_202C_202D_200C_202A_200B_200C_206D_206B_202B_202A_202E_200C_202E System.Reflection.Assembly.Load(byte[])
            Source: 0.2.PO STS_2184_06_2024.exe.40898e8.9.raw.unpack, fCVoOaCipWKvGri6GG.cs.Net Code: YDdGB0QSNY System.Reflection.Assembly.Load(byte[])
            Source: 0.2.PO STS_2184_06_2024.exe.5310000.13.raw.unpack, fCVoOaCipWKvGri6GG.cs.Net Code: YDdGB0QSNY System.Reflection.Assembly.Load(byte[])
            Source: 0.2.PO STS_2184_06_2024.exe.2c9ab9c.2.raw.unpack, -Module-.cs.Net Code: _200D_200D_202B_206F_206A_206B_202B_200B_200D_206D_200C_206B_206A_200B_202E_200C_200E_202A_200E_206D_206F_202D_206F_206D_206C_200F_206A_202D_206C_202B_206A_206F_202A_206A_200E_200F_200B_200F_202E_202D_202E System.Reflection.Assembly.Load(byte[])
            Source: 0.2.PO STS_2184_06_2024.exe.2c9ab9c.2.raw.unpack, PingPong.cs.Net Code: _206E_206D_206E_206E_202E_202E_200C_206A_202D_206E_200C_202B_200F_206E_200B_202E_200E_202A_202D_200E_200E_200E_200E_202B_200E_202C_200C_200B_202C_202D_200C_202A_200B_200C_206D_206B_202B_202A_202E_200C_202E System.Reflection.Assembly.Load(byte[])
            Source: 0.2.PO STS_2184_06_2024.exe.3fc5cc8.8.raw.unpack, fCVoOaCipWKvGri6GG.cs.Net Code: YDdGB0QSNY System.Reflection.Assembly.Load(byte[])
            Source: PO STS_2184_06_2024.exeStatic PE information: 0xF73DDA15 [Sun Jun 12 13:24:37 2101 UTC]
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeCode function: 0_2_008523C2 push ebx; retf 0_2_008523C3
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeCode function: 0_2_04CE04E8 push esp; ret 0_2_04CE04E9
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeCode function: 0_2_04CE0E81 push 8BBCEB50h; ret 0_2_04CE0E87
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeCode function: 0_2_052B2610 pushfd ; ret 0_2_052B261E
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeCode function: 0_2_052BEFA0 pushfd ; ret 0_2_052BEFAE
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeCode function: 0_2_052BCEE4 push ebp; retf 0_2_052BCEE5
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_00407913 push es; retf 5_2_00407919
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0040A9F2 push edi; retf 5_2_0040A9F9
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_00402181 pushad ; iretd 5_2_004021BB
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0041EA53 pushad ; retf 5_2_0041EA6D
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0041A349 push edx; retf 5_2_0041A359
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_00407BD1 push 0000003Fh; ret 5_2_00407BD3
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0040C40D push esp; ret 5_2_0040C412
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0041A424 push esp; iretd 5_2_0041A425
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0042C543 push esi; retf 5_2_0042C586
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_004035A0 push eax; ret 5_2_004035A2
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_00404E01 push esi; ret 5_2_00404E02
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_004016CF push es; retf 5_2_0040170B
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_004116EF push ebx; ret 5_2_004116FB
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0041E6A8 push ebp; ret 5_2_0041E6B1
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_00401722 push es; retf 5_2_0040170B
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0040CF94 push ecx; retf 5_2_0040CF95
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0127225F pushad ; ret 5_2_012727F9
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012727FA pushad ; ret 5_2_012727F9
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012A09AD push ecx; mov dword ptr [esp], ecx5_2_012A09B6
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0127283D push eax; iretd 5_2_01272858
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_01271368 push eax; iretd 5_2_01271369
            Source: PO STS_2184_06_2024.exeStatic PE information: section name: .text entropy: 7.937755379167963
            Source: 0.2.PO STS_2184_06_2024.exe.40898e8.9.raw.unpack, NHYrlRWa4QED1A3uRc.csHigh entropy of concatenated method names: 'Js7JXVRowI', 'AOGJjMNLLR', 'ut3JGUZRYC', 'PsdJ9XE0Ff', 'DOWJ4d82qW', 'fA8Jy4jKwL', 'vGAJ55eYGj', 'KkaNne70BD', 'QDcNU7g5g2', 'CslN6U3kbs'
            Source: 0.2.PO STS_2184_06_2024.exe.40898e8.9.raw.unpack, Bwb2kBvwJk4lRjQS4A.csHigh entropy of concatenated method names: 'bGxIScHxlv', 'ECwI7LiVMf', 'r45IYkXwLh', 'egOIFRD37j', 'qq9IfWsS7O', 'sVHIZtsH7P', 'u1CI8JjtwM', 'pRMIxOFKd8', 'h2aIKDiT95', 'AduIqpGLyG'
            Source: 0.2.PO STS_2184_06_2024.exe.40898e8.9.raw.unpack, GVClg8UldPcKLrtdsM.csHigh entropy of concatenated method names: 'IDAN9NMPdG', 'TK5N4OTviw', 'QaHNsaegBV', 'slCNywQPF0', 'euaN5WJ8Hm', 'Y1NN2TfG08', 'z2SNCjIJwe', 'sjgNeRMugh', 'GpoNVCoFJR', 'V6tN09sQdg'
            Source: 0.2.PO STS_2184_06_2024.exe.40898e8.9.raw.unpack, tFCbtNXMUNdn3TpUVV1.csHigh entropy of concatenated method names: 'hUFbDagLY6', 'wlibgOAR1J', 'hNObBJadkV', 'NfEbIuawv6bsg4btP3v', 'PltxUrak7oGd2YMgW2Z', 'zVGT3Faef400pqfS9y8'
            Source: 0.2.PO STS_2184_06_2024.exe.40898e8.9.raw.unpack, bfqGFh4XjUuREdrLfN.csHigh entropy of concatenated method names: 'Dispose', 'wQOX67vQ7R', 'ElZMF2UGPw', 'XtxXXKmtTO', 'TYVXWClg8l', 'QPcXzKLrtd', 'ProcessDialogKey', 'gMmM3ITGoU', 'S4ZMXDhZMZ', 'Nc2MMKHYrl'
            Source: 0.2.PO STS_2184_06_2024.exe.40898e8.9.raw.unpack, TITGoU614ZDhZMZKc2.csHigh entropy of concatenated method names: 'SkuNYgcKcd', 'bnXNFk62jv', 'WisNh78exJ', 'De7NfgS7iC', 'm5INds7GEu', 'qEpNZfN606', 'Next', 'Next', 'Next', 'NextBytes'
            Source: 0.2.PO STS_2184_06_2024.exe.40898e8.9.raw.unpack, fCVoOaCipWKvGri6GG.csHigh entropy of concatenated method names: 'Ao3jrvHEx4', 'bhdj9J7PWw', 'nchj4Txfsx', 'oWNjsysXaL', 'L0ZjyVwNCj', 'qOBj51cxXn', 'xb2j2loijj', 'SWojC2FII6', 'dyEjeotMRx', 'exFjVPTZ3X'
            Source: 0.2.PO STS_2184_06_2024.exe.40898e8.9.raw.unpack, mu7XGoSJWJCOu9AiPw.csHigh entropy of concatenated method names: 'iWF4dMtUtj', 'eQZ4lIcFaP', 'Vhs417ZboQ', 'K9R4mo3LUY', 'ypR4cW4ZgC', 'f0c4EAYdco', 'iI54nHn9G3', 'EBW4Uwho8D', 'dKR46MHbgR', 'y1b4WvdeIN'
            Source: 0.2.PO STS_2184_06_2024.exe.40898e8.9.raw.unpack, FhqdRJYZ86nRBlcJwP.csHigh entropy of concatenated method names: 'dQQ5rVtpNC', 'xyO54qFPd3', 'tfs5yt92j8', 'rWo52bvTke', 'unI5Cnivbp', 'hyOycSEiCJ', 'px5yEm0Eo3', 'iAryncrArg', 'cQ2yUqEhLa', 'SDWy6VaeGC'
            Source: 0.2.PO STS_2184_06_2024.exe.40898e8.9.raw.unpack, npnWs27o7xJpTP31xy.csHigh entropy of concatenated method names: 'dvEsOlTcel', 'OdIsuohovJ', 'he5sSyrDoC', 'L6Ds7BMWEE', 'yHTsHdO3b8', 'u33sp00H1u', 'uHJsiH6Lfe', 'T7isNkoU9D', 'e2asJcHX41', 'agQsbTI9mo'
            Source: 0.2.PO STS_2184_06_2024.exe.40898e8.9.raw.unpack, wnh9CZQm2EteRVOnDj.csHigh entropy of concatenated method names: 'Fhu2Dcvhy7', 'V0Z2gYBpbb', 'AlD2BDZYNM', 'tN92OH3GZV', 'mnd2kUIAH6', 'Jy92uNIPND', 'LhV2ArJwFr', 'vVK2S0M5NL', 'fk02751kuH', 'udM2o5c22e'
            Source: 0.2.PO STS_2184_06_2024.exe.40898e8.9.raw.unpack, LerMGmMoMad9YBayEs.csHigh entropy of concatenated method names: 'vNgBZvsn2', 'XMFOG6qop', 'RIUu5ELuQ', 'JO8A6ZTQM', 'yk57kpNy5', 'V2jovtOcK', 'iMus9F2tpIryv9UonK', 'z0giEJZ0yuQjfdcerA', 'yX9NpwZwE', 'ObcbYuCnx'
            Source: 0.2.PO STS_2184_06_2024.exe.40898e8.9.raw.unpack, K2EBysX3tIMPkdTWCKD.csHigh entropy of concatenated method names: 'z8hJDK9Hrd', 'hkgJgwqTq9', 'ihLJBWw5Xr', 'nYWJOs7jrR', 'kWwJkYiC2D', 'lGFJuGbyi2', 'O5wJArkfQX', 'XNbJSLiwya', 'wwUJ7QVJZP', 'fAgJoVVE1I'
            Source: 0.2.PO STS_2184_06_2024.exe.40898e8.9.raw.unpack, dHpQGpsLESwpNDrI7m.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'FCoM6giE3v', 'ug5MWdY1aw', 'sgbMzNvyKk', 'BHxj3CxTcq', 'S5qjXVK09R', 'm8UjMslJF0', 'kgQjjOgLqK', 'dxFrpgO5hsflr6U122l'
            Source: 0.2.PO STS_2184_06_2024.exe.40898e8.9.raw.unpack, uLkiIyEIc7a5QJYcSE.csHigh entropy of concatenated method names: 'kmdiUPqr6I', 'DB3iW4yegc', 'HSuN35sNp8', 'HN7NXfP7iW', 'PeriqGZZ8y', 'M1liLCb8Yx', 'uKEivbD43E', 'nZbidAH5fK', 'cxhilLW4ML', 'MZGi1bqhBT'
            Source: 0.2.PO STS_2184_06_2024.exe.40898e8.9.raw.unpack, oglEhUm3uvyKpd2Kr4.csHigh entropy of concatenated method names: 'HG5iVRL1Z3', 'N1yi0ywkOe', 'ToString', 'NmDi9PC7R4', 'f24i4UsGWd', 'reCispgPBY', 'aJviyXE7bq', 'lxEi5VoU9p', 'Lbai29Nuje', 'xa6iCKQWSk'
            Source: 0.2.PO STS_2184_06_2024.exe.40898e8.9.raw.unpack, dELb50dvlK7JNtBH8e.csHigh entropy of concatenated method names: 'BieHK1i89d', 'yPLHLybFpM', 'T7wHdLK6Nh', 'Ne5Hlcq6oQ', 'qiDHFrSKyh', 'pMOHhmuQ8q', 'rhhHfmSrhx', 'B12HZYnTRS', 'z6wHPlYvhq', 'ghTH8Q1gOZ'
            Source: 0.2.PO STS_2184_06_2024.exe.40898e8.9.raw.unpack, SWBDQtGxgSHnKETHR0.csHigh entropy of concatenated method names: 'ePVX2u7XGo', 'rWJXCCOu9A', 'jo7XVxJpTP', 'a1xX0yOMpy', 'GESXH42ohq', 'QRJXpZ86nR', 'IOTrMNfwK72pEtZP9P', 'BqxGWUiPWDhMGRPpB4', 'oHwXXThwYy', 'DXDXj4QRs8'
            Source: 0.2.PO STS_2184_06_2024.exe.40898e8.9.raw.unpack, vwJSCeXjqyws8fjiNGU.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'uWAbdQkxak', 'EefblocrC6', 'Fbnb1dbmW1', 'FmubmqMr1Z', 'ygdbcCeemg', 'QnrbES1Li0', 'Km0bnG9EKR'
            Source: 0.2.PO STS_2184_06_2024.exe.40898e8.9.raw.unpack, y5wtWv8XyG3cr3dEf3.csHigh entropy of concatenated method names: 'r6C29BIwPS', 'OvK2sNxr9U', 'Mge25QPHle', 'qm35WgD5fi', 'hai5zyYhLD', 'hbe23DkXIC', 'Ut12XJJyuG', 'JFW2MpY9qR', 'raT2jG4gmn', 'Iml2GDBcBE'
            Source: 0.2.PO STS_2184_06_2024.exe.40898e8.9.raw.unpack, AMpyycoU8gJMYYES42.csHigh entropy of concatenated method names: 'k84ykt88Hu', 'eGHyAyilZb', 'J7IshRyrkV', 'rYisfNfXZ1', 'shasZoVXXE', 'muQsPIxlCY', 'ITSs8N6aPp', 'GVSsxQ65ty', 'Rh5sQEEslO', 'rs0sKGdC96'
            Source: 0.2.PO STS_2184_06_2024.exe.5310000.13.raw.unpack, NHYrlRWa4QED1A3uRc.csHigh entropy of concatenated method names: 'Js7JXVRowI', 'AOGJjMNLLR', 'ut3JGUZRYC', 'PsdJ9XE0Ff', 'DOWJ4d82qW', 'fA8Jy4jKwL', 'vGAJ55eYGj', 'KkaNne70BD', 'QDcNU7g5g2', 'CslN6U3kbs'
            Source: 0.2.PO STS_2184_06_2024.exe.5310000.13.raw.unpack, Bwb2kBvwJk4lRjQS4A.csHigh entropy of concatenated method names: 'bGxIScHxlv', 'ECwI7LiVMf', 'r45IYkXwLh', 'egOIFRD37j', 'qq9IfWsS7O', 'sVHIZtsH7P', 'u1CI8JjtwM', 'pRMIxOFKd8', 'h2aIKDiT95', 'AduIqpGLyG'
            Source: 0.2.PO STS_2184_06_2024.exe.5310000.13.raw.unpack, GVClg8UldPcKLrtdsM.csHigh entropy of concatenated method names: 'IDAN9NMPdG', 'TK5N4OTviw', 'QaHNsaegBV', 'slCNywQPF0', 'euaN5WJ8Hm', 'Y1NN2TfG08', 'z2SNCjIJwe', 'sjgNeRMugh', 'GpoNVCoFJR', 'V6tN09sQdg'
            Source: 0.2.PO STS_2184_06_2024.exe.5310000.13.raw.unpack, tFCbtNXMUNdn3TpUVV1.csHigh entropy of concatenated method names: 'hUFbDagLY6', 'wlibgOAR1J', 'hNObBJadkV', 'NfEbIuawv6bsg4btP3v', 'PltxUrak7oGd2YMgW2Z', 'zVGT3Faef400pqfS9y8'
            Source: 0.2.PO STS_2184_06_2024.exe.5310000.13.raw.unpack, bfqGFh4XjUuREdrLfN.csHigh entropy of concatenated method names: 'Dispose', 'wQOX67vQ7R', 'ElZMF2UGPw', 'XtxXXKmtTO', 'TYVXWClg8l', 'QPcXzKLrtd', 'ProcessDialogKey', 'gMmM3ITGoU', 'S4ZMXDhZMZ', 'Nc2MMKHYrl'
            Source: 0.2.PO STS_2184_06_2024.exe.5310000.13.raw.unpack, TITGoU614ZDhZMZKc2.csHigh entropy of concatenated method names: 'SkuNYgcKcd', 'bnXNFk62jv', 'WisNh78exJ', 'De7NfgS7iC', 'm5INds7GEu', 'qEpNZfN606', 'Next', 'Next', 'Next', 'NextBytes'
            Source: 0.2.PO STS_2184_06_2024.exe.5310000.13.raw.unpack, fCVoOaCipWKvGri6GG.csHigh entropy of concatenated method names: 'Ao3jrvHEx4', 'bhdj9J7PWw', 'nchj4Txfsx', 'oWNjsysXaL', 'L0ZjyVwNCj', 'qOBj51cxXn', 'xb2j2loijj', 'SWojC2FII6', 'dyEjeotMRx', 'exFjVPTZ3X'
            Source: 0.2.PO STS_2184_06_2024.exe.5310000.13.raw.unpack, mu7XGoSJWJCOu9AiPw.csHigh entropy of concatenated method names: 'iWF4dMtUtj', 'eQZ4lIcFaP', 'Vhs417ZboQ', 'K9R4mo3LUY', 'ypR4cW4ZgC', 'f0c4EAYdco', 'iI54nHn9G3', 'EBW4Uwho8D', 'dKR46MHbgR', 'y1b4WvdeIN'
            Source: 0.2.PO STS_2184_06_2024.exe.5310000.13.raw.unpack, FhqdRJYZ86nRBlcJwP.csHigh entropy of concatenated method names: 'dQQ5rVtpNC', 'xyO54qFPd3', 'tfs5yt92j8', 'rWo52bvTke', 'unI5Cnivbp', 'hyOycSEiCJ', 'px5yEm0Eo3', 'iAryncrArg', 'cQ2yUqEhLa', 'SDWy6VaeGC'
            Source: 0.2.PO STS_2184_06_2024.exe.5310000.13.raw.unpack, npnWs27o7xJpTP31xy.csHigh entropy of concatenated method names: 'dvEsOlTcel', 'OdIsuohovJ', 'he5sSyrDoC', 'L6Ds7BMWEE', 'yHTsHdO3b8', 'u33sp00H1u', 'uHJsiH6Lfe', 'T7isNkoU9D', 'e2asJcHX41', 'agQsbTI9mo'
            Source: 0.2.PO STS_2184_06_2024.exe.5310000.13.raw.unpack, wnh9CZQm2EteRVOnDj.csHigh entropy of concatenated method names: 'Fhu2Dcvhy7', 'V0Z2gYBpbb', 'AlD2BDZYNM', 'tN92OH3GZV', 'mnd2kUIAH6', 'Jy92uNIPND', 'LhV2ArJwFr', 'vVK2S0M5NL', 'fk02751kuH', 'udM2o5c22e'
            Source: 0.2.PO STS_2184_06_2024.exe.5310000.13.raw.unpack, LerMGmMoMad9YBayEs.csHigh entropy of concatenated method names: 'vNgBZvsn2', 'XMFOG6qop', 'RIUu5ELuQ', 'JO8A6ZTQM', 'yk57kpNy5', 'V2jovtOcK', 'iMus9F2tpIryv9UonK', 'z0giEJZ0yuQjfdcerA', 'yX9NpwZwE', 'ObcbYuCnx'
            Source: 0.2.PO STS_2184_06_2024.exe.5310000.13.raw.unpack, K2EBysX3tIMPkdTWCKD.csHigh entropy of concatenated method names: 'z8hJDK9Hrd', 'hkgJgwqTq9', 'ihLJBWw5Xr', 'nYWJOs7jrR', 'kWwJkYiC2D', 'lGFJuGbyi2', 'O5wJArkfQX', 'XNbJSLiwya', 'wwUJ7QVJZP', 'fAgJoVVE1I'
            Source: 0.2.PO STS_2184_06_2024.exe.5310000.13.raw.unpack, dHpQGpsLESwpNDrI7m.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'FCoM6giE3v', 'ug5MWdY1aw', 'sgbMzNvyKk', 'BHxj3CxTcq', 'S5qjXVK09R', 'm8UjMslJF0', 'kgQjjOgLqK', 'dxFrpgO5hsflr6U122l'
            Source: 0.2.PO STS_2184_06_2024.exe.5310000.13.raw.unpack, uLkiIyEIc7a5QJYcSE.csHigh entropy of concatenated method names: 'kmdiUPqr6I', 'DB3iW4yegc', 'HSuN35sNp8', 'HN7NXfP7iW', 'PeriqGZZ8y', 'M1liLCb8Yx', 'uKEivbD43E', 'nZbidAH5fK', 'cxhilLW4ML', 'MZGi1bqhBT'
            Source: 0.2.PO STS_2184_06_2024.exe.5310000.13.raw.unpack, oglEhUm3uvyKpd2Kr4.csHigh entropy of concatenated method names: 'HG5iVRL1Z3', 'N1yi0ywkOe', 'ToString', 'NmDi9PC7R4', 'f24i4UsGWd', 'reCispgPBY', 'aJviyXE7bq', 'lxEi5VoU9p', 'Lbai29Nuje', 'xa6iCKQWSk'
            Source: 0.2.PO STS_2184_06_2024.exe.5310000.13.raw.unpack, dELb50dvlK7JNtBH8e.csHigh entropy of concatenated method names: 'BieHK1i89d', 'yPLHLybFpM', 'T7wHdLK6Nh', 'Ne5Hlcq6oQ', 'qiDHFrSKyh', 'pMOHhmuQ8q', 'rhhHfmSrhx', 'B12HZYnTRS', 'z6wHPlYvhq', 'ghTH8Q1gOZ'
            Source: 0.2.PO STS_2184_06_2024.exe.5310000.13.raw.unpack, SWBDQtGxgSHnKETHR0.csHigh entropy of concatenated method names: 'ePVX2u7XGo', 'rWJXCCOu9A', 'jo7XVxJpTP', 'a1xX0yOMpy', 'GESXH42ohq', 'QRJXpZ86nR', 'IOTrMNfwK72pEtZP9P', 'BqxGWUiPWDhMGRPpB4', 'oHwXXThwYy', 'DXDXj4QRs8'
            Source: 0.2.PO STS_2184_06_2024.exe.5310000.13.raw.unpack, vwJSCeXjqyws8fjiNGU.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'uWAbdQkxak', 'EefblocrC6', 'Fbnb1dbmW1', 'FmubmqMr1Z', 'ygdbcCeemg', 'QnrbES1Li0', 'Km0bnG9EKR'
            Source: 0.2.PO STS_2184_06_2024.exe.5310000.13.raw.unpack, y5wtWv8XyG3cr3dEf3.csHigh entropy of concatenated method names: 'r6C29BIwPS', 'OvK2sNxr9U', 'Mge25QPHle', 'qm35WgD5fi', 'hai5zyYhLD', 'hbe23DkXIC', 'Ut12XJJyuG', 'JFW2MpY9qR', 'raT2jG4gmn', 'Iml2GDBcBE'
            Source: 0.2.PO STS_2184_06_2024.exe.5310000.13.raw.unpack, AMpyycoU8gJMYYES42.csHigh entropy of concatenated method names: 'k84ykt88Hu', 'eGHyAyilZb', 'J7IshRyrkV', 'rYisfNfXZ1', 'shasZoVXXE', 'muQsPIxlCY', 'ITSs8N6aPp', 'GVSsxQ65ty', 'Rh5sQEEslO', 'rs0sKGdC96'
            Source: 0.2.PO STS_2184_06_2024.exe.3fc5cc8.8.raw.unpack, NHYrlRWa4QED1A3uRc.csHigh entropy of concatenated method names: 'Js7JXVRowI', 'AOGJjMNLLR', 'ut3JGUZRYC', 'PsdJ9XE0Ff', 'DOWJ4d82qW', 'fA8Jy4jKwL', 'vGAJ55eYGj', 'KkaNne70BD', 'QDcNU7g5g2', 'CslN6U3kbs'
            Source: 0.2.PO STS_2184_06_2024.exe.3fc5cc8.8.raw.unpack, Bwb2kBvwJk4lRjQS4A.csHigh entropy of concatenated method names: 'bGxIScHxlv', 'ECwI7LiVMf', 'r45IYkXwLh', 'egOIFRD37j', 'qq9IfWsS7O', 'sVHIZtsH7P', 'u1CI8JjtwM', 'pRMIxOFKd8', 'h2aIKDiT95', 'AduIqpGLyG'
            Source: 0.2.PO STS_2184_06_2024.exe.3fc5cc8.8.raw.unpack, GVClg8UldPcKLrtdsM.csHigh entropy of concatenated method names: 'IDAN9NMPdG', 'TK5N4OTviw', 'QaHNsaegBV', 'slCNywQPF0', 'euaN5WJ8Hm', 'Y1NN2TfG08', 'z2SNCjIJwe', 'sjgNeRMugh', 'GpoNVCoFJR', 'V6tN09sQdg'
            Source: 0.2.PO STS_2184_06_2024.exe.3fc5cc8.8.raw.unpack, tFCbtNXMUNdn3TpUVV1.csHigh entropy of concatenated method names: 'hUFbDagLY6', 'wlibgOAR1J', 'hNObBJadkV', 'NfEbIuawv6bsg4btP3v', 'PltxUrak7oGd2YMgW2Z', 'zVGT3Faef400pqfS9y8'
            Source: 0.2.PO STS_2184_06_2024.exe.3fc5cc8.8.raw.unpack, bfqGFh4XjUuREdrLfN.csHigh entropy of concatenated method names: 'Dispose', 'wQOX67vQ7R', 'ElZMF2UGPw', 'XtxXXKmtTO', 'TYVXWClg8l', 'QPcXzKLrtd', 'ProcessDialogKey', 'gMmM3ITGoU', 'S4ZMXDhZMZ', 'Nc2MMKHYrl'
            Source: 0.2.PO STS_2184_06_2024.exe.3fc5cc8.8.raw.unpack, TITGoU614ZDhZMZKc2.csHigh entropy of concatenated method names: 'SkuNYgcKcd', 'bnXNFk62jv', 'WisNh78exJ', 'De7NfgS7iC', 'm5INds7GEu', 'qEpNZfN606', 'Next', 'Next', 'Next', 'NextBytes'
            Source: 0.2.PO STS_2184_06_2024.exe.3fc5cc8.8.raw.unpack, fCVoOaCipWKvGri6GG.csHigh entropy of concatenated method names: 'Ao3jrvHEx4', 'bhdj9J7PWw', 'nchj4Txfsx', 'oWNjsysXaL', 'L0ZjyVwNCj', 'qOBj51cxXn', 'xb2j2loijj', 'SWojC2FII6', 'dyEjeotMRx', 'exFjVPTZ3X'
            Source: 0.2.PO STS_2184_06_2024.exe.3fc5cc8.8.raw.unpack, mu7XGoSJWJCOu9AiPw.csHigh entropy of concatenated method names: 'iWF4dMtUtj', 'eQZ4lIcFaP', 'Vhs417ZboQ', 'K9R4mo3LUY', 'ypR4cW4ZgC', 'f0c4EAYdco', 'iI54nHn9G3', 'EBW4Uwho8D', 'dKR46MHbgR', 'y1b4WvdeIN'
            Source: 0.2.PO STS_2184_06_2024.exe.3fc5cc8.8.raw.unpack, FhqdRJYZ86nRBlcJwP.csHigh entropy of concatenated method names: 'dQQ5rVtpNC', 'xyO54qFPd3', 'tfs5yt92j8', 'rWo52bvTke', 'unI5Cnivbp', 'hyOycSEiCJ', 'px5yEm0Eo3', 'iAryncrArg', 'cQ2yUqEhLa', 'SDWy6VaeGC'
            Source: 0.2.PO STS_2184_06_2024.exe.3fc5cc8.8.raw.unpack, npnWs27o7xJpTP31xy.csHigh entropy of concatenated method names: 'dvEsOlTcel', 'OdIsuohovJ', 'he5sSyrDoC', 'L6Ds7BMWEE', 'yHTsHdO3b8', 'u33sp00H1u', 'uHJsiH6Lfe', 'T7isNkoU9D', 'e2asJcHX41', 'agQsbTI9mo'
            Source: 0.2.PO STS_2184_06_2024.exe.3fc5cc8.8.raw.unpack, wnh9CZQm2EteRVOnDj.csHigh entropy of concatenated method names: 'Fhu2Dcvhy7', 'V0Z2gYBpbb', 'AlD2BDZYNM', 'tN92OH3GZV', 'mnd2kUIAH6', 'Jy92uNIPND', 'LhV2ArJwFr', 'vVK2S0M5NL', 'fk02751kuH', 'udM2o5c22e'
            Source: 0.2.PO STS_2184_06_2024.exe.3fc5cc8.8.raw.unpack, LerMGmMoMad9YBayEs.csHigh entropy of concatenated method names: 'vNgBZvsn2', 'XMFOG6qop', 'RIUu5ELuQ', 'JO8A6ZTQM', 'yk57kpNy5', 'V2jovtOcK', 'iMus9F2tpIryv9UonK', 'z0giEJZ0yuQjfdcerA', 'yX9NpwZwE', 'ObcbYuCnx'
            Source: 0.2.PO STS_2184_06_2024.exe.3fc5cc8.8.raw.unpack, K2EBysX3tIMPkdTWCKD.csHigh entropy of concatenated method names: 'z8hJDK9Hrd', 'hkgJgwqTq9', 'ihLJBWw5Xr', 'nYWJOs7jrR', 'kWwJkYiC2D', 'lGFJuGbyi2', 'O5wJArkfQX', 'XNbJSLiwya', 'wwUJ7QVJZP', 'fAgJoVVE1I'
            Source: 0.2.PO STS_2184_06_2024.exe.3fc5cc8.8.raw.unpack, dHpQGpsLESwpNDrI7m.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'FCoM6giE3v', 'ug5MWdY1aw', 'sgbMzNvyKk', 'BHxj3CxTcq', 'S5qjXVK09R', 'm8UjMslJF0', 'kgQjjOgLqK', 'dxFrpgO5hsflr6U122l'
            Source: 0.2.PO STS_2184_06_2024.exe.3fc5cc8.8.raw.unpack, uLkiIyEIc7a5QJYcSE.csHigh entropy of concatenated method names: 'kmdiUPqr6I', 'DB3iW4yegc', 'HSuN35sNp8', 'HN7NXfP7iW', 'PeriqGZZ8y', 'M1liLCb8Yx', 'uKEivbD43E', 'nZbidAH5fK', 'cxhilLW4ML', 'MZGi1bqhBT'
            Source: 0.2.PO STS_2184_06_2024.exe.3fc5cc8.8.raw.unpack, oglEhUm3uvyKpd2Kr4.csHigh entropy of concatenated method names: 'HG5iVRL1Z3', 'N1yi0ywkOe', 'ToString', 'NmDi9PC7R4', 'f24i4UsGWd', 'reCispgPBY', 'aJviyXE7bq', 'lxEi5VoU9p', 'Lbai29Nuje', 'xa6iCKQWSk'
            Source: 0.2.PO STS_2184_06_2024.exe.3fc5cc8.8.raw.unpack, dELb50dvlK7JNtBH8e.csHigh entropy of concatenated method names: 'BieHK1i89d', 'yPLHLybFpM', 'T7wHdLK6Nh', 'Ne5Hlcq6oQ', 'qiDHFrSKyh', 'pMOHhmuQ8q', 'rhhHfmSrhx', 'B12HZYnTRS', 'z6wHPlYvhq', 'ghTH8Q1gOZ'
            Source: 0.2.PO STS_2184_06_2024.exe.3fc5cc8.8.raw.unpack, SWBDQtGxgSHnKETHR0.csHigh entropy of concatenated method names: 'ePVX2u7XGo', 'rWJXCCOu9A', 'jo7XVxJpTP', 'a1xX0yOMpy', 'GESXH42ohq', 'QRJXpZ86nR', 'IOTrMNfwK72pEtZP9P', 'BqxGWUiPWDhMGRPpB4', 'oHwXXThwYy', 'DXDXj4QRs8'
            Source: 0.2.PO STS_2184_06_2024.exe.3fc5cc8.8.raw.unpack, vwJSCeXjqyws8fjiNGU.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'uWAbdQkxak', 'EefblocrC6', 'Fbnb1dbmW1', 'FmubmqMr1Z', 'ygdbcCeemg', 'QnrbES1Li0', 'Km0bnG9EKR'
            Source: 0.2.PO STS_2184_06_2024.exe.3fc5cc8.8.raw.unpack, y5wtWv8XyG3cr3dEf3.csHigh entropy of concatenated method names: 'r6C29BIwPS', 'OvK2sNxr9U', 'Mge25QPHle', 'qm35WgD5fi', 'hai5zyYhLD', 'hbe23DkXIC', 'Ut12XJJyuG', 'JFW2MpY9qR', 'raT2jG4gmn', 'Iml2GDBcBE'
            Source: 0.2.PO STS_2184_06_2024.exe.3fc5cc8.8.raw.unpack, AMpyycoU8gJMYYES42.csHigh entropy of concatenated method names: 'k84ykt88Hu', 'eGHyAyilZb', 'J7IshRyrkV', 'rYisfNfXZ1', 'shasZoVXXE', 'muQsPIxlCY', 'ITSs8N6aPp', 'GVSsxQ65ty', 'Rh5sQEEslO', 'rs0sKGdC96'

            Hooking and other Techniques for Hiding and Protection

            barindex
            Loading BitLocker PowerShell Module
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

            Malware Analysis System Evasion

            barindex
            Yara detected AntiVM3
            Source: Yara matchFile source: Process Memory Space: PO STS_2184_06_2024.exe PID: 3136, type: MEMORYSTR
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeMemory allocated: 2A70000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeMemory allocated: 2C70000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeMemory allocated: 4C70000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeMemory allocated: 5310000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeMemory allocated: 6310000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeMemory allocated: 6440000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeMemory allocated: 7440000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeMemory allocated: A1C0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeMemory allocated: B1C0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeMemory allocated: B650000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeMemory allocated: C650000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeMemory allocated: D650000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeMemory allocated: E650000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeMemory allocated: F650000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeMemory allocated: 6430000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeMemory allocated: A1C0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeMemory allocated: B650000 memory reserve | memory write watchJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012E096E rdtsc 5_2_012E096E
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3008Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeAPI coverage: 0.7 %
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exe TID: 3212Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6664Thread sleep time: -1844674407370954s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 1216Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess queried: DebugPortJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012E096E rdtsc 5_2_012E096E
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_00417713 LdrLoadDll,5_2_00417713
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012D0124 mov eax, dword ptr fs:[00000030h]5_2_012D0124
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_01360115 mov eax, dword ptr fs:[00000030h]5_2_01360115
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0134A118 mov ecx, dword ptr fs:[00000030h]5_2_0134A118
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0134A118 mov eax, dword ptr fs:[00000030h]5_2_0134A118
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0134A118 mov eax, dword ptr fs:[00000030h]5_2_0134A118
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0134A118 mov eax, dword ptr fs:[00000030h]5_2_0134A118
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0134E10E mov eax, dword ptr fs:[00000030h]5_2_0134E10E
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0134E10E mov ecx, dword ptr fs:[00000030h]5_2_0134E10E
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0134E10E mov eax, dword ptr fs:[00000030h]5_2_0134E10E
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0134E10E mov eax, dword ptr fs:[00000030h]5_2_0134E10E
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0134E10E mov ecx, dword ptr fs:[00000030h]5_2_0134E10E
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0134E10E mov eax, dword ptr fs:[00000030h]5_2_0134E10E
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0134E10E mov eax, dword ptr fs:[00000030h]5_2_0134E10E
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0134E10E mov ecx, dword ptr fs:[00000030h]5_2_0134E10E
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0134E10E mov eax, dword ptr fs:[00000030h]5_2_0134E10E
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0134E10E mov ecx, dword ptr fs:[00000030h]5_2_0134E10E
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_01338158 mov eax, dword ptr fs:[00000030h]5_2_01338158
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_01334144 mov eax, dword ptr fs:[00000030h]5_2_01334144
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_01334144 mov eax, dword ptr fs:[00000030h]5_2_01334144
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_01334144 mov ecx, dword ptr fs:[00000030h]5_2_01334144
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_01334144 mov eax, dword ptr fs:[00000030h]5_2_01334144
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_01334144 mov eax, dword ptr fs:[00000030h]5_2_01334144
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012A6154 mov eax, dword ptr fs:[00000030h]5_2_012A6154
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012A6154 mov eax, dword ptr fs:[00000030h]5_2_012A6154
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0129C156 mov eax, dword ptr fs:[00000030h]5_2_0129C156
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012E0185 mov eax, dword ptr fs:[00000030h]5_2_012E0185
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0132019F mov eax, dword ptr fs:[00000030h]5_2_0132019F
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0132019F mov eax, dword ptr fs:[00000030h]5_2_0132019F
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0132019F mov eax, dword ptr fs:[00000030h]5_2_0132019F
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0132019F mov eax, dword ptr fs:[00000030h]5_2_0132019F
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_01344180 mov eax, dword ptr fs:[00000030h]5_2_01344180
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_01344180 mov eax, dword ptr fs:[00000030h]5_2_01344180
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0135C188 mov eax, dword ptr fs:[00000030h]5_2_0135C188
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0135C188 mov eax, dword ptr fs:[00000030h]5_2_0135C188
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0129A197 mov eax, dword ptr fs:[00000030h]5_2_0129A197
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0129A197 mov eax, dword ptr fs:[00000030h]5_2_0129A197
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0129A197 mov eax, dword ptr fs:[00000030h]5_2_0129A197
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_013761E5 mov eax, dword ptr fs:[00000030h]5_2_013761E5
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012D01F8 mov eax, dword ptr fs:[00000030h]5_2_012D01F8
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0131E1D0 mov eax, dword ptr fs:[00000030h]5_2_0131E1D0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0131E1D0 mov eax, dword ptr fs:[00000030h]5_2_0131E1D0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0131E1D0 mov ecx, dword ptr fs:[00000030h]5_2_0131E1D0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0131E1D0 mov eax, dword ptr fs:[00000030h]5_2_0131E1D0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0131E1D0 mov eax, dword ptr fs:[00000030h]5_2_0131E1D0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_013661C3 mov eax, dword ptr fs:[00000030h]5_2_013661C3
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_013661C3 mov eax, dword ptr fs:[00000030h]5_2_013661C3
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_01336030 mov eax, dword ptr fs:[00000030h]5_2_01336030
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0129A020 mov eax, dword ptr fs:[00000030h]5_2_0129A020
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0129C020 mov eax, dword ptr fs:[00000030h]5_2_0129C020
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_01324000 mov ecx, dword ptr fs:[00000030h]5_2_01324000
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_01342000 mov eax, dword ptr fs:[00000030h]5_2_01342000
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_01342000 mov eax, dword ptr fs:[00000030h]5_2_01342000
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_01342000 mov eax, dword ptr fs:[00000030h]5_2_01342000
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_01342000 mov eax, dword ptr fs:[00000030h]5_2_01342000
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_01342000 mov eax, dword ptr fs:[00000030h]5_2_01342000
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_01342000 mov eax, dword ptr fs:[00000030h]5_2_01342000
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_01342000 mov eax, dword ptr fs:[00000030h]5_2_01342000
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_01342000 mov eax, dword ptr fs:[00000030h]5_2_01342000
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012BE016 mov eax, dword ptr fs:[00000030h]5_2_012BE016
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012BE016 mov eax, dword ptr fs:[00000030h]5_2_012BE016
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012BE016 mov eax, dword ptr fs:[00000030h]5_2_012BE016
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012BE016 mov eax, dword ptr fs:[00000030h]5_2_012BE016
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012CC073 mov eax, dword ptr fs:[00000030h]5_2_012CC073
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_01326050 mov eax, dword ptr fs:[00000030h]5_2_01326050
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012A2050 mov eax, dword ptr fs:[00000030h]5_2_012A2050
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_013660B8 mov eax, dword ptr fs:[00000030h]5_2_013660B8
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_013660B8 mov ecx, dword ptr fs:[00000030h]5_2_013660B8
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_013380A8 mov eax, dword ptr fs:[00000030h]5_2_013380A8
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012A208A mov eax, dword ptr fs:[00000030h]5_2_012A208A
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012A80E9 mov eax, dword ptr fs:[00000030h]5_2_012A80E9
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0129A0E3 mov ecx, dword ptr fs:[00000030h]5_2_0129A0E3
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_013260E0 mov eax, dword ptr fs:[00000030h]5_2_013260E0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0129C0F0 mov eax, dword ptr fs:[00000030h]5_2_0129C0F0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012E20F0 mov ecx, dword ptr fs:[00000030h]5_2_012E20F0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_013220DE mov eax, dword ptr fs:[00000030h]5_2_013220DE
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012DA30B mov eax, dword ptr fs:[00000030h]5_2_012DA30B
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012DA30B mov eax, dword ptr fs:[00000030h]5_2_012DA30B
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012DA30B mov eax, dword ptr fs:[00000030h]5_2_012DA30B
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0129C310 mov ecx, dword ptr fs:[00000030h]5_2_0129C310
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012C0310 mov ecx, dword ptr fs:[00000030h]5_2_012C0310
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0134437C mov eax, dword ptr fs:[00000030h]5_2_0134437C
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0136A352 mov eax, dword ptr fs:[00000030h]5_2_0136A352
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_01348350 mov ecx, dword ptr fs:[00000030h]5_2_01348350
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0132035C mov eax, dword ptr fs:[00000030h]5_2_0132035C
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0132035C mov eax, dword ptr fs:[00000030h]5_2_0132035C
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0132035C mov eax, dword ptr fs:[00000030h]5_2_0132035C
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0132035C mov ecx, dword ptr fs:[00000030h]5_2_0132035C
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0132035C mov eax, dword ptr fs:[00000030h]5_2_0132035C
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0132035C mov eax, dword ptr fs:[00000030h]5_2_0132035C
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_01322349 mov eax, dword ptr fs:[00000030h]5_2_01322349
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_01322349 mov eax, dword ptr fs:[00000030h]5_2_01322349
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_01322349 mov eax, dword ptr fs:[00000030h]5_2_01322349
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_01322349 mov eax, dword ptr fs:[00000030h]5_2_01322349
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_01322349 mov eax, dword ptr fs:[00000030h]5_2_01322349
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_01322349 mov eax, dword ptr fs:[00000030h]5_2_01322349
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_01322349 mov eax, dword ptr fs:[00000030h]5_2_01322349
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_01322349 mov eax, dword ptr fs:[00000030h]5_2_01322349
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_01322349 mov eax, dword ptr fs:[00000030h]5_2_01322349
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_01322349 mov eax, dword ptr fs:[00000030h]5_2_01322349
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_01322349 mov eax, dword ptr fs:[00000030h]5_2_01322349
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_01322349 mov eax, dword ptr fs:[00000030h]5_2_01322349
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_01322349 mov eax, dword ptr fs:[00000030h]5_2_01322349
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_01322349 mov eax, dword ptr fs:[00000030h]5_2_01322349
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_01322349 mov eax, dword ptr fs:[00000030h]5_2_01322349
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0129E388 mov eax, dword ptr fs:[00000030h]5_2_0129E388
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0129E388 mov eax, dword ptr fs:[00000030h]5_2_0129E388
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0129E388 mov eax, dword ptr fs:[00000030h]5_2_0129E388
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012C438F mov eax, dword ptr fs:[00000030h]5_2_012C438F
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012C438F mov eax, dword ptr fs:[00000030h]5_2_012C438F
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_01298397 mov eax, dword ptr fs:[00000030h]5_2_01298397
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_01298397 mov eax, dword ptr fs:[00000030h]5_2_01298397
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_01298397 mov eax, dword ptr fs:[00000030h]5_2_01298397
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012B03E9 mov eax, dword ptr fs:[00000030h]5_2_012B03E9
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012B03E9 mov eax, dword ptr fs:[00000030h]5_2_012B03E9
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012B03E9 mov eax, dword ptr fs:[00000030h]5_2_012B03E9
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012B03E9 mov eax, dword ptr fs:[00000030h]5_2_012B03E9
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012B03E9 mov eax, dword ptr fs:[00000030h]5_2_012B03E9
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012B03E9 mov eax, dword ptr fs:[00000030h]5_2_012B03E9
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012B03E9 mov eax, dword ptr fs:[00000030h]5_2_012B03E9
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012B03E9 mov eax, dword ptr fs:[00000030h]5_2_012B03E9
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012D63FF mov eax, dword ptr fs:[00000030h]5_2_012D63FF
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012BE3F0 mov eax, dword ptr fs:[00000030h]5_2_012BE3F0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012BE3F0 mov eax, dword ptr fs:[00000030h]5_2_012BE3F0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012BE3F0 mov eax, dword ptr fs:[00000030h]5_2_012BE3F0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_013443D4 mov eax, dword ptr fs:[00000030h]5_2_013443D4
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_013443D4 mov eax, dword ptr fs:[00000030h]5_2_013443D4
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012AA3C0 mov eax, dword ptr fs:[00000030h]5_2_012AA3C0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012AA3C0 mov eax, dword ptr fs:[00000030h]5_2_012AA3C0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012AA3C0 mov eax, dword ptr fs:[00000030h]5_2_012AA3C0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012AA3C0 mov eax, dword ptr fs:[00000030h]5_2_012AA3C0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012AA3C0 mov eax, dword ptr fs:[00000030h]5_2_012AA3C0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012AA3C0 mov eax, dword ptr fs:[00000030h]5_2_012AA3C0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012A83C0 mov eax, dword ptr fs:[00000030h]5_2_012A83C0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012A83C0 mov eax, dword ptr fs:[00000030h]5_2_012A83C0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012A83C0 mov eax, dword ptr fs:[00000030h]5_2_012A83C0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012A83C0 mov eax, dword ptr fs:[00000030h]5_2_012A83C0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0134E3DB mov eax, dword ptr fs:[00000030h]5_2_0134E3DB
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0134E3DB mov eax, dword ptr fs:[00000030h]5_2_0134E3DB
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0134E3DB mov ecx, dword ptr fs:[00000030h]5_2_0134E3DB
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0134E3DB mov eax, dword ptr fs:[00000030h]5_2_0134E3DB
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_013263C0 mov eax, dword ptr fs:[00000030h]5_2_013263C0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0135C3CD mov eax, dword ptr fs:[00000030h]5_2_0135C3CD
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0129823B mov eax, dword ptr fs:[00000030h]5_2_0129823B
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_01350274 mov eax, dword ptr fs:[00000030h]5_2_01350274
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_01350274 mov eax, dword ptr fs:[00000030h]5_2_01350274
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_01350274 mov eax, dword ptr fs:[00000030h]5_2_01350274
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_01350274 mov eax, dword ptr fs:[00000030h]5_2_01350274
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_01350274 mov eax, dword ptr fs:[00000030h]5_2_01350274
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_01350274 mov eax, dword ptr fs:[00000030h]5_2_01350274
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_01350274 mov eax, dword ptr fs:[00000030h]5_2_01350274
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_01350274 mov eax, dword ptr fs:[00000030h]5_2_01350274
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_01350274 mov eax, dword ptr fs:[00000030h]5_2_01350274
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_01350274 mov eax, dword ptr fs:[00000030h]5_2_01350274
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_01350274 mov eax, dword ptr fs:[00000030h]5_2_01350274
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_01350274 mov eax, dword ptr fs:[00000030h]5_2_01350274
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0129826B mov eax, dword ptr fs:[00000030h]5_2_0129826B
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012A4260 mov eax, dword ptr fs:[00000030h]5_2_012A4260
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012A4260 mov eax, dword ptr fs:[00000030h]5_2_012A4260
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012A4260 mov eax, dword ptr fs:[00000030h]5_2_012A4260
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0135A250 mov eax, dword ptr fs:[00000030h]5_2_0135A250
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0135A250 mov eax, dword ptr fs:[00000030h]5_2_0135A250
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_01328243 mov eax, dword ptr fs:[00000030h]5_2_01328243
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_01328243 mov ecx, dword ptr fs:[00000030h]5_2_01328243
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012A6259 mov eax, dword ptr fs:[00000030h]5_2_012A6259
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0129A250 mov eax, dword ptr fs:[00000030h]5_2_0129A250
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_013362A0 mov eax, dword ptr fs:[00000030h]5_2_013362A0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_013362A0 mov ecx, dword ptr fs:[00000030h]5_2_013362A0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_013362A0 mov eax, dword ptr fs:[00000030h]5_2_013362A0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_013362A0 mov eax, dword ptr fs:[00000030h]5_2_013362A0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_013362A0 mov eax, dword ptr fs:[00000030h]5_2_013362A0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_013362A0 mov eax, dword ptr fs:[00000030h]5_2_013362A0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012DE284 mov eax, dword ptr fs:[00000030h]5_2_012DE284
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012DE284 mov eax, dword ptr fs:[00000030h]5_2_012DE284
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_01320283 mov eax, dword ptr fs:[00000030h]5_2_01320283
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_01320283 mov eax, dword ptr fs:[00000030h]5_2_01320283
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_01320283 mov eax, dword ptr fs:[00000030h]5_2_01320283
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012B02E1 mov eax, dword ptr fs:[00000030h]5_2_012B02E1
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012B02E1 mov eax, dword ptr fs:[00000030h]5_2_012B02E1
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012B02E1 mov eax, dword ptr fs:[00000030h]5_2_012B02E1
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012AA2C3 mov eax, dword ptr fs:[00000030h]5_2_012AA2C3
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012AA2C3 mov eax, dword ptr fs:[00000030h]5_2_012AA2C3
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012AA2C3 mov eax, dword ptr fs:[00000030h]5_2_012AA2C3
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012AA2C3 mov eax, dword ptr fs:[00000030h]5_2_012AA2C3
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012AA2C3 mov eax, dword ptr fs:[00000030h]5_2_012AA2C3
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012CE53E mov eax, dword ptr fs:[00000030h]5_2_012CE53E
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012CE53E mov eax, dword ptr fs:[00000030h]5_2_012CE53E
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012CE53E mov eax, dword ptr fs:[00000030h]5_2_012CE53E
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012CE53E mov eax, dword ptr fs:[00000030h]5_2_012CE53E
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012CE53E mov eax, dword ptr fs:[00000030h]5_2_012CE53E
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012B0535 mov eax, dword ptr fs:[00000030h]5_2_012B0535
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012B0535 mov eax, dword ptr fs:[00000030h]5_2_012B0535
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012B0535 mov eax, dword ptr fs:[00000030h]5_2_012B0535
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012B0535 mov eax, dword ptr fs:[00000030h]5_2_012B0535
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012B0535 mov eax, dword ptr fs:[00000030h]5_2_012B0535
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012B0535 mov eax, dword ptr fs:[00000030h]5_2_012B0535
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_01336500 mov eax, dword ptr fs:[00000030h]5_2_01336500
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_01374500 mov eax, dword ptr fs:[00000030h]5_2_01374500
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_01374500 mov eax, dword ptr fs:[00000030h]5_2_01374500
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_01374500 mov eax, dword ptr fs:[00000030h]5_2_01374500
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_01374500 mov eax, dword ptr fs:[00000030h]5_2_01374500
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_01374500 mov eax, dword ptr fs:[00000030h]5_2_01374500
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_01374500 mov eax, dword ptr fs:[00000030h]5_2_01374500
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_01374500 mov eax, dword ptr fs:[00000030h]5_2_01374500
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012D656A mov eax, dword ptr fs:[00000030h]5_2_012D656A
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012D656A mov eax, dword ptr fs:[00000030h]5_2_012D656A
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012D656A mov eax, dword ptr fs:[00000030h]5_2_012D656A
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012A8550 mov eax, dword ptr fs:[00000030h]5_2_012A8550
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012A8550 mov eax, dword ptr fs:[00000030h]5_2_012A8550
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_013205A7 mov eax, dword ptr fs:[00000030h]5_2_013205A7
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_013205A7 mov eax, dword ptr fs:[00000030h]5_2_013205A7
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_013205A7 mov eax, dword ptr fs:[00000030h]5_2_013205A7
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012C45B1 mov eax, dword ptr fs:[00000030h]5_2_012C45B1
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012C45B1 mov eax, dword ptr fs:[00000030h]5_2_012C45B1
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012D4588 mov eax, dword ptr fs:[00000030h]5_2_012D4588
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012A2582 mov eax, dword ptr fs:[00000030h]5_2_012A2582
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012A2582 mov ecx, dword ptr fs:[00000030h]5_2_012A2582
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012DE59C mov eax, dword ptr fs:[00000030h]5_2_012DE59C
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012DC5ED mov eax, dword ptr fs:[00000030h]5_2_012DC5ED
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012DC5ED mov eax, dword ptr fs:[00000030h]5_2_012DC5ED
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012A25E0 mov eax, dword ptr fs:[00000030h]5_2_012A25E0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012CE5E7 mov eax, dword ptr fs:[00000030h]5_2_012CE5E7
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012CE5E7 mov eax, dword ptr fs:[00000030h]5_2_012CE5E7
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012CE5E7 mov eax, dword ptr fs:[00000030h]5_2_012CE5E7
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012CE5E7 mov eax, dword ptr fs:[00000030h]5_2_012CE5E7
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012CE5E7 mov eax, dword ptr fs:[00000030h]5_2_012CE5E7
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012CE5E7 mov eax, dword ptr fs:[00000030h]5_2_012CE5E7
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012CE5E7 mov eax, dword ptr fs:[00000030h]5_2_012CE5E7
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012CE5E7 mov eax, dword ptr fs:[00000030h]5_2_012CE5E7
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012DE5CF mov eax, dword ptr fs:[00000030h]5_2_012DE5CF
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012DE5CF mov eax, dword ptr fs:[00000030h]5_2_012DE5CF
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012A65D0 mov eax, dword ptr fs:[00000030h]5_2_012A65D0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012DA5D0 mov eax, dword ptr fs:[00000030h]5_2_012DA5D0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012DA5D0 mov eax, dword ptr fs:[00000030h]5_2_012DA5D0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0129E420 mov eax, dword ptr fs:[00000030h]5_2_0129E420
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0129E420 mov eax, dword ptr fs:[00000030h]5_2_0129E420
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0129E420 mov eax, dword ptr fs:[00000030h]5_2_0129E420
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0129C427 mov eax, dword ptr fs:[00000030h]5_2_0129C427
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_01326420 mov eax, dword ptr fs:[00000030h]5_2_01326420
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_01326420 mov eax, dword ptr fs:[00000030h]5_2_01326420
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_01326420 mov eax, dword ptr fs:[00000030h]5_2_01326420
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_01326420 mov eax, dword ptr fs:[00000030h]5_2_01326420
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_01326420 mov eax, dword ptr fs:[00000030h]5_2_01326420
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_01326420 mov eax, dword ptr fs:[00000030h]5_2_01326420
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_01326420 mov eax, dword ptr fs:[00000030h]5_2_01326420
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012DA430 mov eax, dword ptr fs:[00000030h]5_2_012DA430
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012D8402 mov eax, dword ptr fs:[00000030h]5_2_012D8402
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012D8402 mov eax, dword ptr fs:[00000030h]5_2_012D8402
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012D8402 mov eax, dword ptr fs:[00000030h]5_2_012D8402
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0132C460 mov ecx, dword ptr fs:[00000030h]5_2_0132C460
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012CA470 mov eax, dword ptr fs:[00000030h]5_2_012CA470
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012CA470 mov eax, dword ptr fs:[00000030h]5_2_012CA470
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012CA470 mov eax, dword ptr fs:[00000030h]5_2_012CA470
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0135A456 mov eax, dword ptr fs:[00000030h]5_2_0135A456
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012DE443 mov eax, dword ptr fs:[00000030h]5_2_012DE443
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012DE443 mov eax, dword ptr fs:[00000030h]5_2_012DE443
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012DE443 mov eax, dword ptr fs:[00000030h]5_2_012DE443
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012DE443 mov eax, dword ptr fs:[00000030h]5_2_012DE443
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012DE443 mov eax, dword ptr fs:[00000030h]5_2_012DE443
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012DE443 mov eax, dword ptr fs:[00000030h]5_2_012DE443
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012DE443 mov eax, dword ptr fs:[00000030h]5_2_012DE443
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012DE443 mov eax, dword ptr fs:[00000030h]5_2_012DE443
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0129645D mov eax, dword ptr fs:[00000030h]5_2_0129645D
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012C245A mov eax, dword ptr fs:[00000030h]5_2_012C245A
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012A64AB mov eax, dword ptr fs:[00000030h]5_2_012A64AB
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0132A4B0 mov eax, dword ptr fs:[00000030h]5_2_0132A4B0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012D44B0 mov ecx, dword ptr fs:[00000030h]5_2_012D44B0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0135A49A mov eax, dword ptr fs:[00000030h]5_2_0135A49A
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012A04E5 mov ecx, dword ptr fs:[00000030h]5_2_012A04E5
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0131C730 mov eax, dword ptr fs:[00000030h]5_2_0131C730
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012DC720 mov eax, dword ptr fs:[00000030h]5_2_012DC720
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012DC720 mov eax, dword ptr fs:[00000030h]5_2_012DC720
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012D273C mov eax, dword ptr fs:[00000030h]5_2_012D273C
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012D273C mov ecx, dword ptr fs:[00000030h]5_2_012D273C
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012D273C mov eax, dword ptr fs:[00000030h]5_2_012D273C
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012DC700 mov eax, dword ptr fs:[00000030h]5_2_012DC700
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012A0710 mov eax, dword ptr fs:[00000030h]5_2_012A0710
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012D0710 mov eax, dword ptr fs:[00000030h]5_2_012D0710
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012A8770 mov eax, dword ptr fs:[00000030h]5_2_012A8770
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012B0770 mov eax, dword ptr fs:[00000030h]5_2_012B0770
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012B0770 mov eax, dword ptr fs:[00000030h]5_2_012B0770
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012B0770 mov eax, dword ptr fs:[00000030h]5_2_012B0770
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012B0770 mov eax, dword ptr fs:[00000030h]5_2_012B0770
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012B0770 mov eax, dword ptr fs:[00000030h]5_2_012B0770
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012B0770 mov eax, dword ptr fs:[00000030h]5_2_012B0770
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012B0770 mov eax, dword ptr fs:[00000030h]5_2_012B0770
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012B0770 mov eax, dword ptr fs:[00000030h]5_2_012B0770
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012B0770 mov eax, dword ptr fs:[00000030h]5_2_012B0770
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012B0770 mov eax, dword ptr fs:[00000030h]5_2_012B0770
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012B0770 mov eax, dword ptr fs:[00000030h]5_2_012B0770
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012B0770 mov eax, dword ptr fs:[00000030h]5_2_012B0770
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012D674D mov esi, dword ptr fs:[00000030h]5_2_012D674D
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012D674D mov eax, dword ptr fs:[00000030h]5_2_012D674D
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012D674D mov eax, dword ptr fs:[00000030h]5_2_012D674D
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_01324755 mov eax, dword ptr fs:[00000030h]5_2_01324755
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0132E75D mov eax, dword ptr fs:[00000030h]5_2_0132E75D
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012A0750 mov eax, dword ptr fs:[00000030h]5_2_012A0750
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012E2750 mov eax, dword ptr fs:[00000030h]5_2_012E2750
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012E2750 mov eax, dword ptr fs:[00000030h]5_2_012E2750
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012A07AF mov eax, dword ptr fs:[00000030h]5_2_012A07AF
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_013547A0 mov eax, dword ptr fs:[00000030h]5_2_013547A0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0134678E mov eax, dword ptr fs:[00000030h]5_2_0134678E
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012C27ED mov eax, dword ptr fs:[00000030h]5_2_012C27ED
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012C27ED mov eax, dword ptr fs:[00000030h]5_2_012C27ED
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012C27ED mov eax, dword ptr fs:[00000030h]5_2_012C27ED
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012A47FB mov eax, dword ptr fs:[00000030h]5_2_012A47FB
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012A47FB mov eax, dword ptr fs:[00000030h]5_2_012A47FB
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0132E7E1 mov eax, dword ptr fs:[00000030h]5_2_0132E7E1
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012AC7C0 mov eax, dword ptr fs:[00000030h]5_2_012AC7C0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_013207C3 mov eax, dword ptr fs:[00000030h]5_2_013207C3
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012A262C mov eax, dword ptr fs:[00000030h]5_2_012A262C
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012BE627 mov eax, dword ptr fs:[00000030h]5_2_012BE627
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012D6620 mov eax, dword ptr fs:[00000030h]5_2_012D6620
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012D8620 mov eax, dword ptr fs:[00000030h]5_2_012D8620
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012B260B mov eax, dword ptr fs:[00000030h]5_2_012B260B
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012B260B mov eax, dword ptr fs:[00000030h]5_2_012B260B
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012B260B mov eax, dword ptr fs:[00000030h]5_2_012B260B
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012B260B mov eax, dword ptr fs:[00000030h]5_2_012B260B
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012B260B mov eax, dword ptr fs:[00000030h]5_2_012B260B
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012B260B mov eax, dword ptr fs:[00000030h]5_2_012B260B
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012B260B mov eax, dword ptr fs:[00000030h]5_2_012B260B
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012E2619 mov eax, dword ptr fs:[00000030h]5_2_012E2619
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0131E609 mov eax, dword ptr fs:[00000030h]5_2_0131E609
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012DA660 mov eax, dword ptr fs:[00000030h]5_2_012DA660
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012DA660 mov eax, dword ptr fs:[00000030h]5_2_012DA660
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0136866E mov eax, dword ptr fs:[00000030h]5_2_0136866E
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0136866E mov eax, dword ptr fs:[00000030h]5_2_0136866E
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012D2674 mov eax, dword ptr fs:[00000030h]5_2_012D2674
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012BC640 mov eax, dword ptr fs:[00000030h]5_2_012BC640
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012DC6A6 mov eax, dword ptr fs:[00000030h]5_2_012DC6A6
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012D66B0 mov eax, dword ptr fs:[00000030h]5_2_012D66B0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012A4690 mov eax, dword ptr fs:[00000030h]5_2_012A4690
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012A4690 mov eax, dword ptr fs:[00000030h]5_2_012A4690
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0131E6F2 mov eax, dword ptr fs:[00000030h]5_2_0131E6F2
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0131E6F2 mov eax, dword ptr fs:[00000030h]5_2_0131E6F2
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0131E6F2 mov eax, dword ptr fs:[00000030h]5_2_0131E6F2
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0131E6F2 mov eax, dword ptr fs:[00000030h]5_2_0131E6F2
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_013206F1 mov eax, dword ptr fs:[00000030h]5_2_013206F1
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_013206F1 mov eax, dword ptr fs:[00000030h]5_2_013206F1
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012DA6C7 mov ebx, dword ptr fs:[00000030h]5_2_012DA6C7
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012DA6C7 mov eax, dword ptr fs:[00000030h]5_2_012DA6C7
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0132892A mov eax, dword ptr fs:[00000030h]5_2_0132892A
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0133892B mov eax, dword ptr fs:[00000030h]5_2_0133892B
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0132C912 mov eax, dword ptr fs:[00000030h]5_2_0132C912
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_01298918 mov eax, dword ptr fs:[00000030h]5_2_01298918
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_01298918 mov eax, dword ptr fs:[00000030h]5_2_01298918
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0131E908 mov eax, dword ptr fs:[00000030h]5_2_0131E908
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0131E908 mov eax, dword ptr fs:[00000030h]5_2_0131E908
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012E096E mov eax, dword ptr fs:[00000030h]5_2_012E096E
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012E096E mov edx, dword ptr fs:[00000030h]5_2_012E096E
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012E096E mov eax, dword ptr fs:[00000030h]5_2_012E096E
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_01344978 mov eax, dword ptr fs:[00000030h]5_2_01344978
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_01344978 mov eax, dword ptr fs:[00000030h]5_2_01344978
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012C6962 mov eax, dword ptr fs:[00000030h]5_2_012C6962
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012C6962 mov eax, dword ptr fs:[00000030h]5_2_012C6962
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012C6962 mov eax, dword ptr fs:[00000030h]5_2_012C6962
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0132C97C mov eax, dword ptr fs:[00000030h]5_2_0132C97C
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_01320946 mov eax, dword ptr fs:[00000030h]5_2_01320946
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_013289B3 mov esi, dword ptr fs:[00000030h]5_2_013289B3
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_013289B3 mov eax, dword ptr fs:[00000030h]5_2_013289B3
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_013289B3 mov eax, dword ptr fs:[00000030h]5_2_013289B3
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012A09AD mov eax, dword ptr fs:[00000030h]5_2_012A09AD
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012A09AD mov eax, dword ptr fs:[00000030h]5_2_012A09AD
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012B29A0 mov eax, dword ptr fs:[00000030h]5_2_012B29A0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012B29A0 mov eax, dword ptr fs:[00000030h]5_2_012B29A0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012B29A0 mov eax, dword ptr fs:[00000030h]5_2_012B29A0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012B29A0 mov eax, dword ptr fs:[00000030h]5_2_012B29A0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012B29A0 mov eax, dword ptr fs:[00000030h]5_2_012B29A0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012B29A0 mov eax, dword ptr fs:[00000030h]5_2_012B29A0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012B29A0 mov eax, dword ptr fs:[00000030h]5_2_012B29A0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012B29A0 mov eax, dword ptr fs:[00000030h]5_2_012B29A0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012B29A0 mov eax, dword ptr fs:[00000030h]5_2_012B29A0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012B29A0 mov eax, dword ptr fs:[00000030h]5_2_012B29A0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012B29A0 mov eax, dword ptr fs:[00000030h]5_2_012B29A0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012B29A0 mov eax, dword ptr fs:[00000030h]5_2_012B29A0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012B29A0 mov eax, dword ptr fs:[00000030h]5_2_012B29A0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0132E9E0 mov eax, dword ptr fs:[00000030h]5_2_0132E9E0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012D29F9 mov eax, dword ptr fs:[00000030h]5_2_012D29F9
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012D29F9 mov eax, dword ptr fs:[00000030h]5_2_012D29F9
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0136A9D3 mov eax, dword ptr fs:[00000030h]5_2_0136A9D3
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_013369C0 mov eax, dword ptr fs:[00000030h]5_2_013369C0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012AA9D0 mov eax, dword ptr fs:[00000030h]5_2_012AA9D0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012AA9D0 mov eax, dword ptr fs:[00000030h]5_2_012AA9D0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012AA9D0 mov eax, dword ptr fs:[00000030h]5_2_012AA9D0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012AA9D0 mov eax, dword ptr fs:[00000030h]5_2_012AA9D0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012AA9D0 mov eax, dword ptr fs:[00000030h]5_2_012AA9D0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012AA9D0 mov eax, dword ptr fs:[00000030h]5_2_012AA9D0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012D49D0 mov eax, dword ptr fs:[00000030h]5_2_012D49D0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0134483A mov eax, dword ptr fs:[00000030h]5_2_0134483A
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0134483A mov eax, dword ptr fs:[00000030h]5_2_0134483A
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012C2835 mov eax, dword ptr fs:[00000030h]5_2_012C2835
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012C2835 mov eax, dword ptr fs:[00000030h]5_2_012C2835
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012C2835 mov eax, dword ptr fs:[00000030h]5_2_012C2835
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012C2835 mov ecx, dword ptr fs:[00000030h]5_2_012C2835
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012C2835 mov eax, dword ptr fs:[00000030h]5_2_012C2835
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012C2835 mov eax, dword ptr fs:[00000030h]5_2_012C2835
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012DA830 mov eax, dword ptr fs:[00000030h]5_2_012DA830
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0132C810 mov eax, dword ptr fs:[00000030h]5_2_0132C810
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0132E872 mov eax, dword ptr fs:[00000030h]5_2_0132E872
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0132E872 mov eax, dword ptr fs:[00000030h]5_2_0132E872
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_01336870 mov eax, dword ptr fs:[00000030h]5_2_01336870
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_01336870 mov eax, dword ptr fs:[00000030h]5_2_01336870
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012B2840 mov ecx, dword ptr fs:[00000030h]5_2_012B2840
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012A4859 mov eax, dword ptr fs:[00000030h]5_2_012A4859
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012A4859 mov eax, dword ptr fs:[00000030h]5_2_012A4859
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012D0854 mov eax, dword ptr fs:[00000030h]5_2_012D0854
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012A0887 mov eax, dword ptr fs:[00000030h]5_2_012A0887
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0132C89D mov eax, dword ptr fs:[00000030h]5_2_0132C89D
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0136A8E4 mov eax, dword ptr fs:[00000030h]5_2_0136A8E4
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012DC8F9 mov eax, dword ptr fs:[00000030h]5_2_012DC8F9
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012DC8F9 mov eax, dword ptr fs:[00000030h]5_2_012DC8F9
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012CE8C0 mov eax, dword ptr fs:[00000030h]5_2_012CE8C0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012CEB20 mov eax, dword ptr fs:[00000030h]5_2_012CEB20
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012CEB20 mov eax, dword ptr fs:[00000030h]5_2_012CEB20
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_01368B28 mov eax, dword ptr fs:[00000030h]5_2_01368B28
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_01368B28 mov eax, dword ptr fs:[00000030h]5_2_01368B28
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0131EB1D mov eax, dword ptr fs:[00000030h]5_2_0131EB1D
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0131EB1D mov eax, dword ptr fs:[00000030h]5_2_0131EB1D
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0131EB1D mov eax, dword ptr fs:[00000030h]5_2_0131EB1D
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0131EB1D mov eax, dword ptr fs:[00000030h]5_2_0131EB1D
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0131EB1D mov eax, dword ptr fs:[00000030h]5_2_0131EB1D
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0131EB1D mov eax, dword ptr fs:[00000030h]5_2_0131EB1D
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0131EB1D mov eax, dword ptr fs:[00000030h]5_2_0131EB1D
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0131EB1D mov eax, dword ptr fs:[00000030h]5_2_0131EB1D
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0131EB1D mov eax, dword ptr fs:[00000030h]5_2_0131EB1D
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0129CB7E mov eax, dword ptr fs:[00000030h]5_2_0129CB7E
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0134EB50 mov eax, dword ptr fs:[00000030h]5_2_0134EB50
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_01336B40 mov eax, dword ptr fs:[00000030h]5_2_01336B40
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_01336B40 mov eax, dword ptr fs:[00000030h]5_2_01336B40
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0136AB40 mov eax, dword ptr fs:[00000030h]5_2_0136AB40
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_01348B42 mov eax, dword ptr fs:[00000030h]5_2_01348B42
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_01354B4B mov eax, dword ptr fs:[00000030h]5_2_01354B4B
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_01354B4B mov eax, dword ptr fs:[00000030h]5_2_01354B4B
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_01354BB0 mov eax, dword ptr fs:[00000030h]5_2_01354BB0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_01354BB0 mov eax, dword ptr fs:[00000030h]5_2_01354BB0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012B0BBE mov eax, dword ptr fs:[00000030h]5_2_012B0BBE
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012B0BBE mov eax, dword ptr fs:[00000030h]5_2_012B0BBE
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0132CBF0 mov eax, dword ptr fs:[00000030h]5_2_0132CBF0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012CEBFC mov eax, dword ptr fs:[00000030h]5_2_012CEBFC
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012A8BF0 mov eax, dword ptr fs:[00000030h]5_2_012A8BF0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012A8BF0 mov eax, dword ptr fs:[00000030h]5_2_012A8BF0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012A8BF0 mov eax, dword ptr fs:[00000030h]5_2_012A8BF0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0134EBD0 mov eax, dword ptr fs:[00000030h]5_2_0134EBD0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012C0BCB mov eax, dword ptr fs:[00000030h]5_2_012C0BCB
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012C0BCB mov eax, dword ptr fs:[00000030h]5_2_012C0BCB
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012C0BCB mov eax, dword ptr fs:[00000030h]5_2_012C0BCB
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012A0BCD mov eax, dword ptr fs:[00000030h]5_2_012A0BCD
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012A0BCD mov eax, dword ptr fs:[00000030h]5_2_012A0BCD
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012A0BCD mov eax, dword ptr fs:[00000030h]5_2_012A0BCD
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012CEA2E mov eax, dword ptr fs:[00000030h]5_2_012CEA2E
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012DCA24 mov eax, dword ptr fs:[00000030h]5_2_012DCA24
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012DCA38 mov eax, dword ptr fs:[00000030h]5_2_012DCA38
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012C4A35 mov eax, dword ptr fs:[00000030h]5_2_012C4A35
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012C4A35 mov eax, dword ptr fs:[00000030h]5_2_012C4A35
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0132CA11 mov eax, dword ptr fs:[00000030h]5_2_0132CA11
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012DCA6F mov eax, dword ptr fs:[00000030h]5_2_012DCA6F
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012DCA6F mov eax, dword ptr fs:[00000030h]5_2_012DCA6F
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012DCA6F mov eax, dword ptr fs:[00000030h]5_2_012DCA6F
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0131CA72 mov eax, dword ptr fs:[00000030h]5_2_0131CA72
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0131CA72 mov eax, dword ptr fs:[00000030h]5_2_0131CA72
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_0134EA60 mov eax, dword ptr fs:[00000030h]5_2_0134EA60
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012B0A5B mov eax, dword ptr fs:[00000030h]5_2_012B0A5B
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012B0A5B mov eax, dword ptr fs:[00000030h]5_2_012B0A5B
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012A6A50 mov eax, dword ptr fs:[00000030h]5_2_012A6A50
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012A6A50 mov eax, dword ptr fs:[00000030h]5_2_012A6A50
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012A6A50 mov eax, dword ptr fs:[00000030h]5_2_012A6A50
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012A6A50 mov eax, dword ptr fs:[00000030h]5_2_012A6A50
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012A6A50 mov eax, dword ptr fs:[00000030h]5_2_012A6A50
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012A6A50 mov eax, dword ptr fs:[00000030h]5_2_012A6A50
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012A6A50 mov eax, dword ptr fs:[00000030h]5_2_012A6A50
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012A8AA0 mov eax, dword ptr fs:[00000030h]5_2_012A8AA0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012A8AA0 mov eax, dword ptr fs:[00000030h]5_2_012A8AA0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012F6AA4 mov eax, dword ptr fs:[00000030h]5_2_012F6AA4
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012AEA80 mov eax, dword ptr fs:[00000030h]5_2_012AEA80
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012AEA80 mov eax, dword ptr fs:[00000030h]5_2_012AEA80
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012AEA80 mov eax, dword ptr fs:[00000030h]5_2_012AEA80
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012AEA80 mov eax, dword ptr fs:[00000030h]5_2_012AEA80
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012AEA80 mov eax, dword ptr fs:[00000030h]5_2_012AEA80
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012AEA80 mov eax, dword ptr fs:[00000030h]5_2_012AEA80
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012AEA80 mov eax, dword ptr fs:[00000030h]5_2_012AEA80
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012AEA80 mov eax, dword ptr fs:[00000030h]5_2_012AEA80
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012AEA80 mov eax, dword ptr fs:[00000030h]5_2_012AEA80
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_01374A80 mov eax, dword ptr fs:[00000030h]5_2_01374A80
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012D8A90 mov edx, dword ptr fs:[00000030h]5_2_012D8A90
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012DAAEE mov eax, dword ptr fs:[00000030h]5_2_012DAAEE
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012DAAEE mov eax, dword ptr fs:[00000030h]5_2_012DAAEE
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012F6ACC mov eax, dword ptr fs:[00000030h]5_2_012F6ACC
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012F6ACC mov eax, dword ptr fs:[00000030h]5_2_012F6ACC
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012F6ACC mov eax, dword ptr fs:[00000030h]5_2_012F6ACC
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012A0AD0 mov eax, dword ptr fs:[00000030h]5_2_012A0AD0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012D4AD0 mov eax, dword ptr fs:[00000030h]5_2_012D4AD0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012D4AD0 mov eax, dword ptr fs:[00000030h]5_2_012D4AD0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_01328D20 mov eax, dword ptr fs:[00000030h]5_2_01328D20
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_01358D10 mov eax, dword ptr fs:[00000030h]5_2_01358D10
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_01358D10 mov eax, dword ptr fs:[00000030h]5_2_01358D10
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012BAD00 mov eax, dword ptr fs:[00000030h]5_2_012BAD00
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012BAD00 mov eax, dword ptr fs:[00000030h]5_2_012BAD00
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012BAD00 mov eax, dword ptr fs:[00000030h]5_2_012BAD00
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_012D4D1D mov eax, dword ptr fs:[00000030h]5_2_012D4D1D
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_01296D10 mov eax, dword ptr fs:[00000030h]5_2_01296D10
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 5_2_01296D10 mov eax, dword ptr fs:[00000030h]5_2_01296D10
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeMemory allocated: page read and write | page guardJump to behavior

            HIPS / PFW / Operating System Protection Evasion

            barindex
            Adds a directory exclusion to Windows Defender
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\PO STS_2184_06_2024.exe"
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\PO STS_2184_06_2024.exe"Jump to behavior
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\PO STS_2184_06_2024.exe"Jump to behavior
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"Jump to behavior
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeQueries volume information: C:\Users\user\Desktop\PO STS_2184_06_2024.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\PO STS_2184_06_2024.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

            Stealing of Sensitive Information

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 5.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 5.2.RegSvcs.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000005.00000002.2630248642.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.2630538405.0000000000D40000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

            Remote Access Functionality

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 5.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 5.2.RegSvcs.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000005.00000002.2630248642.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.2630538405.0000000000D40000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
            DLL Side-Loading            		11
            Process Injection            		1
            Masquerading            		OS Credential Dumping2
            Security Software Discovery            		Remote Services1
            Archive Collected Data            		1
            Encrypted Channel            		Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
            DLL Side-Loading            		11
            Disable or Modify Tools            		LSASS Memory1
            Process Discovery            		Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)41
            Virtualization/Sandbox Evasion            		Security Account Manager41
            Virtualization/Sandbox Evasion            		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook11
            Process Injection            		NTDS1
            Application Window Discovery            		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
            Deobfuscate/Decode Files or Information            		LSA Secrets1
            File and Directory Discovery            		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts4
            Obfuscated Files or Information            		Cached Domain Credentials12
            System Information Discovery            		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items32
            Software Packing            		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
            Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
            Timestomp            		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
            Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
            DLL Side-Loading            		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet
            behaviorgraph top1 signatures2 2 Behavior Graph ID: 1467073 Sample: PO STS_2184_06_2024.exe Startdate: 03/07/2024 Architecture: WINDOWS Score: 100 20 Malicious sample detected (through community Yara rule) 2->20 22 Multi AV Scanner detection for submitted file 2->22 24 Detected unpacking (changes PE section rights) 2->24 26 9 other signatures 2->26 7 PO STS_2184_06_2024.exe 4 2->7         started        process3 file4 18 C:\Users\user\...\PO STS_2184_06_2024.exe.log, ASCII 7->18 dropped 28 Adds a directory exclusion to Windows Defender 7->28 11 powershell.exe 23 7->11         started        14 RegSvcs.exe 7->14         started        signatures5 process6 signatures7 30 Loading BitLocker PowerShell Module 11->30 16 conhost.exe 11->16         started        process8

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            PO STS_2184_06_2024.exe32%ReversingLabsByteCode-MSIL.Trojan.Nekark
            PO STS_2184_06_2024.exe100%Joe Sandbox ML

            Dropped Files

            No Antivirus matches

            Unpacked PE Files

            No Antivirus matches

            Domains

            No Antivirus matches

            URLs

            SourceDetectionScannerLabelLink
            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
            https://www.chiark.greenend.org.uk/~sgtatham/putty/00%URL Reputationsafe

            Domains and IPs

            Contacted Domains

            No contacted domains info

            URLs from Memory and Binaries

            NameSourceMaliciousAntivirus DetectionReputation
            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namePO STS_2184_06_2024.exe, 00000000.00000002.2186793071.0000000002C71000.00000004.00000800.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            https://www.chiark.greenend.org.uk/~sgtatham/putty/0PO STS_2184_06_2024.exefalse
            • URL Reputation: safe
            		unknown

            World Map of Contacted IPs

            No contacted IP infos

            General Information

            Joe Sandbox version:40.0.0 Tourmaline
            Analysis ID:1467073
            Start date and time:2024-07-03 17:46:03 +02:00
            Joe Sandbox product:CloudBasic
            Overall analysis duration:0h 7m 15s
            Hypervisor based Inspection enabled:false
            Report type:full
            Cookbook file name:default.jbs
            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
            Number of analysed new started processes analysed:13
            Number of new started drivers analysed:0
            Number of existing processes analysed:0
            Number of existing drivers analysed:0
            Number of injected processes analysed:0
            Technologies:
            • HCA enabled
            • EGA enabled
            • AMSI enabled
            Analysis Mode:default
            Analysis stop reason:Timeout
            Sample name:PO STS_2184_06_2024.exe
            Detection:MAL
            Classification:mal100.troj.evad.winEXE@6/6@0/0
            EGA Information:
            • Successful, ratio: 100%
            HCA Information:
            • Successful, ratio: 95%
            • Number of executed functions: 139
            • Number of non-executed functions: 301
            Cookbook Comments:
            • Found application associated with file extension: .exe

            Warnings

            • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, svchost.exe
            • Excluded domains from analysis (whitelisted): client.wns.windows.com, fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
            • Not all processes where analyzed, report is missing behavior information
            • Report size getting too big, too many NtCreateKey calls found.
            • Report size getting too big, too many NtOpenKeyEx calls found.
            • Report size getting too big, too many NtProtectVirtualMemory calls found.
            • Report size getting too big, too many NtQueryValueKey calls found.
            • VT rate limit hit for: PO STS_2184_06_2024.exe

            Simulations

            Behavior and APIs

            TimeTypeDescription
            11:46:56API Interceptor1x Sleep call for process: PO STS_2184_06_2024.exe modified
            11:47:01API Interceptor13x Sleep call for process: powershell.exe modified
            11:47:42API Interceptor3x Sleep call for process: RegSvcs.exe modified

            Joe Sandbox View / Context

            IPs

            No context

            Domains

            No context

            ASNs

            No context

            JA3 Fingerprints

            No context

            Dropped Files

            No context

            Created / dropped Files

            C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\PO STS_2184_06_2024.exe.log

            Download File
            Process:C:\Users\user\Desktop\PO STS_2184_06_2024.exe
            File Type:ASCII text, with CRLF line terminators
            Category:dropped
            Size (bytes):1216
            Entropy (8bit):5.34331486778365
            Encrypted:false
            SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
            MD5:1330C80CAAC9A0FB172F202485E9B1E8
            SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
            SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
            SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
            Malicious:true
            Reputation:high, very likely benign file
            Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

            C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

            Download File
            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
            File Type:data
            Category:dropped
            Size (bytes):1172
            Entropy (8bit):5.354777075714867
            Encrypted:false
            SSDEEP:24:3gWSKco4KmBs4RPT6BmFoUebIKomjKcmZ9t7J0gt/NKIl9r6dj:QWSU4y4RQmFoUeWmfmZ9tK8NDE
            MD5:92C17FC0DE8449D1E50ED56DBEBAA35D
            SHA1:A617D392757DC7B1BEF28448B72CBD131CF4D0FB
            SHA-256:DA2D2B57AFF1C99E62DD8102CF4DB3F2F0621D687D275BFAF3DB77772131E485
            SHA-512:603922B790E772A480C9BF4CFD621827085B0070131EF29DC283F0E901CF783034384F8815C092D79A6EA5DF382EF78AF5AC3D81EBD118D2D5C1E623CE5553D1
            Malicious:false
            Reputation:moderate, very likely benign file
            Preview:@...e.................................,..............@..........P................1]...E...........(.Microsoft.PowerShell.Commands.ManagementH...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..|f........System.Core.D...............4..7..D.#V.............System.Management.AutomationL.................*gQ?O.....x5.......#.Microsoft.Management.Infrastructure.<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServices4.................%...K... ...........System.Xml..8..................1...L..U;V.<}........System.Numerics.4.....................@.[8]'.\........System.Data.<...............i..VdqF...|...........System.ConfigurationH................WY..2.M.&..g*(g........Microsoft.PowerShell.Security...<...............V.}...@...i...........System.Transactions.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Com

            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2v5dz3v2.ajr.ps1

            Download File
            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
            File Type:ASCII text, with no line terminators
            Category:dropped
            Size (bytes):60
            Entropy (8bit):4.038920595031593
            Encrypted:false
            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
            MD5:D17FE0A3F47BE24A6453E9EF58C94641
            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
            Malicious:false
            Reputation:high, very likely benign file
            Preview:# PowerShell test file to determine AppLocker lockdown mode

            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4rgiecup.p4s.ps1

            Download File
            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
            File Type:ASCII text, with no line terminators
            Category:dropped
            Size (bytes):60
            Entropy (8bit):4.038920595031593
            Encrypted:false
            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
            MD5:D17FE0A3F47BE24A6453E9EF58C94641
            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
            Malicious:false
            Reputation:high, very likely benign file
            Preview:# PowerShell test file to determine AppLocker lockdown mode

            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_jeh12ql5.ely.psm1

            Download File
            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
            File Type:ASCII text, with no line terminators
            Category:dropped
            Size (bytes):60
            Entropy (8bit):4.038920595031593
            Encrypted:false
            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
            MD5:D17FE0A3F47BE24A6453E9EF58C94641
            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
            Malicious:false
            Preview:# PowerShell test file to determine AppLocker lockdown mode

            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_p4eyps3o.gk1.psm1

            Download File
            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
            File Type:ASCII text, with no line terminators
            Category:dropped
            Size (bytes):60
            Entropy (8bit):4.038920595031593
            Encrypted:false
            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
            MD5:D17FE0A3F47BE24A6453E9EF58C94641
            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
            Malicious:false
            Preview:# PowerShell test file to determine AppLocker lockdown mode

            Static File Info

            General

            File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
            Entropy (8bit):7.910276125677802
            TrID:
            • Win32 Executable (generic) Net Framework (10011505/4) 49.98%
            • Win32 Executable (generic) a (10002005/4) 49.93%
            • Windows Screen Saver (13104/52) 0.07%
            • Generic Win/DOS Executable (2004/3) 0.01%
            • DOS Executable Generic (2002/1) 0.01%
            File name:PO STS_2184_06_2024.exe
            File size:1'101'320 bytes
            MD5:f9a3edaa59e9e93035aea302cfdeca9a
            SHA1:ad0e341a060b8e70aedbe56622d872066768dc3a
            SHA256:0d7f81bf5df4bb53947a85f21d0e83dccd3e151b2fbabfc00bd2eb584a273f0b
            SHA512:25d5745c507c6213a45f0353671f2a214ef09b61a2c9250db950894c045f02b42dab7050201d31f027b2fe09c84e59d68fa4835f6ffb008894d4d7976cdbd118
            SSDEEP:24576:pIF6fhKoVz5/QmNMMIrHRBvI4l39sa4On/7oGty:pIF+hKoVz5/PNMxTTgU94Onzvy
            TLSH:F83501987520B58EC857CDB789A81D64AA207C3B530BD20BA14335EDAA1E7DBCF151F3
            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....=...............0..0...f......>O... ...`....@.. ....................................@................................

            File Icon

            Icon Hash:66666667e69c310e

            Static PE Info

            General

            Entrypoint:0x504f3e
            Entrypoint Section:.text
            Digitally signed:true
            Imagebase:0x400000
            Subsystem:windows gui
            Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
            DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Time Stamp:0xF73DDA15 [Sun Jun 12 13:24:37 2101 UTC]
            TLS Callbacks:
            CLR (.Net) Version:
            OS Version Major:4
            OS Version Minor:0
            File Version Major:4
            File Version Minor:0
            Subsystem Version Major:4
            Subsystem Version Minor:0
            Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

            Authenticode Signature

            Signature Valid:false
            Signature Issuer:CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB
            Signature Validation Error:The digital signature of the object did not verify
            Error Number:-2146869232
            Not Before, Not After
            • 13/11/2018 01:00:00 09/11/2021 00:59:59
            Subject Chain
            • CN=Simon Tatham, O=Simon Tatham, L=Cambridge, S=Cambridgeshire, C=GB
            Version:3
            Thumbprint MD5:DABD77E44EF6B3BB91740FA46696B779
            Thumbprint SHA-1:5B9E273CF11941FD8C6BE3F038C4797BBE884268
            Thumbprint SHA-256:4CD3325617EBB63319BA6E8F2A74B0B8CCA58920B48D8026EBCA2C756630D570
            Serial:7C1118CBBADC95DA3752C46E47A27438

            Entrypoint Preview

            Instruction
            jmp dword ptr [00402000h]
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al

            Data Directories

            NameVirtual AddressVirtual Size Is in Section
            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
            IMAGE_DIRECTORY_ENTRY_IMPORT0x104ee80x53.text
            IMAGE_DIRECTORY_ENTRY_RESOURCE0x1060000x63d0.rsrc
            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
            IMAGE_DIRECTORY_ENTRY_SECURITY0x1098000x3608
            IMAGE_DIRECTORY_ENTRY_BASERELOC0x10e0000xc.reloc
            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
            IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

            Sections

            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
            .text0x20000x102f440x10300007baad65751a611e13238006d85c9606False0.9374104503499034data7.937755379167963IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            .rsrc0x1060000x63d00x64004ce3eb3ef56b770d1afc4e0a786808d0False0.3939453125data5.145835842320028IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
            .reloc0x10e0000xc0x200930651abc969d626117d1e65fe3f156dFalse0.044921875data0.09800417566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

            Resources

            NameRVASizeTypeLanguageCountryZLIB Complexity
            RT_ICON0x1062800x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 00.2701612903225806
            RT_ICON0x1065680x128Device independent bitmap graphic, 16 x 32 x 4, image size 00.4966216216216216
            RT_ICON0x1066900xea8Device independent bitmap graphic, 48 x 96 x 8, image size 00.5439765458422174
            RT_ICON0x1075380x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 00.6656137184115524
            RT_ICON0x107de00x568Device independent bitmap graphic, 16 x 32 x 8, image size 00.5021676300578035
            RT_ICON0x1083480x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 00.3157676348547718
            RT_ICON0x10a8f00x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 00.4090056285178236
            RT_ICON0x10b9980x468Device independent bitmap graphic, 16 x 32 x 32, image size 00.5859929078014184
            RT_GROUP_ICON0x10be000x76data0.6440677966101694
            RT_VERSION0x10be780x368data0.4208715596330275
            RT_MANIFEST0x10c1e00x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

            Imports

            DLLImport
            mscoree.dll_CorExeMain

            Network Behavior

            No network behavior found

            Statistics

            CPU Usage

            Click to jump to process

            Memory Usage

            Click to jump to process

            High Level Behavior Distribution

            Click to dive into process behavior distribution

            Behavior

            Click to jump to process

            System Behavior

            General

            Target ID:0
            Start time:11:46:56
            Start date:03/07/2024
            Path:C:\Users\user\Desktop\PO STS_2184_06_2024.exe
            Wow64 process (32bit):true
            Commandline:"C:\Users\user\Desktop\PO STS_2184_06_2024.exe"
            Imagebase:0x850000
            File size:1'101'320 bytes
            MD5 hash:F9A3EDAA59E9E93035AEA302CFDECA9A
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:low
            Has exited:true

            General

            Target ID:3
            Start time:11:47:00
            Start date:03/07/2024
            Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
            Wow64 process (32bit):true
            Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\PO STS_2184_06_2024.exe"
            Imagebase:0xab0000
            File size:433'152 bytes
            MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:high
            Has exited:true

            General

            Target ID:4
            Start time:11:47:00
            Start date:03/07/2024
            Path:C:\Windows\System32\conhost.exe
            Wow64 process (32bit):false
            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Imagebase:0x7ff66e660000
            File size:862'208 bytes
            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:high
            Has exited:true

            General

            Target ID:5
            Start time:11:47:00
            Start date:03/07/2024
            Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
            Wow64 process (32bit):true
            Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
            Imagebase:0x7a0000
            File size:45'984 bytes
            MD5 hash:9D352BC46709F0CB5EC974633A0C3C94
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Yara matches:
            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.2630248642.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
            • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000002.2630248642.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.2630538405.0000000000D40000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
            • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000002.2630538405.0000000000D40000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
            Reputation:high
            Has exited:true

            Disassembly

            Reset < >

              Execution Graph

              Execution Coverage:11.9%
              Dynamic/Decrypted Code Coverage:100%
              Signature Coverage:0%
              Total number of Nodes:95
              Total number of Limit Nodes:11
              execution_graph 27581 2ab84a8 27582 2ab84f5 VirtualProtect 27581->27582 27583 2ab8561 27582->27583 27584 2abc9a8 27586 2abc9cf 27584->27586 27585 2abcaac 27586->27585 27588 2abc5f8 27586->27588 27589 2abde60 CreateActCtxA 27588->27589 27591 2abdf66 27589->27591 27594 52b5f58 27595 52b5f9e GetCurrentProcess 27594->27595 27597 52b5fe9 27595->27597 27598 52b5ff0 GetCurrentThread 27595->27598 27597->27598 27599 52b602d GetCurrentProcess 27598->27599 27600 52b6026 27598->27600 27601 52b6063 27599->27601 27600->27599 27602 52b608b GetCurrentThreadId 27601->27602 27603 52b60bc 27602->27603 27592 52b61a0 DuplicateHandle 27593 52b627d 27592->27593 27604 52ba890 27605 52ba928 CreateWindowExW 27604->27605 27607 52baa66 27605->27607 27608 52b3a90 27609 52b3a9f 27608->27609 27612 52b3b78 27608->27612 27620 52b3b88 27608->27620 27613 52b3b99 27612->27613 27614 52b3bbc 27612->27614 27613->27614 27628 52b3e68 27613->27628 27632 52b3e58 27613->27632 27614->27609 27615 52b3bb4 27615->27614 27616 52b3ddd GetModuleHandleW 27615->27616 27617 52b3e1c 27616->27617 27617->27609 27621 52b3b99 27620->27621 27622 52b3bbc 27620->27622 27621->27622 27626 52b3e68 LoadLibraryExW 27621->27626 27627 52b3e58 LoadLibraryExW 27621->27627 27622->27609 27623 52b3bb4 27623->27622 27624 52b3ddd GetModuleHandleW 27623->27624 27625 52b3e1c 27624->27625 27625->27609 27626->27623 27627->27623 27629 52b3e7c 27628->27629 27630 52b3ea1 27629->27630 27636 52b3590 27629->27636 27630->27615 27633 52b3e7c 27632->27633 27634 52b3ea1 27633->27634 27635 52b3590 LoadLibraryExW 27633->27635 27634->27615 27635->27634 27637 52b4088 LoadLibraryExW 27636->27637 27639 52b4144 27637->27639 27639->27630 27640 123d01c 27641 123d034 27640->27641 27642 123d08e 27641->27642 27647 52bab28 27641->27647 27651 52bab26 27641->27651 27655 52b9c8c 27641->27655 27664 52bb948 27641->27664 27648 52bab4e 27647->27648 27649 52b9c8c CallWindowProcW 27648->27649 27650 52bab6f 27649->27650 27650->27642 27652 52bab28 27651->27652 27653 52b9c8c CallWindowProcW 27652->27653 27654 52bab6f 27653->27654 27654->27642 27656 52b9c97 27655->27656 27657 52bb9b9 27656->27657 27659 52bb9a9 27656->27659 27686 52b9db4 27657->27686 27673 52bbbac 27659->27673 27678 52bbae0 27659->27678 27682 52bbad1 27659->27682 27660 52bb9b7 27667 52bb985 27664->27667 27665 52bb9b9 27666 52b9db4 CallWindowProcW 27665->27666 27669 52bb9b7 27666->27669 27667->27665 27668 52bb9a9 27667->27668 27670 52bbbac CallWindowProcW 27668->27670 27671 52bbad1 CallWindowProcW 27668->27671 27672 52bbae0 CallWindowProcW 27668->27672 27670->27669 27671->27669 27672->27669 27674 52bbb6a 27673->27674 27675 52bbbba 27673->27675 27690 52bbb98 27674->27690 27676 52bbb80 27676->27660 27679 52bbaf4 27678->27679 27681 52bbb98 CallWindowProcW 27679->27681 27680 52bbb80 27680->27660 27681->27680 27684 52bbaf4 27682->27684 27683 52bbb80 27683->27660 27685 52bbb98 CallWindowProcW 27684->27685 27685->27683 27687 52b9dbf 27686->27687 27688 52bd09a CallWindowProcW 27687->27688 27689 52bd049 27687->27689 27688->27689 27689->27660 27691 52bbba9 27690->27691 27693 52bcfdf 27690->27693 27691->27676 27694 52b9db4 CallWindowProcW 27693->27694 27695 52bcfea 27694->27695 27695->27691

              Executed Functions

              Function 02AB3598 Relevance: 2.8, Strings: 2, Instructions: 278COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 45 2ab3598-2ab35bd 46 2ab35bf 45->46 47 2ab35c4-2ab3602 call 2ab3b69 45->47 46->47 49 2ab3608 47->49 50 2ab360f-2ab362b 49->50 51 2ab362d 50->51 52 2ab3634-2ab3635 50->52 51->49 53 2ab37cb-2ab37cf 51->53 54 2ab3828-2ab383f 51->54 55 2ab36ef-2ab36fb 51->55 56 2ab364e-2ab365a 51->56 57 2ab38a3-2ab38ba 51->57 58 2ab3682-2ab369a 51->58 59 2ab37a1-2ab37ad 51->59 60 2ab3740-2ab376c 51->60 61 2ab3944-2ab3948 51->61 62 2ab3844-2ab384d 51->62 63 2ab37fb-2ab3807 51->63 64 2ab363a-2ab364c 51->64 65 2ab38d9-2ab38f9 51->65 66 2ab3879-2ab387f 51->66 67 2ab36d8-2ab36ea 51->67 68 2ab38bf-2ab38d4 51->68 69 2ab38fe-2ab390a 51->69 70 2ab3932-2ab393f 51->70 71 2ab3771-2ab3775 51->71 72 2ab3974-2ab397b 51->72 52->64 52->72 85 2ab37e2-2ab37e9 53->85 86 2ab37d1-2ab37e0 53->86 54->50 89 2ab36fd 55->89 90 2ab3702-2ab3718 55->90 73 2ab365c 56->73 74 2ab3661-2ab3680 56->74 57->50 81 2ab369c 58->81 82 2ab36a1-2ab36b7 58->82 79 2ab37af 59->79 80 2ab37b4-2ab37c6 59->80 60->50 83 2ab395b-2ab3962 61->83 84 2ab394a-2ab3959 61->84 91 2ab384f-2ab385e 62->91 92 2ab3860-2ab3867 62->92 87 2ab3809 63->87 88 2ab380e-2ab3823 63->88 64->50 65->50 99 2ab3887-2ab389e 66->99 67->50 68->50 75 2ab390c 69->75 76 2ab3911-2ab392d 69->76 70->50 77 2ab3788-2ab378f 71->77 78 2ab3777-2ab3786 71->78 73->74 74->50 75->76 76->50 95 2ab3796-2ab379c 77->95 78->95 79->80 80->50 81->82 107 2ab36b9 82->107 108 2ab36be-2ab36d3 82->108 96 2ab3969-2ab396f 83->96 84->96 97 2ab37f0-2ab37f6 85->97 86->97 87->88 88->50 89->90 109 2ab371a 90->109 110 2ab371f-2ab373b 90->110 98 2ab386e-2ab3874 91->98 92->98 95->50 96->50 97->50 98->50 99->50 107->108 108->50 109->110 110->50
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2186492455.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2ab0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID: Jr |$Jr |
              • API String ID: 0-2872536042
              • Opcode ID: 4341a4f3ff97f9e8731fae204257111272b0faf6786b378576d6756ef8625d68
              • Instruction ID: 144c4e1ff30dcc56fc079540d126585db5dd39e714467d3ce2d83ced790a7d6a
              • Opcode Fuzzy Hash: 4341a4f3ff97f9e8731fae204257111272b0faf6786b378576d6756ef8625d68
              • Instruction Fuzzy Hash: 6CC13A70E0520ADFCB05DFAAD4958EEFBB6FF88300B119595D415AB315DB34AA82CF90
              Function 04CE2458 Relevance: 1.5, Strings: 1, Instructions: 280COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2197933166.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4ce0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID: !Y3E
              • API String ID: 0-2826621527
              • Opcode ID: 3c48edb3cc083af7df63f09eda18c2ada6ba373fe44be9e9c7db2ee267ee5b07
              • Instruction ID: b2dab99838ede8cb140a09dd264022534f7397a5297e446b2406ce1c29b3d347
              • Opcode Fuzzy Hash: 3c48edb3cc083af7df63f09eda18c2ada6ba373fe44be9e9c7db2ee267ee5b07
              • Instruction Fuzzy Hash: FCA19F34B00204CFDB54DB7AD954B6E7AF7BB88310F25846AE906EB394DF74AD028B41
              Function 02AB1BD0 Relevance: 1.4, Strings: 1, Instructions: 163COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2186492455.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2ab0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID: %f
              • API String ID: 0-2878803276
              • Opcode ID: 346a986a4c492eae9c8c5aee511d44a3b7babc58682d7a5cc8890ec1d0eff5ee
              • Instruction ID: 87e42f8f1c971d5883dc1d6f71d0330ab37598084466c59172a31b8be439fee6
              • Opcode Fuzzy Hash: 346a986a4c492eae9c8c5aee511d44a3b7babc58682d7a5cc8890ec1d0eff5ee
              • Instruction Fuzzy Hash: AC615AB0E046198FDB05CFA5D8906EEFBF2FF89301F24A16AD419B7255D7348A41CB94
              Function 04CE7148 Relevance: 1.4, Strings: 1, Instructions: 120COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2197933166.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4ce0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID: T(z
              • API String ID: 0-3184255237
              • Opcode ID: 338ed636f9e6dbb6d0445952e1e1eff4821eb2be1902e1e858c6b0f243be181e
              • Instruction ID: 9f36b263ce4f2dd5540bcdafdd90b52b6fa41185d47fdad97319b4f2b75d3daa
              • Opcode Fuzzy Hash: 338ed636f9e6dbb6d0445952e1e1eff4821eb2be1902e1e858c6b0f243be181e
              • Instruction Fuzzy Hash: 6B413A35F05315DBEB49CBB789506FFB7B7ABC8204F188436D106AB284DB359E019792
              Function 04CE7158 Relevance: 1.4, Strings: 1, Instructions: 116COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2197933166.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4ce0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID: T(z
              • API String ID: 0-3184255237
              • Opcode ID: 65c1c31def0d5ce6daab4a1c3a03980761e1ec089d48ceda0d1a27c60fa141d7
              • Instruction ID: 557bdaaf56caa508dcba7709550bf21e3155ad0f66a9d163dfb56e3cca467d98
              • Opcode Fuzzy Hash: 65c1c31def0d5ce6daab4a1c3a03980761e1ec089d48ceda0d1a27c60fa141d7
              • Instruction Fuzzy Hash: 4B414935F01215DBEB09CBBB89506FFB7B7ABC8600F18C426D106EB244DB359E019792
              Function 02AB34A1 Relevance: .4, Instructions: 353COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2186492455.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2ab0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b4ebe1a13be5239b0c7e9202ad8fabe41ddcd594c685490465f8180d72092fdd
              • Instruction ID: 2f6b512a539805937f32d0fccfa5a55561767f57e87a66e02d81464aa781ca0f
              • Opcode Fuzzy Hash: b4ebe1a13be5239b0c7e9202ad8fabe41ddcd594c685490465f8180d72092fdd
              • Instruction Fuzzy Hash: 94E16D70D05246DFDB06CFB9D4969EEFFB6FF89200B158195C811AB21ACB34A942CF91
              Function 04CE244F Relevance: .3, Instructions: 305COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2197933166.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4ce0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5ae70b5d7f68e26950698edaddbe4256fb268c207390f05f85280aadf2c2c4db
              • Instruction ID: df0e88d0db58cea4e1c1ecba1d99d0f4f243ecba355182b17f827301bd71df66
              • Opcode Fuzzy Hash: 5ae70b5d7f68e26950698edaddbe4256fb268c207390f05f85280aadf2c2c4db
              • Instruction Fuzzy Hash: 11B18E34B00214CFDB149B7AD954B6DBBF7BB88710F25846AE906DB3A4DB74AD028B41
              Function 04CE2980 Relevance: .3, Instructions: 305COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2197933166.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4ce0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d9fe86b21dbb5601976f7a8c8bdd57dbb2f9c28e51f2fca97f6df0e82bc9932c
              • Instruction ID: 16633c30f6807af978599cd68cfb664a74d1efa6136df46204d8456006085e10
              • Opcode Fuzzy Hash: d9fe86b21dbb5601976f7a8c8bdd57dbb2f9c28e51f2fca97f6df0e82bc9932c
              • Instruction Fuzzy Hash: C8B1B130B141148BD715CB2AD48167EFBEBEFC6310B5899AAE146EB2A5C770FD41CB50
              Function 02AB12F0 Relevance: .2, Instructions: 239COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2186492455.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2ab0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 97660b19729cb2369907129d16f1b644c61c75991dc6e16b99334a5459c6723a
              • Instruction ID: 03a511bdbeef1c2e8f682cc6caac468dee788b522963345d7a01844e87960275
              • Opcode Fuzzy Hash: 97660b19729cb2369907129d16f1b644c61c75991dc6e16b99334a5459c6723a
              • Instruction Fuzzy Hash: 35A12774E042498FDB05CFA9C8946DEFFF2BF8A300F14846AC459AB225D7359906CF50
              Function 02AB1378 Relevance: .2, Instructions: 195COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2186492455.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2ab0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 148b836181b5fe6cf00da8e2155a3d5dc75b6f46cf96acf193c221f3ed2a5090
              • Instruction ID: dcd48178f2cac40bae03b36149901d15e6d2c4bb8bc3eb784836d5854683c0b6
              • Opcode Fuzzy Hash: 148b836181b5fe6cf00da8e2155a3d5dc75b6f46cf96acf193c221f3ed2a5090
              • Instruction Fuzzy Hash: 2A81C3B4E002198FCB04CFAAD594ADEFBB6FF88300F14852AD519AB355DB359942CF54
              Function 04CE25EB Relevance: .2, Instructions: 159COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2197933166.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4ce0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ba1015d58a45bd5cd98d59630485b811023d6e3eb70730fd77da9a10d6e3668f
              • Instruction ID: 4c304c29824ce81925c233df6364cd2f1956fcdc079a9fee092128361412dcae
              • Opcode Fuzzy Hash: ba1015d58a45bd5cd98d59630485b811023d6e3eb70730fd77da9a10d6e3668f
              • Instruction Fuzzy Hash: 4A519C34B40204DFDB149F76D855BAEBABBBBC8310F248469E506EB794DB759D02CB40
              Function 04CE67B8 Relevance: .1, Instructions: 119COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2197933166.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4ce0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 78c56842f087aa013e377cfa70269e71c17f90b181e2ada69c1c0a804072c2c0
              • Instruction ID: f86fd877ee715264132f5dc6475c2b5adb652f53d97501db48fedd24d297fad4
              • Opcode Fuzzy Hash: 78c56842f087aa013e377cfa70269e71c17f90b181e2ada69c1c0a804072c2c0
              • Instruction Fuzzy Hash: 7541D335B14119EBCB04CFAAC8819BEFBB7EF98254B94842AE501AB350D731AD12D781
              Function 04CE67C8 Relevance: .1, Instructions: 113COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2197933166.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4ce0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 04fabd87702c1b0c5d61179bddacb46c2f2546ca8aa74c327d072ac3ebe19b51
              • Instruction ID: 235b6a6ad88c62e5d594f3356f047b4c005bb02e6b2dbcedc06016eb90b16134
              • Opcode Fuzzy Hash: 04fabd87702c1b0c5d61179bddacb46c2f2546ca8aa74c327d072ac3ebe19b51
              • Instruction Fuzzy Hash: 2B411635B14119EBCB04CFAAC4818BEFBB7EF98254B94442AE901EB350D731ED12D781
              Function 04CE569D Relevance: .1, Instructions: 100COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2197933166.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4ce0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9d983d7d5b516e323e0c8f788d61a06964b7b0cabaa6e502e78899daf7fa4340
              • Instruction ID: e635b6993ddedd262156107a1bc62e1051da8511d91e22c0ca1c31fad3055d31
              • Opcode Fuzzy Hash: 9d983d7d5b516e323e0c8f788d61a06964b7b0cabaa6e502e78899daf7fa4340
              • Instruction Fuzzy Hash: A2419CB4D11308DFDB10DFEAD584BAEBBF1AB09714F20902AE418BB250D775A945CF58
              Function 04CE1AA0 Relevance: .1, Instructions: 97COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2197933166.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4ce0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4956ec6b03b2d9260c16e641096c40b15baaa8c68c9bbad3334a4d783ecbf775
              • Instruction ID: 31c56922afeca3f43ee979fd85e8123f9892629c4cc7dd9c9dd99a136663a16a
              • Opcode Fuzzy Hash: 4956ec6b03b2d9260c16e641096c40b15baaa8c68c9bbad3334a4d783ecbf775
              • Instruction Fuzzy Hash: D6419AB4D11308EFDB10DFEAC584BAEBBF1AB09714F20902AE514BB250D774A944CF58
              Function 02AB2671 Relevance: .1, Instructions: 79COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2186492455.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2ab0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4e93047e049aaa5b9f8897a4754517e29f70005c1103eda988715ce304b24a4c
              • Instruction ID: 43c1e75e45872fe10548ba4aee074f8fdc637484781cdfb23ba2d92da931fdd7
              • Opcode Fuzzy Hash: 4e93047e049aaa5b9f8897a4754517e29f70005c1103eda988715ce304b24a4c
              • Instruction Fuzzy Hash: EF312A71E006588BDB18CFAAD8447DEFBF6EFC9300F14C1AAD409AA264DB751946CF50
              Function 04CEACE0 Relevance: .1, Instructions: 66COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2197933166.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4ce0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6f272724c3f472abce023b46c417dc97de28f1b1883331a86d6ceee73757f761
              • Instruction ID: 1ed8705dc61e31dfe2028ee1d658b9dbf9c762c25d30c200fe51e9862a89c9de
              • Opcode Fuzzy Hash: 6f272724c3f472abce023b46c417dc97de28f1b1883331a86d6ceee73757f761
              • Instruction Fuzzy Hash: DB2107B1D086188BEB18CFA7D8457EEBBF7AFC9300F08C02AC40966254EB7519468F90
              Function 04CEACF0 Relevance: .1, Instructions: 61COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2197933166.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4ce0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9130454c3c88321410177db4c2d73691f5e2feec2c4ab15b24bc4174741c4b87
              • Instruction ID: aa239ba15e15b45dc5661a25f9a4431e946f8ccc081b47a2109d5700722442c0
              • Opcode Fuzzy Hash: 9130454c3c88321410177db4c2d73691f5e2feec2c4ab15b24bc4174741c4b87
              • Instruction Fuzzy Hash: 9C21C7B1E046188BEB18CF97D9457EEFAF7BFC9300F18C06AD40966254EB7519458F90
              Function 052B5F49 Relevance: 6.1, APIs: 4, Instructions: 132threadCOMMON
              Download Yara Rule

              Control-flow Graph

              APIs
              • GetCurrentProcess.KERNEL32 ref: 052B5FD6
              • GetCurrentThread.KERNEL32 ref: 052B6013
              • GetCurrentProcess.KERNEL32 ref: 052B6050
              • GetCurrentThreadId.KERNEL32 ref: 052B60A9
              Memory Dump Source
              • Source File: 00000000.00000002.2200355095.00000000052B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052B0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_52b0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID: Current$ProcessThread
              • String ID:
              • API String ID: 2063062207-0
              • Opcode ID: 331c17defb91d932e1bba610df95f6a204ca74b648e13598b8c94101482600a4
              • Instruction ID: 7f10b13734b0544867cc004bf60aa1b2f7efcced589093da74f8cccf541c80ef
              • Opcode Fuzzy Hash: 331c17defb91d932e1bba610df95f6a204ca74b648e13598b8c94101482600a4
              • Instruction Fuzzy Hash: 0D5146B09113098FEB14CFAAD548BDEBBF1BF88314F208459E419A7390DBB46944CB65
              Function 052B5F58 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
              Download Yara Rule

              Control-flow Graph

              APIs
              • GetCurrentProcess.KERNEL32 ref: 052B5FD6
              • GetCurrentThread.KERNEL32 ref: 052B6013
              • GetCurrentProcess.KERNEL32 ref: 052B6050
              • GetCurrentThreadId.KERNEL32 ref: 052B60A9
              Memory Dump Source
              • Source File: 00000000.00000002.2200355095.00000000052B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052B0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_52b0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID: Current$ProcessThread
              • String ID:
              • API String ID: 2063062207-0
              • Opcode ID: eb2a1565f9e6e5334b89443c1472f1ae3242cec4314b74b813361c1938c52a30
              • Instruction ID: 148077a27778f4aba3f79a7bb7c6f4ee6ea3e581254c3966b1e63b535c625053
              • Opcode Fuzzy Hash: eb2a1565f9e6e5334b89443c1472f1ae3242cec4314b74b813361c1938c52a30
              • Instruction Fuzzy Hash: 875145B091020A8FEB14CFAAD548BDEBBF1BF88314F20845DE419A7390DBB46944CB65
              Function 052B3B88 Relevance: 1.7, APIs: 1, Instructions: 227COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 425 52b3b88-52b3b97 426 52b3b99-52b3ba6 call 52b352c 425->426 427 52b3bc3-52b3bc7 425->427 434 52b3ba8 426->434 435 52b3bbc 426->435 428 52b3bdb-52b3c1c 427->428 429 52b3bc9-52b3bd3 427->429 436 52b3c29-52b3c37 428->436 437 52b3c1e-52b3c26 428->437 429->428 482 52b3bae call 52b3e68 434->482 483 52b3bae call 52b3e58 434->483 435->427 438 52b3c5b-52b3c5d 436->438 439 52b3c39-52b3c3e 436->439 437->436 441 52b3c60-52b3c67 438->441 442 52b3c49 439->442 443 52b3c40-52b3c47 call 52b3538 439->443 440 52b3bb4-52b3bb6 440->435 444 52b3cf8-52b3dc9 440->444 447 52b3c69-52b3c71 441->447 448 52b3c74-52b3c7b 441->448 445 52b3c4b-52b3c59 442->445 443->445 476 52b3dcb-52b3dda 444->476 477 52b3ddd-52b3e1a GetModuleHandleW 444->477 445->441 447->448 449 52b3c88-52b3c91 call 52b3548 448->449 450 52b3c7d-52b3c85 448->450 456 52b3c9e-52b3ca3 449->456 457 52b3c93-52b3c9b 449->457 450->449 459 52b3cc1-52b3cce 456->459 460 52b3ca5-52b3cac 456->460 457->456 465 52b3cf1-52b3cf7 459->465 466 52b3cd0-52b3cee 459->466 460->459 461 52b3cae-52b3cbe call 52b3558 call 52b3568 460->461 461->459 466->465 476->477 478 52b3e1c-52b3e22 477->478 479 52b3e23-52b3e51 477->479 478->479 482->440 483->440
              APIs
              • GetModuleHandleW.KERNELBASE(?), ref: 052B3E0A
              Memory Dump Source
              • Source File: 00000000.00000002.2200355095.00000000052B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052B0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_52b0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID: HandleModule
              • String ID:
              • API String ID: 4139908857-0
              • Opcode ID: ecdb6f1dd4ef082404e9016917c71c6db31683cdf9527a114bfd396381b5ae71
              • Instruction ID: 98e4f477c81ef7eb2fd6a7acc360529ddef803d25ccdfeadeb88dc7b6f812c3d
              • Opcode Fuzzy Hash: ecdb6f1dd4ef082404e9016917c71c6db31683cdf9527a114bfd396381b5ae71
              • Instruction Fuzzy Hash: 4E912570A107099FEB24CF69D444B9ABBF2FF48340F10892AE44AE7750D7B4E945CB94
              Function 052BA88A Relevance: 1.7, APIs: 1, Instructions: 158COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 484 52ba88a-52ba926 486 52ba928-52ba93a 484->486 487 52ba93d-52ba948 484->487 486->487 488 52ba94a-52ba959 487->488 489 52ba95c-52ba9bc 487->489 488->489 491 52ba9c4-52baa64 CreateWindowExW 489->491 492 52baa6d-52baa9a 491->492 493 52baa66-52baa6c 491->493 493->492
              APIs
              • CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 052BAA51
              Memory Dump Source
              • Source File: 00000000.00000002.2200355095.00000000052B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052B0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_52b0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID: CreateWindow
              • String ID:
              • API String ID: 716092398-0
              • Opcode ID: 182061c304b9787bc11bebf5b567a78e1c231ecf04ebe6d9d1f3d4607a4e00ef
              • Instruction ID: 6f07edb0ce9bc68c88ecd993231df38c1aad066d68a9686db737e506b723dfe2
              • Opcode Fuzzy Hash: 182061c304b9787bc11bebf5b567a78e1c231ecf04ebe6d9d1f3d4607a4e00ef
              • Instruction Fuzzy Hash: 4C6168B4D042589FDF20CFA9D984ADDBBB1BF09300F14A1AAE958A7211D770AA85CF54
              Function 052BA890 Relevance: 1.7, APIs: 1, Instructions: 155COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 496 52ba890-52ba926 497 52ba928-52ba93a 496->497 498 52ba93d-52ba948 496->498 497->498 499 52ba94a-52ba959 498->499 500 52ba95c-52baa64 CreateWindowExW 498->500 499->500 503 52baa6d-52baa9a 500->503 504 52baa66-52baa6c 500->504 504->503
              APIs
              • CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 052BAA51
              Memory Dump Source
              • Source File: 00000000.00000002.2200355095.00000000052B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052B0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_52b0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID: CreateWindow
              • String ID:
              • API String ID: 716092398-0
              • Opcode ID: ef37a5a52f543e3d58d8bf0f6de61b47fd9f2d44471ac12a5c49018413525db5
              • Instruction ID: e501e5eff675c91dc620e5ef365c2d3c34c0f89855b7797fc9b8372084ab32a3
              • Opcode Fuzzy Hash: ef37a5a52f543e3d58d8bf0f6de61b47fd9f2d44471ac12a5c49018413525db5
              • Instruction Fuzzy Hash: 5C6167B4D042189FDB20CFA9D984ADDBBB1BF09300F14A1AAE958A7211D770AA85CF54
              Function 02ABC5F8 Relevance: 1.6, APIs: 1, Instructions: 126COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 507 2abc5f8-2abdf64 CreateActCtxA 512 2abdf6d-2abdff2 507->512 513 2abdf66-2abdf6c 507->513 522 2abe01f-2abe027 512->522 523 2abdff4-2abe017 512->523 513->512 523->522
              APIs
              • CreateActCtxA.KERNEL32(?), ref: 02ABDF51
              Memory Dump Source
              • Source File: 00000000.00000002.2186492455.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2ab0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID: Create
              • String ID:
              • API String ID: 2289755597-0
              • Opcode ID: c280c06befe415aeec92c8de9caffe712707788e6b7bbed79e4ffc619b1d8b02
              • Instruction ID: 4f5071907455b6ae36e4e140f12360f9b170704118fac59478699e92183b1117
              • Opcode Fuzzy Hash: c280c06befe415aeec92c8de9caffe712707788e6b7bbed79e4ffc619b1d8b02
              • Instruction Fuzzy Hash: 1551E371D0461DCFDB21CFA8C984BDEBBF5AF49300F1080AAD509AB251DB716A89CF91
              Function 052B6199 Relevance: 1.6, APIs: 1, Instructions: 110COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 527 52b6199-52b619e 528 52b61a0-52b627b DuplicateHandle 527->528 529 52b627d-52b6283 528->529 530 52b6284-52b62c4 528->530 529->530
              APIs
              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 052B626B
              Memory Dump Source
              • Source File: 00000000.00000002.2200355095.00000000052B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052B0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_52b0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID: DuplicateHandle
              • String ID:
              • API String ID: 3793708945-0
              • Opcode ID: 1fa23b408126aabd145fc9f47b8e93f7ba719489a9ea5a32e66c06916d1983c6
              • Instruction ID: 87cdd9aaff6ecd9bbe116b50629cfee3a1d529f2316335c0ce454c388c852e10
              • Opcode Fuzzy Hash: 1fa23b408126aabd145fc9f47b8e93f7ba719489a9ea5a32e66c06916d1983c6
              • Instruction Fuzzy Hash: AD4154B9D002599FDF00CFA9D984ADEBBF5BF09310F24902AE918AB210D375A955CF54
              Function 052B61A0 Relevance: 1.6, APIs: 1, Instructions: 108COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 534 52b61a0-52b627b DuplicateHandle 535 52b627d-52b6283 534->535 536 52b6284-52b62c4 534->536 535->536
              APIs
              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 052B626B
              Memory Dump Source
              • Source File: 00000000.00000002.2200355095.00000000052B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052B0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_52b0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID: DuplicateHandle
              • String ID:
              • API String ID: 3793708945-0
              • Opcode ID: 30887b1e840f5814cdaa354d3c1d292d6b366eecf9c051fdc36b0daee996af68
              • Instruction ID: 138c04fb586f2f8f52c803d80817139ad5baf57548aa94cc8be9a89e4351570b
              • Opcode Fuzzy Hash: 30887b1e840f5814cdaa354d3c1d292d6b366eecf9c051fdc36b0daee996af68
              • Instruction Fuzzy Hash: 764153B9D002599FDF00CFA9D984ADEBBF5BF09310F24902AE918AB310D375A955CF94
              Function 02AB84A0 Relevance: 1.6, APIs: 1, Instructions: 99memoryCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 540 2ab84a0-2ab855f VirtualProtect 543 2ab8568-2ab85a4 540->543 544 2ab8561-2ab8567 540->544 544->543
              APIs
              • VirtualProtect.KERNELBASE(?,?,?,?), ref: 02AB854F
              Memory Dump Source
              • Source File: 00000000.00000002.2186492455.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2ab0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID: ProtectVirtual
              • String ID:
              • API String ID: 544645111-0
              • Opcode ID: 809028dc35f017aa51ea32283996874b2847f257e3433973ffb265f6456ffff4
              • Instruction ID: f9f18a8eb692f2d53c2cd70a094d1c31334b19102bd73e3e8a1967e2a2ba9462
              • Opcode Fuzzy Hash: 809028dc35f017aa51ea32283996874b2847f257e3433973ffb265f6456ffff4
              • Instruction Fuzzy Hash: 3F31B9B5D002589FCB00CFA9D480ADEFBF5BF49310F24902AE814B7210D775AA45CF64
              Function 052B4080 Relevance: 1.6, APIs: 1, Instructions: 99libraryCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 547 52b4080-52b40dc 549 52b40de-52b40ed 547->549 550 52b40f0-52b4142 LoadLibraryExW 547->550 549->550 551 52b414b-52b4189 550->551 552 52b4144-52b414a 550->552 552->551
              APIs
              • LoadLibraryExW.KERNELBASE(?,?,?), ref: 052B4132
              Memory Dump Source
              • Source File: 00000000.00000002.2200355095.00000000052B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052B0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_52b0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID: LibraryLoad
              • String ID:
              • API String ID: 1029625771-0
              • Opcode ID: 2903f19811c02e40855cfd4ede478ac0152996216911bc75e6c2f1429ea686c3
              • Instruction ID: 484b84c8ebd8fe596b2c688f29561e1a698bdfc94528be61c02bbf224d76c7b2
              • Opcode Fuzzy Hash: 2903f19811c02e40855cfd4ede478ac0152996216911bc75e6c2f1429ea686c3
              • Instruction Fuzzy Hash: 1D4188B8D002599FDF10CFA9D884ADEFBF1BB49310F14902AE918B7210D374A946CF94
              Function 052B3590 Relevance: 1.6, APIs: 1, Instructions: 97libraryCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 556 52b3590-52b40dc 558 52b40de-52b40ed 556->558 559 52b40f0-52b4142 LoadLibraryExW 556->559 558->559 560 52b414b-52b4189 559->560 561 52b4144-52b414a 559->561 561->560
              APIs
              • LoadLibraryExW.KERNELBASE(?,?,?), ref: 052B4132
              Memory Dump Source
              • Source File: 00000000.00000002.2200355095.00000000052B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052B0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_52b0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID: LibraryLoad
              • String ID:
              • API String ID: 1029625771-0
              • Opcode ID: 5fa57d88dcf6e50da681fe563d4aca21fbf907c21256d42cef4b05c739cc08a4
              • Instruction ID: 9c31b3c9088c6519fec5d2187b54430830e8b985b86b9ed6fec17addfc3b854f
              • Opcode Fuzzy Hash: 5fa57d88dcf6e50da681fe563d4aca21fbf907c21256d42cef4b05c739cc08a4
              • Instruction Fuzzy Hash: 594197B4D142589FDF10CFA9D884A9EFBF1BB08310F14902AE818B7210D374A945CF94
              Function 052B9DB4 Relevance: 1.6, APIs: 1, Instructions: 97COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 565 52b9db4-52bd03c 568 52bd0ec-52bd10c call 52b9c8c 565->568 569 52bd042-52bd047 565->569 577 52bd10f-52bd11c 568->577 570 52bd09a-52bd0d2 CallWindowProcW 569->570 571 52bd049-52bd080 569->571 573 52bd0db-52bd0ea 570->573 574 52bd0d4-52bd0da 570->574 579 52bd089-52bd098 571->579 580 52bd082-52bd088 571->580 573->577 574->573 579->577 580->579
              APIs
              • CallWindowProcW.USER32(?,?,?,?,?), ref: 052BD0C1
              Memory Dump Source
              • Source File: 00000000.00000002.2200355095.00000000052B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052B0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_52b0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID: CallProcWindow
              • String ID:
              • API String ID: 2714655100-0
              • Opcode ID: 6ecec6a8c0a69d772022661e5f813d9e2cfd6c38359cb00d6dd3fa690f0d4e14
              • Instruction ID: 922726e3d6c5d2c00c425bc26bc9a6b21cd1ced218a572cb83b5a7c8fadfb5e0
              • Opcode Fuzzy Hash: 6ecec6a8c0a69d772022661e5f813d9e2cfd6c38359cb00d6dd3fa690f0d4e14
              • Instruction Fuzzy Hash: 3F4129B5910305CFDB14DF99C488BEABBF5FF88314F248859D519A7321D7B5A841CBA0
              Function 02AB84A8 Relevance: 1.6, APIs: 1, Instructions: 94memoryCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 582 2ab84a8-2ab855f VirtualProtect 584 2ab8568-2ab85a4 582->584 585 2ab8561-2ab8567 582->585 585->584
              APIs
              • VirtualProtect.KERNELBASE(?,?,?,?), ref: 02AB854F
              Memory Dump Source
              • Source File: 00000000.00000002.2186492455.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2ab0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID: ProtectVirtual
              • String ID:
              • API String ID: 544645111-0
              • Opcode ID: 74ba1bf50b5be4f4bd69ce5b45554ad294b15a444395f43bb16fdbc6ec120617
              • Instruction ID: e9a2c4bd7d6dbec620f9cc4116a351719f30f46c78879bc2201725c94a60db5b
              • Opcode Fuzzy Hash: 74ba1bf50b5be4f4bd69ce5b45554ad294b15a444395f43bb16fdbc6ec120617
              • Instruction Fuzzy Hash: 893179B9D042589FCB10CFA9D584ADEFBF5BF49310F24902AE818B7210D775A945CF64
              Function 052B3D78 Relevance: 1.6, APIs: 1, Instructions: 76COMMON
              Download Yara Rule
              APIs
              • GetModuleHandleW.KERNELBASE(?), ref: 052B3E0A
              Memory Dump Source
              • Source File: 00000000.00000002.2200355095.00000000052B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052B0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_52b0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID: HandleModule
              • String ID:
              • API String ID: 4139908857-0
              • Opcode ID: 8d5c8ea5d1f6393001dc1d1813388bc98c608f12e82d7e9ba75c672a1bafb98a
              • Instruction ID: 97811c60c7f09c44759e2e48492e734991d3cd4cb8eaa45ab7adbe3f3a21eed9
              • Opcode Fuzzy Hash: 8d5c8ea5d1f6393001dc1d1813388bc98c608f12e82d7e9ba75c672a1bafb98a
              • Instruction Fuzzy Hash: AB3196B5D002499FDB14CFAAD484ADEFBF5AF49310F14906AE818B7320D375A945CFA4
              Function 04CEB7BC Relevance: 1.3, Strings: 1, Instructions: 28COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2197933166.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4ce0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID: r
              • API String ID: 0-1812594589
              • Opcode ID: 7dddb7686491bc389ebcbe0f6dcd8047509878be658ffe3e663ba7038a5b111d
              • Instruction ID: 882305232eaf32b0b870062c21cebcb83ae3107e76caad5cdc46aaf7f69370ed
              • Opcode Fuzzy Hash: 7dddb7686491bc389ebcbe0f6dcd8047509878be658ffe3e663ba7038a5b111d
              • Instruction Fuzzy Hash: 45F0F870A08245CBC724DB47D0855BDBBBBBB4E321B18A145C50AA6216F730BC83DB90
              Function 04CE2038 Relevance: .2, Instructions: 228COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2197933166.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4ce0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: dfb77bda7f06853de3588c64b9936ceff27fb1de12fe3fbfffa4be3a6b055e76
              • Instruction ID: a06ed65361acecdbb565c18e106dcb2b47b12e89b9615f8c1c492cb409b66c91
              • Opcode Fuzzy Hash: dfb77bda7f06853de3588c64b9936ceff27fb1de12fe3fbfffa4be3a6b055e76
              • Instruction Fuzzy Hash: B7917475A002199FCB05DFA5C5805BEB7F6FF89310B1484AAE904EB351E735EE06CB91
              Function 04CE1AB1 Relevance: .2, Instructions: 203COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2197933166.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4ce0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8f4f4d7cabcca0263c4344eb7eafa8c4b7f436010f0b1a801294adeb06f253dc
              • Instruction ID: e358b840440f6dc8ca409f893cdc53ac8b89f6be649ca11873ad20709edfe020
              • Opcode Fuzzy Hash: 8f4f4d7cabcca0263c4344eb7eafa8c4b7f436010f0b1a801294adeb06f253dc
              • Instruction Fuzzy Hash: 7D814774600A00DFC709EB38D454AAEBBE6FFC9300B11896DD51A9B364EF35AD46CB91
              Function 04CE1AC0 Relevance: .2, Instructions: 196COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2197933166.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4ce0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: bb58986b9aed6ce1482a043b0745b61ec708e88b8112c07eebe3b5712071988d
              • Instruction ID: 966ea3c92e4756c3de00be5adadfd61b6278f53b0003ac06dcd95e80fa8a5ce8
              • Opcode Fuzzy Hash: bb58986b9aed6ce1482a043b0745b61ec708e88b8112c07eebe3b5712071988d
              • Instruction Fuzzy Hash: F0812574600A00DFC709EF38C454AAABBE6FF89300B51896DD51A9B364EF35AD46CB91
              Function 04CE9EF0 Relevance: .2, Instructions: 178COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2197933166.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4ce0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: edc50795f161acb4f669754bc3a18df64bc9d42c60343854fb9a8766f59ce0dc
              • Instruction ID: 3ed28c92f626e52f5725ba7b9a5eea4321a209f66e2d255b8a26fb352171a6a2
              • Opcode Fuzzy Hash: edc50795f161acb4f669754bc3a18df64bc9d42c60343854fb9a8766f59ce0dc
              • Instruction Fuzzy Hash: D661E6B4E04218CFDB04CFAAC8846EEBBF6BF89300F149029D51AAB355E7356946DF50
              Function 04CE19DC Relevance: .2, Instructions: 160COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2197933166.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4ce0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4f9b1be1e595ce214740778e781b40dd4349c8fe3a14a9c28a59aa67701047aa
              • Instruction ID: ae02421e6a02f11244eabb05550a04c8268ae6b607f9b25cddc6bac3fe9fd5c0
              • Opcode Fuzzy Hash: 4f9b1be1e595ce214740778e781b40dd4349c8fe3a14a9c28a59aa67701047aa
              • Instruction Fuzzy Hash: B251C031B002069FDB14EBB9984497EBBF7FFC4264B148929E419DB391DF70AD068790
              Function 04CE3540 Relevance: .2, Instructions: 152COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2197933166.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4ce0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a9188bacbe740872865a15f31ae61120edd33ac857789bffe19d38d54b6cbf9e
              • Instruction ID: fd808d7de957ec21a54ddc8687c26cd1168a5be2529d2abbae9cedb4e9f41c72
              • Opcode Fuzzy Hash: a9188bacbe740872865a15f31ae61120edd33ac857789bffe19d38d54b6cbf9e
              • Instruction Fuzzy Hash: B3512674A09259EFCB00CFAAE4848FEBBB6FB4D310F055495E816A7321E734B951DB60
              Function 04CE5374 Relevance: .2, Instructions: 151COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2197933166.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4ce0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: fbe7a8d1f37b5822035c82f1a6d95ef37364c4d453705aac500a060ed3b13e36
              • Instruction ID: 3246757dccec354768cc58b656e1fbc0c38590e7c78eef10869cc64bc4341a99
              • Opcode Fuzzy Hash: fbe7a8d1f37b5822035c82f1a6d95ef37364c4d453705aac500a060ed3b13e36
              • Instruction Fuzzy Hash: F951BEB5E00208AFDF04CFA9D984ADEBBF6EB49310F14902AE819B7310D775A941DB64
              Function 04CE338F Relevance: .1, Instructions: 141COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2197933166.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4ce0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1aa5132d6320793edc32e11c9b08bec7d035780b71783e327e9a6717823ee689
              • Instruction ID: e41ee80e3efafafac30a5175c30e15b6fd598cecd39a58e390a5e6ebfae10c12
              • Opcode Fuzzy Hash: 1aa5132d6320793edc32e11c9b08bec7d035780b71783e327e9a6717823ee689
              • Instruction Fuzzy Hash: A451D4745096C5DFD306DB6AE554A94BFF1BF4A210F2A80C2C884DB2B3C734AD06CB12
              Function 04CE2649 Relevance: .1, Instructions: 138COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2197933166.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4ce0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 818eaed92def1019de08fe0b7596169324d83db27949093e1b656f860f27836c
              • Instruction ID: 26d9d6695d80dfd782e06d7537d38cec86392c5bc26e7c8c3022d74893658afa
              • Opcode Fuzzy Hash: 818eaed92def1019de08fe0b7596169324d83db27949093e1b656f860f27836c
              • Instruction Fuzzy Hash: C9518A34B01204DFDB149FB6D855BAEBAB7BBC8710F248069E902EB794DA759C028B50
              Function 04CE2683 Relevance: .1, Instructions: 136COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2197933166.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4ce0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f822174addf13f634d6916c05014418bef4c20b9a6c0c8e78614265e91350009
              • Instruction ID: 3a00f9e2d64f0f7e6183a2227f7816cb5feca5f9d9a5b1562601673caea75948
              • Opcode Fuzzy Hash: f822174addf13f634d6916c05014418bef4c20b9a6c0c8e78614265e91350009
              • Instruction Fuzzy Hash: EE419C34B01204DFDB149B76D855BAEBAB7BBC8310F248469E902EB794DA75AC028B50
              Function 04CE533C Relevance: .1, Instructions: 124COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2197933166.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4ce0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b53de99900dd86e4cd1cfe29e327d5ac1c4256f7487832bd39dc0c3952b34aac
              • Instruction ID: 5f4e232b6c3f3b715ca505857b5f87655f2449629797f27f74bacc3dee3b0cf6
              • Opcode Fuzzy Hash: b53de99900dd86e4cd1cfe29e327d5ac1c4256f7487832bd39dc0c3952b34aac
              • Instruction Fuzzy Hash: A83108A17143146BDB19BA7E841427F7ADBDFD8544B54483AE906CB380EF28EE0283E5
              Function 04CED1BD Relevance: .1, Instructions: 122COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2197933166.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4ce0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b972b6c9052e7652b5afcc37b749a0b88ca82ca87e704ded561f0817be7af10e
              • Instruction ID: 748bac94f7d7cc951b8f80867430ab3be60a808a077345ab0ad5912ddce9fa47
              • Opcode Fuzzy Hash: b972b6c9052e7652b5afcc37b749a0b88ca82ca87e704ded561f0817be7af10e
              • Instruction Fuzzy Hash: 49516178A10219CFDB24DFA5D9456ADBBFAFB8C300F509159E40AAB395EB345D42CF10
              Function 04CE3550 Relevance: .1, Instructions: 117COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2197933166.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4ce0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1635c69df787a8cd041f54f9e5a5f7f1c2a4664b37e52149f61401c466af5b8b
              • Instruction ID: 17183367088f6bf41724408947f10620e9e9aff3b11b101f285ffde0416fc005
              • Opcode Fuzzy Hash: 1635c69df787a8cd041f54f9e5a5f7f1c2a4664b37e52149f61401c466af5b8b
              • Instruction Fuzzy Hash: 2C41F474E09259EFCB00DFAAE4848FEBBB6FB4D210F055855E856A7320E730B951DB24
              Function 04CE3E13 Relevance: .1, Instructions: 108COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2197933166.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4ce0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c2827c761d4e8b86a2ba0bb248e67fa1942fe24b306b77169f14666f17e5dd9d
              • Instruction ID: 7d5af650ef5ad5081be15a5b6e097d962f9da166a3b8a0f7a75af3d382a8fc82
              • Opcode Fuzzy Hash: c2827c761d4e8b86a2ba0bb248e67fa1942fe24b306b77169f14666f17e5dd9d
              • Instruction Fuzzy Hash: 6041AC74E042699FCB15DFAAD884AEDBBF2FB09300F109465E815F7260D735A941DF14
              Function 04CEA688 Relevance: .1, Instructions: 107COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2197933166.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4ce0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e72f81ec6f740dd674e122138e885678d6174ce15e29e0ae9b92705a3908bf18
              • Instruction ID: 62ee0479bd70008173f52881df25c40e180f230f7b479271405f63383abe0430
              • Opcode Fuzzy Hash: e72f81ec6f740dd674e122138e885678d6174ce15e29e0ae9b92705a3908bf18
              • Instruction Fuzzy Hash: 163137B4E08209CFDB08CF97D9406BEBBF7BB89301F18D169D419A7251E7356A42DB50
              Function 04CE5384 Relevance: .1, Instructions: 107COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2197933166.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4ce0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 380f85bb40fd7dcd298d7aae5852f13dfca262cb80f66d4a8dfe78ff333de170
              • Instruction ID: 5d5d41d27ff1479ff565c7da0d8d13728953cb5bf7ab695b6a56e49371662d23
              • Opcode Fuzzy Hash: 380f85bb40fd7dcd298d7aae5852f13dfca262cb80f66d4a8dfe78ff333de170
              • Instruction Fuzzy Hash: 514179B9E042489FCF00CFA9D584A9EFBF5BB19310F14902AE918B7310D375A945CF64
              Function 04CE36CE Relevance: .1, Instructions: 104COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2197933166.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4ce0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 32ac2bdb4f69594b0154c3bf2f52a02e1f7b85bfb7669300680280164c4be9fb
              • Instruction ID: 0cd27e85fcf04857401ef40c60ad2fd41f70c008c9d70eb3ec45045d27ab25d0
              • Opcode Fuzzy Hash: 32ac2bdb4f69594b0154c3bf2f52a02e1f7b85bfb7669300680280164c4be9fb
              • Instruction Fuzzy Hash: 1541DE74E09259EFCB00DFAAE4858BDBBB6FB4D210F055855E856A7320E730B9119F20
              Function 04CE376A Relevance: .1, Instructions: 99COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2197933166.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4ce0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2459d717dfd0526e3ed836f1846e603094a60e17ce14cefb1890e0e72c7f2d7a
              • Instruction ID: 25157e4b6a0a6213bf88d51feafdfeaf4d7c72afdd613c9e8c2d6d44201096cf
              • Opcode Fuzzy Hash: 2459d717dfd0526e3ed836f1846e603094a60e17ce14cefb1890e0e72c7f2d7a
              • Instruction Fuzzy Hash: D331F8B5E05289DFCB00CFAAD9818BDBBB5FB09310F149456DC16AB321E334B901DB50
              Function 04CEA678 Relevance: .1, Instructions: 94COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2197933166.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4ce0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f7d38fd7f513c9c1ad03b98d44b332ed53ed12dedc08eda5b5bd298c6b9a69c1
              • Instruction ID: 4c3c5c1e99f8d9d575bcaed4840b21fb828c1b714f6e67402a0415a1c048a126
              • Opcode Fuzzy Hash: f7d38fd7f513c9c1ad03b98d44b332ed53ed12dedc08eda5b5bd298c6b9a69c1
              • Instruction Fuzzy Hash: C4313AB5E08248CFDB08CFA7D8046BEBBF7AB89301F18D06AD419A7251E7755A41DB50
              Function 04CE2037 Relevance: .1, Instructions: 94COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2197933166.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4ce0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b257f6f3c4aa23353c02fe0dd11d36336aca0001c05810af2089f1f4bb9bb24f
              • Instruction ID: 6a9f0375d7560ff8925e3ca7a9529d90dd2b78bb50dee794ba392fee9bf048f9
              • Opcode Fuzzy Hash: b257f6f3c4aa23353c02fe0dd11d36336aca0001c05810af2089f1f4bb9bb24f
              • Instruction Fuzzy Hash: 393170356001098FDB15DFA5C984AEE7BF6FF49300F5580A9E905AB361DB36EE05CB90
              Function 04CED244 Relevance: .1, Instructions: 94COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2197933166.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4ce0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5c99c02c732da1181c48e415fd0678c195d155017822981e5dbde08468c2302b
              • Instruction ID: efa861738d307ba7e98080931964760d4fecb9ce8cbb920528c48f445785ac8e
              • Opcode Fuzzy Hash: 5c99c02c732da1181c48e415fd0678c195d155017822981e5dbde08468c2302b
              • Instruction Fuzzy Hash: 48417378A00219CFDB10DFA5E5855ADBBFAFB88304F509159E40AAF351DB34AD42CF50
              Function 04CE9EE0 Relevance: .1, Instructions: 92COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2197933166.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4ce0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3590dde5e22890e72707bd50b0733e758b43b759d52a2c3795f0084ccb40fcaa
              • Instruction ID: 843cab47d982e3c2432bb68c00101e275772daf27aacabe3af4b3d1224586c47
              • Opcode Fuzzy Hash: 3590dde5e22890e72707bd50b0733e758b43b759d52a2c3795f0084ccb40fcaa
              • Instruction Fuzzy Hash: 6D31F7B4E042489FDB04DFA6C9447AEBBF7BF89300F14902AD41AAB354EB755906CB50
              Function 04CED1A2 Relevance: .1, Instructions: 83COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2197933166.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4ce0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a3d7a2fb001075b869ba6654a19aa4b9b046fea51a23f99500867553050dd36a
              • Instruction ID: 3ad148169142e9d8e18102efd2595a82f5a78fd398ae977cfb99ee6262467c8a
              • Opcode Fuzzy Hash: a3d7a2fb001075b869ba6654a19aa4b9b046fea51a23f99500867553050dd36a
              • Instruction Fuzzy Hash: 81316378A04219CFCB20DFA5E5856ADBBFAFB8C301F505159E40AAB395EB346D42CF50
              Function 0122D4C4 Relevance: .1, Instructions: 75COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2186179147.000000000122D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0122D000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_122d000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 377ae867648fbeebefc979d4a02f2c2968e2273fb5c36699153c2d279818ca06
              • Instruction ID: 2a1c0c5e919f4995a4e5c92dc3df04fdc3aaf27212b2f08608120e57dac28f44
              • Opcode Fuzzy Hash: 377ae867648fbeebefc979d4a02f2c2968e2273fb5c36699153c2d279818ca06
              • Instruction Fuzzy Hash: 8F214572514248EFDB15DF54E9C0B2ABF61FB88318F20C56DEA090B256C3B6D466CAA1
              Function 04CE1D80 Relevance: .1, Instructions: 73COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2197933166.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4ce0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1aa2857936a028fdbd1309b965082a50c5b8ca5855bbaf3ff8ed4538073b16f7
              • Instruction ID: 4a2b78d9b4e61fd5bc4c321abc4a5275ea70d86583a5c7a531a3591210170e12
              • Opcode Fuzzy Hash: 1aa2857936a028fdbd1309b965082a50c5b8ca5855bbaf3ff8ed4538073b16f7
              • Instruction Fuzzy Hash: 28219D75A007518BD714CB69C8809BBBBF9FF88B00B00856DE9199B710E730ED05C7E1
              Function 0123D1D4 Relevance: .1, Instructions: 72COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2186226420.000000000123D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0123D000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_123d000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 475f098f09848b3dda257c91ec9491df7eb815ca582310014b211b4499c3590a
              • Instruction ID: 4ace7875a41dafe4654625e92cefd4eaed4c5b5b0d1f5a30005b4fdc1d7709c9
              • Opcode Fuzzy Hash: 475f098f09848b3dda257c91ec9491df7eb815ca582310014b211b4499c3590a
              • Instruction Fuzzy Hash: 852146B5524308EFDB05DFA4D9C0B26BBA1FBC4324F60C56DEA094B253C7B6D806CA61
              Function 0123D01C Relevance: .1, Instructions: 72COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2186226420.000000000123D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0123D000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_123d000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 275b39508224338c2dd5448ce2abca3cd09705ad0d273cabe3bdc9554f8c7056
              • Instruction ID: 0676a2944afcee50e28b0ef1330cdc1c50949d4ff99ff182392b54bd43a7f48e
              • Opcode Fuzzy Hash: 275b39508224338c2dd5448ce2abca3cd09705ad0d273cabe3bdc9554f8c7056
              • Instruction Fuzzy Hash: AF2100B5614208EFDB15DF64D9C0B26FB65FBC4B14F60C56DEA0A0B252C37AD406CA61
              Function 04CEB718 Relevance: .1, Instructions: 67COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2197933166.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4ce0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 11600bcef73ffd977368a829965c0fc16b0a9741619f23833bc6d9b6bf553bd9
              • Instruction ID: ec0f4774e2fdb4e44cff121b1d5be654612194512daecaac0cfe92aa5d6ac059
              • Opcode Fuzzy Hash: 11600bcef73ffd977368a829965c0fc16b0a9741619f23833bc6d9b6bf553bd9
              • Instruction Fuzzy Hash: BB219DB1E092148FDB08DF6AD8815FDBBF6FB89301F149429E406AB711EB30A943CB50
              Function 04CE9F5F Relevance: .1, Instructions: 67COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2197933166.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4ce0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 11a0b70d3f6b3489d4e961cf0b64340ab8ac0432a55cf9647d6ae46bbc3298cc
              • Instruction ID: 78886bf3b2073bf2ec6b208925d9317af30d9c46ced5a1a75ad8fce1651cce35
              • Opcode Fuzzy Hash: 11a0b70d3f6b3489d4e961cf0b64340ab8ac0432a55cf9647d6ae46bbc3298cc
              • Instruction Fuzzy Hash: 322190B4E04219CFCB04CFEAD9809EDBBF6BB88300F14812AD919A7355D732A946DF50
              Function 04CEE660 Relevance: .1, Instructions: 66COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2197933166.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4ce0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 49fc57983c011b81e838be8e8ee321d720a0a2bcec79b89bdf88c6daa213d7d1
              • Instruction ID: fcc22fb4e6986ab889091557228b2d647ef4d7cbbe7cf5dcdb30ee69697a7547
              • Opcode Fuzzy Hash: 49fc57983c011b81e838be8e8ee321d720a0a2bcec79b89bdf88c6daa213d7d1
              • Instruction Fuzzy Hash: CB11B230B00218DBDB54AEBAD8057BE76A7FB84790F148529E91ACB341EB70DD01C7D0
              Function 04CE530C Relevance: .1, Instructions: 66COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2197933166.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4ce0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2799d5cddafd215826fcb7254524d98783220480f7651b0ad81dce77af1ce3d7
              • Instruction ID: 89f21b9cb82fa40fab27eebf13eac2d68ca8f1c4ac1beb1d87eff6a56e0b35a6
              • Opcode Fuzzy Hash: 2799d5cddafd215826fcb7254524d98783220480f7651b0ad81dce77af1ce3d7
              • Instruction Fuzzy Hash: 7D112734B19384AFCB16DBB4881597E7FFAAF82104B1844EAE805CB243EA34AD05D361
              Function 04CE1D90 Relevance: .1, Instructions: 66COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2197933166.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4ce0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c99ba86e903118710f318e9978e46a6a09ccf4b526b622b7f19d96e834feb78a
              • Instruction ID: 62033961c372fa6c59c62b714adb8bc1bf03c3a55575e08580dd16ae30b40ed8
              • Opcode Fuzzy Hash: c99ba86e903118710f318e9978e46a6a09ccf4b526b622b7f19d96e834feb78a
              • Instruction Fuzzy Hash: 5C218BB56006158BC710DF69C8809BBBBF9FF88700B00896DE9199B320D770AD05C7A1
              Function 04CE1E47 Relevance: .1, Instructions: 66COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2197933166.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4ce0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9762a3ce392be354c939bda4c38d9dcaa6141a8ada6f1823561c8663e04f5505
              • Instruction ID: 2ba7cb1bf5a38ff90ce1829a4daf2f34957c03bb2e9dc53e261b8c0f4232c447
              • Opcode Fuzzy Hash: 9762a3ce392be354c939bda4c38d9dcaa6141a8ada6f1823561c8663e04f5505
              • Instruction Fuzzy Hash: 3D21DF317146628BD704EB68D840BAFBBEAFFC8714F04816AD6489B392DEB59C01C7D1
              Function 04CE54E8 Relevance: .1, Instructions: 64COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2197933166.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4ce0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 702ce1283cd05c88c578799fa74799a9ec05d00a2b25bbeb4962776bed625a6a
              • Instruction ID: 10e7c17117b9de4bf9c9370789278a16794cd5f46fbc388b98b32204d3404223
              • Opcode Fuzzy Hash: 702ce1283cd05c88c578799fa74799a9ec05d00a2b25bbeb4962776bed625a6a
              • Instruction Fuzzy Hash: 0A110475A003165FDB15EA7A9C005BFBBF7EFC5264B148529D415D7240EF30990687A0
              Function 04CEA7B0 Relevance: .1, Instructions: 64COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2197933166.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4ce0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5594dffadb075a8359f820da32ba7b562ba357704e8a8b7cf2dce91e23fb1b9e
              • Instruction ID: 7c940e16f17acb96cbab48eeeabaf451a96fc3cf9228cd295cfdbf2941b4f95c
              • Opcode Fuzzy Hash: 5594dffadb075a8359f820da32ba7b562ba357704e8a8b7cf2dce91e23fb1b9e
              • Instruction Fuzzy Hash: 3221CFB4E08109DFCB54DF9AC181ABEBBF5EB49300F609059D819A7751D731AA42CF61
              Function 0123D006 Relevance: .1, Instructions: 63COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2186226420.000000000123D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0123D000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_123d000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 34c40129239b1eec6c538523bd260f635dc5cdf50ad38c97af9ead7eec923fcb
              • Instruction ID: 008cd58790c8ea77b34eb99b761a68d9cf0855ac441347aed7f5ebf1a9961038
              • Opcode Fuzzy Hash: 34c40129239b1eec6c538523bd260f635dc5cdf50ad38c97af9ead7eec923fcb
              • Instruction Fuzzy Hash: 6E2183B55083849FCB02CF64D994711BF71EB86714F28C5DAD9498F2A7C33AD816CB62
              Function 04CE3478 Relevance: .1, Instructions: 61COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2197933166.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4ce0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 96164a393e3672abf006b6ec5f67189c29c8009e55cf4587f37d58164a343332
              • Instruction ID: dbcc6e7e461a2bae91c43aa1408e8b336dd7c4f944fb4b506da9b39081b974e2
              • Opcode Fuzzy Hash: 96164a393e3672abf006b6ec5f67189c29c8009e55cf4587f37d58164a343332
              • Instruction Fuzzy Hash: 7521AE74A04908EFC754DF9AE285999BBF1FF88310F6280D4D848AB325DB75EE61DB04
              Function 04CEAD86 Relevance: .1, Instructions: 60COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2197933166.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4ce0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 263eb33764b5f82d40358d3ab387990f25a1b27dd50ed3402ee7d6d6e695f95e
              • Instruction ID: 492157e506bc6e1efaa671b12357c6d9931f66db78e8b1343895442ecc56d27a
              • Opcode Fuzzy Hash: 263eb33764b5f82d40358d3ab387990f25a1b27dd50ed3402ee7d6d6e695f95e
              • Instruction Fuzzy Hash: 5321BE74A08248CFCB14CF96D5809FCBBB6BB49311F245195D809AB211E735BE81CF24
              Function 04CEA7C0 Relevance: .1, Instructions: 59COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2197933166.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4ce0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4a9fc9663ad0e4e3589177eda7807b456891bfb8b253f5c2b472d8c9656d2e5f
              • Instruction ID: d375ebd178fc2d4c80a1b4ee9954ac58a989aca0bb1cc783e9424278cccf9e11
              • Opcode Fuzzy Hash: 4a9fc9663ad0e4e3589177eda7807b456891bfb8b253f5c2b472d8c9656d2e5f
              • Instruction Fuzzy Hash: DA21D8B4E08209CFCB44CF9AC181ABEBBF6EB49300F609059D809A7351D731AE42CF91
              Function 04CEAE82 Relevance: .1, Instructions: 59COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2197933166.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4ce0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8ee22a850f967ec08eb368021cb24000b24bd740a83d40e2b617bf376184f710
              • Instruction ID: 93d9e0b9485a29410c28d8b2f6d0217cc8afd0f38c12a54e4f6d87476c629e8d
              • Opcode Fuzzy Hash: 8ee22a850f967ec08eb368021cb24000b24bd740a83d40e2b617bf376184f710
              • Instruction Fuzzy Hash: DD21DF74A08258CFDB14DF96D584AECBBB6BB49301F248495D409A7210E735BE81CF20
              Function 04CE5010 Relevance: .1, Instructions: 58COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2197933166.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4ce0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7fefb0744e381bf486f8fed50d127ddd904604f20520cafa44bf21c5bdb48ae2
              • Instruction ID: 10ef23b1fb8731ffb5579f3e22531fe34b0a7705048dc5dc91db9050af9b5747
              • Opcode Fuzzy Hash: 7fefb0744e381bf486f8fed50d127ddd904604f20520cafa44bf21c5bdb48ae2
              • Instruction Fuzzy Hash: BC114C31B002498BCB14EFBA98105FFB6B6AF89311B10446AC604EB244EF369E01CB91
              Function 0122D4BF Relevance: .1, Instructions: 56COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2186179147.000000000122D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0122D000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_122d000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: fed46cca7f742b7caa711e8ed735342f41d2c2d3303e466d284e334843d61363
              • Instruction ID: c5b352093cc2b694c49d1083d24cb4655b0f2662d7b4fae2c854c07ade747183
              • Opcode Fuzzy Hash: fed46cca7f742b7caa711e8ed735342f41d2c2d3303e466d284e334843d61363
              • Instruction Fuzzy Hash: 5D112676404284DFCB12CF54D5C0B1ABF71FB84318F24C6A9D9090B257C33AD46ACBA1
              Function 04CEA868 Relevance: .1, Instructions: 55COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2197933166.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4ce0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 38bee9dddf69b425d30de9901b0d979ab35e6beeda40cf00d6aa908f1de7d8ce
              • Instruction ID: 84183ec6ae8073cdcafb53089b7bdecf53c776d0f4aa305d6e7b53aa4f20b2c9
              • Opcode Fuzzy Hash: 38bee9dddf69b425d30de9901b0d979ab35e6beeda40cf00d6aa908f1de7d8ce
              • Instruction Fuzzy Hash: 071173B4E08208EFD764DFAAC4406BDBBF6FF48300F159595C41897311E771AA42DB80
              Function 04CE3C67 Relevance: .1, Instructions: 53COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2197933166.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4ce0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2adf4bdea7ac844842ba182a305a23ac95ffcf26a507420f3305a008f6364a2c
              • Instruction ID: a981f508b4918512bc02a5d1eafee315ae48e5c77dcdc434c40cfb5787602bd8
              • Opcode Fuzzy Hash: 2adf4bdea7ac844842ba182a305a23ac95ffcf26a507420f3305a008f6364a2c
              • Instruction Fuzzy Hash: B9016975E5A159CFCF00CF96D0406FDF7B2EB89311F54A596DC06A3225E734BA858B80
              Function 0123D1CF Relevance: .1, Instructions: 53COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2186226420.000000000123D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0123D000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_123d000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 703b7abd3718bd21aa6f36dac6c8dc0e73c65716f16ca45b46755fc1987422b6
              • Instruction ID: ef0b0710c4b9d1f458077b4a0978c0046f43850010b3139428eb6636429af867
              • Opcode Fuzzy Hash: 703b7abd3718bd21aa6f36dac6c8dc0e73c65716f16ca45b46755fc1987422b6
              • Instruction Fuzzy Hash: 7E11BBB5504284DFDB02CF54C5C0B15BBA1FB84224F24C6A9D9494B2A7C33AD40ACB61
              Function 04CEAFA3 Relevance: .1, Instructions: 52COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2197933166.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4ce0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: bcac17fc13cf29a9defeede8a5b1e81f8c3fde3aa4c7f125072a80bc4f3be5ce
              • Instruction ID: 61025175c97111d4e13a92aac186a9889633ef43416e674698d828d8769433f1
              • Opcode Fuzzy Hash: bcac17fc13cf29a9defeede8a5b1e81f8c3fde3aa4c7f125072a80bc4f3be5ce
              • Instruction Fuzzy Hash: 9511F034A08208CFCB14CB96C5808FCB7B6BB4D311F285295D80AA7211EB31BE81CF20
              Function 04CE28D8 Relevance: .1, Instructions: 51COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2197933166.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4ce0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 42c26074c6e68ed9a9cd91d1e1ed6c055d01f23a302d1f3e91126de8f80e520f
              • Instruction ID: baed40ff2e02fa43343cd33fb056c30dc7d293a667de0ad23f7a90f3a8f7dae5
              • Opcode Fuzzy Hash: 42c26074c6e68ed9a9cd91d1e1ed6c055d01f23a302d1f3e91126de8f80e520f
              • Instruction Fuzzy Hash: 2401D4753042528FD7119B39F804BA93FDBDBC5621F045065E20ADBA52DF78BC0B8791
              Function 04CEA878 Relevance: .0, Instructions: 50COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2197933166.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4ce0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 27fccd60fd12b40620da85811d8151771aaf88def2ab747d1e35ef8862f90fab
              • Instruction ID: 250b832586627fb52ffd3c1d3aa241877c5a736a1b91e1a7bbcfdc732c3d12b6
              • Opcode Fuzzy Hash: 27fccd60fd12b40620da85811d8151771aaf88def2ab747d1e35ef8862f90fab
              • Instruction Fuzzy Hash: A4110974E09208EFDB64DF9AC5409BDBBFAFF48300F159695C418A7315E771AA42DB80
              Function 04CEB748 Relevance: .0, Instructions: 48COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2197933166.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4ce0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 68db4c1c61251707a26953bd2f4adbca96c83d75a6713f9339df0012504495bf
              • Instruction ID: 8a07a8f70e4967d579984fe5a5e16df99c9f3fbbc50eaa277d2fe23057e060c6
              • Opcode Fuzzy Hash: 68db4c1c61251707a26953bd2f4adbca96c83d75a6713f9339df0012504495bf
              • Instruction Fuzzy Hash: 6F11E870A092189BC708DF6BD8459FDBBFABB8D311F149025D549A7215E730A941DB50
              Function 04CE7648 Relevance: .0, Instructions: 47COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2197933166.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4ce0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f898081895a7040f3c4a090a49cc61c047abd07087c0e2fd117ac98f7809eb61
              • Instruction ID: d5450ae565ea057294904fd3d12060bc2a0bf0621f39b81efdbc129796c650b9
              • Opcode Fuzzy Hash: f898081895a7040f3c4a090a49cc61c047abd07087c0e2fd117ac98f7809eb61
              • Instruction Fuzzy Hash: DA015E70749244CFE3099B2EC815F253BB6AF86704F5980D6E106CF6B6DB66EC05CB01
              Function 04CE6EAF Relevance: .0, Instructions: 47COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2197933166.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4ce0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 942d5eb922cc911369d9f8b4f1f61cc873daa24c156760e87d68d3e3d6d421de
              • Instruction ID: 323066136a20a702b624a7043652318b0e62ab18f36883b4cfbf29b12907a3ed
              • Opcode Fuzzy Hash: 942d5eb922cc911369d9f8b4f1f61cc873daa24c156760e87d68d3e3d6d421de
              • Instruction Fuzzy Hash: 1BF02861304354379711696B9890A7F7F9F8FD546CF94042AF905C7242CF50E94582F2
              Function 04CE1FD9 Relevance: .0, Instructions: 47COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2197933166.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4ce0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c7bbe20851e2d4b7c5ae4ede8e5bacf38f1a1bfb00c3eb7e6561af991373541f
              • Instruction ID: c20bd9751d6cefde6d49e58a5617520381d5ce937590911d82cba39fd931ac4b
              • Opcode Fuzzy Hash: c7bbe20851e2d4b7c5ae4ede8e5bacf38f1a1bfb00c3eb7e6561af991373541f
              • Instruction Fuzzy Hash: 1801A7B2B083508FE7159B75C841A657BE69F82320F1940E9D48ACB7D5DB2AFC02DB91
              Function 04CEBB18 Relevance: .0, Instructions: 46COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2197933166.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4ce0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0ea62e22e09fd4f15bcd372c511189c931a09912c23c76ae4ef02d99344fe947
              • Instruction ID: 74d3d669f14e67d6ba371cd913a5b70d73add3f62df426ab7c8f2d40dbbb4314
              • Opcode Fuzzy Hash: 0ea62e22e09fd4f15bcd372c511189c931a09912c23c76ae4ef02d99344fe947
              • Instruction Fuzzy Hash: 50018470A0D245DBC704DF67D941ABDFBAAAB49300F0591A9D0095B166FB30BF45A741
              Function 04CEBB90 Relevance: .0, Instructions: 45COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2197933166.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4ce0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9335e251699927f4c589a6b1d0620c145a0341dddf59df80f3079539cc7d46ad
              • Instruction ID: 95d01383333566de9cc4bf695eba0844d6a070e5071466afadfeddba247f008d
              • Opcode Fuzzy Hash: 9335e251699927f4c589a6b1d0620c145a0341dddf59df80f3079539cc7d46ad
              • Instruction Fuzzy Hash: DE015234A08248EFC705DBA5D544A7DBBF5EF49300F158095D4089B366EB30EE40DB40
              Function 04CE7631 Relevance: .0, Instructions: 44COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2197933166.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4ce0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d8ac854267f987db2aad7ca4c015b06bd00a064f3b6c23971b515b8028daba06
              • Instruction ID: 645d6ac787476422bab2d2a1a23a6d07a127c57e9bc4fc473de0fd207bb85492
              • Opcode Fuzzy Hash: d8ac854267f987db2aad7ca4c015b06bd00a064f3b6c23971b515b8028daba06
              • Instruction Fuzzy Hash: 1E013134795600DFE318DB1EC945F6577A7AF85714F5980A9E1068F7B2CB72E840CB41
              Function 04CED15F Relevance: .0, Instructions: 42COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2197933166.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4ce0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 490cb097c3c23f7384b1dc80d56f252e4d6f0bbb63991e6c2746ad361e4a3bd1
              • Instruction ID: 5c4a8ff2c9a0534cd8cc818b57617ff8429da06723a259cae43e448d518a8d33
              • Opcode Fuzzy Hash: 490cb097c3c23f7384b1dc80d56f252e4d6f0bbb63991e6c2746ad361e4a3bd1
              • Instruction Fuzzy Hash: 8901A235D0830ACBEB14DBA7D8457E8BBFAEB9C300F0495259116AA284EF747D478B11
              Function 04CE28E8 Relevance: .0, Instructions: 41COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2197933166.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4ce0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: dba93b1811eff13ba95179ee98752f415274e1202558cde7f678c563e354c2d1
              • Instruction ID: 9a6b99849afab74449c7ea5d4152b95d4b8d6c90be3dfa23f64426f5fea45b27
              • Opcode Fuzzy Hash: dba93b1811eff13ba95179ee98752f415274e1202558cde7f678c563e354c2d1
              • Instruction Fuzzy Hash: 15018C743002058BD7549B2AF548BAA3BDBEBC9261F046465E20ADBB54DF78BC478750
              Function 04CE4B40 Relevance: .0, Instructions: 40COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2197933166.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4ce0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d0db44d23d6cc1319c9bb6a3ab070c9f0186b992f8665882bdf377bd26c7e91c
              • Instruction ID: f9f478d1a6ab1172f0011ab19e03b62a442e93cbc9e813f2b797f6cf734cce4f
              • Opcode Fuzzy Hash: d0db44d23d6cc1319c9bb6a3ab070c9f0186b992f8665882bdf377bd26c7e91c
              • Instruction Fuzzy Hash: 5FF024717086929FC715663EA814A6A3BEA9FC623071940B7E405C7B9AEF34DC03A395
              Function 04CEBBA0 Relevance: .0, Instructions: 39COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2197933166.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4ce0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e11ff3a8959a811ce08874044d4a04cd5c51822e59cac773a76e7be685f2b75b
              • Instruction ID: c06cdb150bb198fbab5053ceec52c8e6c5b0a0d4e328c8d91eec46443ae00067
              • Opcode Fuzzy Hash: e11ff3a8959a811ce08874044d4a04cd5c51822e59cac773a76e7be685f2b75b
              • Instruction Fuzzy Hash: 5001E834A08108EFC704DFAAD584A7DBBF6EF49300F298094D50897255E730FE40EB40
              Function 04CEBB28 Relevance: .0, Instructions: 39COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2197933166.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4ce0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 43279574144b1efcee5f64d0f82295564978811008f0bcc13fc79f42b6e5281f
              • Instruction ID: 3041c37f488a2476f691a143b4ba9cec3979c88105ce3d281d5abd69ac2b23b5
              • Opcode Fuzzy Hash: 43279574144b1efcee5f64d0f82295564978811008f0bcc13fc79f42b6e5281f
              • Instruction Fuzzy Hash: D8F08C70A0D248DBC704DF97D5409BCFBBEAB4A300F18A2A484095B229FB30BF40EB40
              Function 04CE1F70 Relevance: .0, Instructions: 38COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2197933166.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4ce0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5f88d6606433f455f9e33bc13226c83e3607917946b4e2a7d3eef17c3a5a8454
              • Instruction ID: 0da0534ec5b7438e867620665c6fe5528517a9fc09abc4a0ae4a81c3917ee312
              • Opcode Fuzzy Hash: 5f88d6606433f455f9e33bc13226c83e3607917946b4e2a7d3eef17c3a5a8454
              • Instruction Fuzzy Hash: A6F0AF35704B208FD729CA2A8404A66B7E6AF45720B09806ED45AC7360CF31FD00CBD2
              Function 04CED5EF Relevance: .0, Instructions: 36COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2197933166.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4ce0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: cf7f274e436dd4cd9a2bc0c08b5bf98e72b59b9754275d805156d921a8f3a232
              • Instruction ID: 5ccb89807bd6bff9b930c3c87c9ecb683b858774fad4edfa3a6cfaa42e89e057
              • Opcode Fuzzy Hash: cf7f274e436dd4cd9a2bc0c08b5bf98e72b59b9754275d805156d921a8f3a232
              • Instruction Fuzzy Hash: 7E11DE38B10329CFDB649B10D9457AE7BFAEB89304F508195E50EAB394EB305E918F52
              Function 04CED170 Relevance: .0, Instructions: 36COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2197933166.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4ce0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ff3a782ea495000e96ddc0cc06c6bb48ba34bf4a4e580ec3b724597345c70a08
              • Instruction ID: 64227dcb67d5259e39373b4e6bf4ec61c53a90ec7f8d501997bf7e3627d1fdef
              • Opcode Fuzzy Hash: ff3a782ea495000e96ddc0cc06c6bb48ba34bf4a4e580ec3b724597345c70a08
              • Instruction Fuzzy Hash: F1F08134A08306CBDB14DBA7D8417A8BBFEEB8C300F00952591165A284EF747D468B11
              Function 04CE4B50 Relevance: .0, Instructions: 34COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2197933166.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4ce0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: fc7de74628aba4e8229c60b6149ae20dd2dad466c105f8bc7087cb9c02650e76
              • Instruction ID: ae7b1ba958fca5fda7f1efb269b55e4cef5cf3077497ddee35643b8de272a0d3
              • Opcode Fuzzy Hash: fc7de74628aba4e8229c60b6149ae20dd2dad466c105f8bc7087cb9c02650e76
              • Instruction Fuzzy Hash: 7CF05C70B006249FC7187B7EA814A2A33EB9FC8224325447BE50ACB718DE30DC03B794
              Function 04CE6A31 Relevance: .0, Instructions: 33COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2197933166.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4ce0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: de8d2ff9ee448587f6d054c1d9e7c12f0fa9871f08279948a2c7ac784d70dc1f
              • Instruction ID: 29d095a60f96a321884f1e679f176a8ec94e8810f77cc5dad99e7367feea2a6c
              • Opcode Fuzzy Hash: de8d2ff9ee448587f6d054c1d9e7c12f0fa9871f08279948a2c7ac784d70dc1f
              • Instruction Fuzzy Hash: 0DF08272604108BFDF08DF99D841AEA7FFBDF45268F0480BAE408D7221D771A9519794
              Function 04CE1F80 Relevance: .0, Instructions: 31COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2197933166.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4ce0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 82c7bf352d94a5537bda32e016372b6b5d4eb1e6a98f26650e5d039e14ef04a5
              • Instruction ID: c955a62643083bcbdf3ab02dc9cef2b9027eeed5e9eaef3ac7f226ab7762f06f
              • Opcode Fuzzy Hash: 82c7bf352d94a5537bda32e016372b6b5d4eb1e6a98f26650e5d039e14ef04a5
              • Instruction Fuzzy Hash: ADF01230300B108FD729DB2AC448A66F7E6AF45720B19856DD55AC7360DF72F944CBC6
              Function 04CEE600 Relevance: .0, Instructions: 29COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2197933166.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4ce0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f1cd47c0772a16111fad7f9e9d02e1b15bd67de6abfd1e428b864805dfad7340
              • Instruction ID: a99e8b3cbdc69a6bbd9069323efd57fa875c336b721e96471b396d94ddee5cf1
              • Opcode Fuzzy Hash: f1cd47c0772a16111fad7f9e9d02e1b15bd67de6abfd1e428b864805dfad7340
              • Instruction Fuzzy Hash: F2F05EB590424CFBCB00EFA9D84979DBBF5EB48301F10C1AAE91492750DA349A51DF41
              Function 04CE2888 Relevance: .0, Instructions: 28COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2197933166.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4ce0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3375aea9a484688220ba0af750b35e017eddd4918de71e1bd490e16349af0dbf
              • Instruction ID: 620062bcbfdf94e3b7ba3e0cc9c60e33b6259f3e44b2ee1a225f659eafb6705a
              • Opcode Fuzzy Hash: 3375aea9a484688220ba0af750b35e017eddd4918de71e1bd490e16349af0dbf
              • Instruction Fuzzy Hash: C2F0E5753086648FC355E77CA804E657FE6AB8A220B1080A6E505CB756EE389C03C7E2
              Function 04CEB2BB Relevance: .0, Instructions: 27COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2197933166.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4ce0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5ee9c62043b68eb4f612fac4152548c7d91cf78ac5a3d4fe756afdd60b70f320
              • Instruction ID: fdd465a961a514472b8b4b568abdb5e51cbfd80075e627f1e99dd9cd38da1bd5
              • Opcode Fuzzy Hash: 5ee9c62043b68eb4f612fac4152548c7d91cf78ac5a3d4fe756afdd60b70f320
              • Instruction Fuzzy Hash: B9F03430609288CFC711DB92D0818BCB7BBBF0A300F144981D40AAB212EB31BC80CF20
              Function 04CED21D Relevance: .0, Instructions: 26COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2197933166.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4ce0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b0023fdcc26335578be51af235a599df725605c080ff92770a977d21a3427dde
              • Instruction ID: 105c83f9b83afae70b511f6af0881cf98901501f967f6a1b69aa3c2f43717d1f
              • Opcode Fuzzy Hash: b0023fdcc26335578be51af235a599df725605c080ff92770a977d21a3427dde
              • Instruction Fuzzy Hash: B7F0BD34A05249CBDB14DFD5E9456AC7BF5FB48300F505629E4169F399EB746C028F80
              Function 04CED35B Relevance: .0, Instructions: 26COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2197933166.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4ce0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: fb8fad63f941b644988d39728326f64263742a998aa2c4c1f77a74448ca5a0e4
              • Instruction ID: 06501da9a7438c24eb3e71e49cd390c2a87c1477bc7e19bc57f20bf13dc8f02a
              • Opcode Fuzzy Hash: fb8fad63f941b644988d39728326f64263742a998aa2c4c1f77a74448ca5a0e4
              • Instruction Fuzzy Hash: A3F01C34A44307CFCB148BAAD9911E87FFEEB9C221B14A71494269B2C5EA386C579B00
              Function 04CEADAC Relevance: .0, Instructions: 25COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2197933166.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4ce0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: de34d6cbbb89a131a2484c95b78f511c39b0f57a703ec7ad9cb40288cc42618b
              • Instruction ID: 701516ce0573ef07f5212f04125d6e83c2c99d539ccc81b694fddb02536da29c
              • Opcode Fuzzy Hash: de34d6cbbb89a131a2484c95b78f511c39b0f57a703ec7ad9cb40288cc42618b
              • Instruction Fuzzy Hash: BCF01570609284CFC721DB92D1818BCBB77BB4E301F545185D40A6B222EB31FD41CF20
              Function 04CEBAD1 Relevance: .0, Instructions: 24COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2197933166.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4ce0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6148dc2cfc59f78c889f405eefa5ddbbacec6163770e797b0198a3240c6474e3
              • Instruction ID: 30b46801b4e2a4a917fb68c4fcbd9c926fdf39da730129b2df9c7d7e6def4f9a
              • Opcode Fuzzy Hash: 6148dc2cfc59f78c889f405eefa5ddbbacec6163770e797b0198a3240c6474e3
              • Instruction Fuzzy Hash: 26E092B28082099FC714DEA5E8456EEBBB5A705302F1080B9D80097680D735AA82D7A1
              Function 04CE94A2 Relevance: .0, Instructions: 23COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2197933166.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4ce0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 478e6b2f9e863e28230d1ccb810d1c46ba8e578b2391c2b0da3dae04358ce1bf
              • Instruction ID: 54593dd486c8d2489ef4c412c262a03e7f6587fd8c52f1eae76cc6e3c41db0dc
              • Opcode Fuzzy Hash: 478e6b2f9e863e28230d1ccb810d1c46ba8e578b2391c2b0da3dae04358ce1bf
              • Instruction Fuzzy Hash: 2CE0C2F204D360CBE7253B96BC0A3713BEAA701317F2A4561E518134A157B5B8C1C6A1
              Function 04CEE610 Relevance: .0, Instructions: 23COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2197933166.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4ce0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 44ba86e28ec4c8c3123cd5c57432ffbab5460dbe6bb5b2e152a6581cb86723cb
              • Instruction ID: 1c6737c459034a43470383aea0e0f062443f70769d27acc7225e2702a7a8c6e5
              • Opcode Fuzzy Hash: 44ba86e28ec4c8c3123cd5c57432ffbab5460dbe6bb5b2e152a6581cb86723cb
              • Instruction Fuzzy Hash: D5F015B4E0420CEBCB14EFA9D40569DBBF9EB88300F1080AAE91496340EA346A51DF81
              Function 04CE9EA0 Relevance: .0, Instructions: 23COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2197933166.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4ce0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a08f5452e8338ab016707651687dd49c9f76445b9ef69e72ebaa2e54f9cf5c5e
              • Instruction ID: 71ded8d153618b3f39f84a601839d3d528dc50ded4672441b223e8ef415ef6b5
              • Opcode Fuzzy Hash: a08f5452e8338ab016707651687dd49c9f76445b9ef69e72ebaa2e54f9cf5c5e
              • Instruction Fuzzy Hash: BCE09AB580A388EFC751EFB8A80629DBFF4AB05200F2100A6C884D3361E6305B84DB92
              Function 04CEAEBF Relevance: .0, Instructions: 22COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2197933166.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4ce0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a95a6f9beb61e60ae0c4792177b230b097a8ec0dd2bb9299f81dcc78ebb0e1e4
              • Instruction ID: 6927a2ea2dc2b95522f0863c5c3049c7095df82e20b3ab6452b09a22a1b1e65f
              • Opcode Fuzzy Hash: a95a6f9beb61e60ae0c4792177b230b097a8ec0dd2bb9299f81dcc78ebb0e1e4
              • Instruction Fuzzy Hash: 00F0C270609298CFC724DB92D1858BCB7B7BB4E301F545585D40A6B225EB31FD81DF24
              Function 04CEAF86 Relevance: .0, Instructions: 22COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2197933166.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4ce0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3b1b4f315a9c24dfed3a48cf7bb3e6b0e39416e1314132066d3e6809a3d7e4db
              • Instruction ID: 6927a2ea2dc2b95522f0863c5c3049c7095df82e20b3ab6452b09a22a1b1e65f
              • Opcode Fuzzy Hash: 3b1b4f315a9c24dfed3a48cf7bb3e6b0e39416e1314132066d3e6809a3d7e4db
              • Instruction Fuzzy Hash: 00F0C270609298CFC724DB92D1858BCB7B7BB4E301F545585D40A6B225EB31FD81DF24
              Function 04CED4E0 Relevance: .0, Instructions: 21COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2197933166.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4ce0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f630df8b74a9a3d7a336ac55f5380949ab34532d5675140c27299114a74a865f
              • Instruction ID: 173d7f74993169ee05a5d76670a3b238cde048e63fd19e26c2c120987aa40f16
              • Opcode Fuzzy Hash: f630df8b74a9a3d7a336ac55f5380949ab34532d5675140c27299114a74a865f
              • Instruction Fuzzy Hash: 9EE06D30A44306CFCB10DBA6D8861ACBFFDEB5C210B10A518D01A9F282EB38AC438F41
              Function 04CE2898 Relevance: .0, Instructions: 21COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2197933166.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4ce0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 706e180866bddcca2402fe95821c0b386dca80c37cbc751e0be78b8fdbf6b960
              • Instruction ID: 3efc84a43d7d4aee8453bf01b1331a313be9f19d6854dba51c1ed8c6f0cef590
              • Opcode Fuzzy Hash: 706e180866bddcca2402fe95821c0b386dca80c37cbc751e0be78b8fdbf6b960
              • Instruction Fuzzy Hash: EBE086753005248FC340E76CE404D1677EABB8D6203108055E909C7314DE38AC03CB94
              Function 04CEBED0 Relevance: .0, Instructions: 20COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2197933166.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4ce0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: fed5043aab4016148b826b80d78b67234c0d0416a57a18634f2f883cdef97325
              • Instruction ID: 7190a549d41092e41c216a420979791c388dc588acfaedaeab29e5a3a255ef9b
              • Opcode Fuzzy Hash: fed5043aab4016148b826b80d78b67234c0d0416a57a18634f2f883cdef97325
              • Instruction Fuzzy Hash: 91E02BB2408309DBC338EF71E4027AB73B9EB02311F1100BDD00847A80DB76AEC1DA91
              Function 04CE19A0 Relevance: .0, Instructions: 19COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2197933166.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4ce0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: fb8da0a1426fa6eb07406e39e3d16fd03fef4f47c4d978c44545cbecc9701669
              • Instruction ID: 148c825b493076108268d92a2cce4f88d6e7f6586e1478fe464feff3b6e22c20
              • Opcode Fuzzy Hash: fb8da0a1426fa6eb07406e39e3d16fd03fef4f47c4d978c44545cbecc9701669
              • Instruction Fuzzy Hash: 32D05E3B015131DAD209FF2CD8A09EA7FD1EF81328F08584BD2864E121DE71E55CEA8E
              Function 04CEBAE0 Relevance: .0, Instructions: 18COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2197933166.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4ce0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 89cbd61a18b45cf0d2ab609bce30433ba259dbca8f88087f272503605a2eaa10
              • Instruction ID: 9c7145fe7daff5884c526fb7b143280259e3cfc6e3658a8d85b8fc9b2a3ca033
              • Opcode Fuzzy Hash: 89cbd61a18b45cf0d2ab609bce30433ba259dbca8f88087f272503605a2eaa10
              • Instruction Fuzzy Hash: AEE08CB1808208EFC714EFA5E405AAEBBB4AB06302F2041A9D80452240D774AF81EBA0
              Function 04CEF298 Relevance: .0, Instructions: 17COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2197933166.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4ce0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0740121693bf4a62cd5f37deb0b289ee5df7f521784706ade8f0f31972fe721a
              • Instruction ID: dc561ba5bf1b498dff2d0ade890c003fc9c95c8a65150349742845239a9d46f3
              • Opcode Fuzzy Hash: 0740121693bf4a62cd5f37deb0b289ee5df7f521784706ade8f0f31972fe721a
              • Instruction Fuzzy Hash: CFE08CB490420CEBCB14FFA8E40526DBBF9EB44301F1001A9D90457780DA302E41DB81
              Function 04CE9EB0 Relevance: .0, Instructions: 17COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2197933166.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4ce0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 29eff418ad1bc3408ce3a22e7bd62728e7bc4bdf3513bbc0bcd6239b620a7592
              • Instruction ID: 98ee170b602ada4e4ffe5cdafa7a12c6b948feac9d51ca6a59362e390810ee87
              • Opcode Fuzzy Hash: 29eff418ad1bc3408ce3a22e7bd62728e7bc4bdf3513bbc0bcd6239b620a7592
              • Instruction Fuzzy Hash: E4E012B4D05248EFCB54EFB8E44A75DBBF4EB04201F2041A9C90493340E7705B80DB41
              Function 04CEBEE0 Relevance: .0, Instructions: 14COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2197933166.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4ce0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5866c25e6093469fb3f97c5df126da9b3175112da646652b5956040eb8abc7c0
              • Instruction ID: 07365d21ee681768a9c94690fe5d346c90368fb1b948080a40db587eeb027621
              • Opcode Fuzzy Hash: 5866c25e6093469fb3f97c5df126da9b3175112da646652b5956040eb8abc7c0
              • Instruction Fuzzy Hash: 94D0A970409308DBC728EFA2E406B29B3B9FB02202F2001ACC50803640EBB6AE80DB90
              Function 04CE9A4C Relevance: .0, Instructions: 14COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2197933166.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4ce0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 67a8444533839ecd8b68262572663cbdd9643e5ab690456c6f650d1cc51c1a1a
              • Instruction ID: ac38e2895640d08431667dd31fe41f2a378e85b27577806a2f2fa7d5725893f7
              • Opcode Fuzzy Hash: 67a8444533839ecd8b68262572663cbdd9643e5ab690456c6f650d1cc51c1a1a
              • Instruction Fuzzy Hash: 40D05E71A0920CCFDB20DB15F8406ECB779FB84210F009599C00CA2104DB302E858F11
              Function 04CED48D Relevance: .0, Instructions: 13COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2197933166.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4ce0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 48856f045382cffa97c34db5e1edbc5f9860a66aa2d0e327cde9c0d5faf21210
              • Instruction ID: 743568bef3192b0497b0e1406cc6cafa9d0d94d17876f645665a0bfe07cf434e
              • Opcode Fuzzy Hash: 48856f045382cffa97c34db5e1edbc5f9860a66aa2d0e327cde9c0d5faf21210
              • Instruction Fuzzy Hash: 1CE01274809381DFD710EF91D05966DBBF4FB15210B0991AAC41587261E778A842CB40
              Function 04CE4FD8 Relevance: .0, Instructions: 11COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2197933166.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4ce0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d47e0312a74fe52c5a5428161c50a92ced4b4becc3998bdac99c8de28a17d6a6
              • Instruction ID: 74760cc8cd2432c29073ca91b61f0f4324fb233005fe6f347f2dbf94862d7f31
              • Opcode Fuzzy Hash: d47e0312a74fe52c5a5428161c50a92ced4b4becc3998bdac99c8de28a17d6a6
              • Instruction Fuzzy Hash: 2FD0123A50C1919ED303D7648C04C597FB2BB9560034D80FEA1848F0B3D629C45D97D2
              Function 04CE94B0 Relevance: .0, Instructions: 10COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2197933166.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4ce0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 43ce6131e8c8cf443bd68a52f9e8cc4d8ced7be5edf5846930c29c26b3cb707b
              • Instruction ID: 7481c4be1fba88db2cc7287b012f18c23688dd971759a590eaa7dc1a77c25620
              • Opcode Fuzzy Hash: 43ce6131e8c8cf443bd68a52f9e8cc4d8ced7be5edf5846930c29c26b3cb707b
              • Instruction Fuzzy Hash: B4C08CB2009B048BD3243B91B80E32437E8A700302F200010A61C024A05BB4B481C691
              Function 04CE31E0 Relevance: .0, Instructions: 10COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2197933166.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4ce0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 028b52a8ba0ed6d149132752da8972a187a509fc89b1c445cb0fdaa87eb81081
              • Instruction ID: 6f123cc4a78039d3f7a34b3e45f3c40d7101cf9ac5226b9f45b4084c326cbb85
              • Opcode Fuzzy Hash: 028b52a8ba0ed6d149132752da8972a187a509fc89b1c445cb0fdaa87eb81081
              • Instruction Fuzzy Hash: 62C08C4010D7C38DD3029638E080710BF906B0352AF5903C1C0D0818CBC314089AC303
              Function 04CE6A08 Relevance: .0, Instructions: 9COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2197933166.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4ce0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c52cf136d3e54cf2f888b9427503ca16bdd8e092a1c98be51a34ade7aa3ddacc
              • Instruction ID: a27b9081129787830a1cea36b24e804724a4f63dd500f1838ec836c47c928baf
              • Opcode Fuzzy Hash: c52cf136d3e54cf2f888b9427503ca16bdd8e092a1c98be51a34ade7aa3ddacc
              • Instruction Fuzzy Hash: 5BC02BBF40C2413DF311D5B9CC01BAB790367E1300F04C427E140070D2C6605061E1B3
              Function 04CE3B78 Relevance: .0, Instructions: 9COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2197933166.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4ce0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e2c293241288eab1e13df7fde0370e45a040f518696632e50bb7446a6cafc5a0
              • Instruction ID: ac493b6b00429823278d25d772c81c2d6625321940b6ed4a3b4ea4bc8c5c2baa
              • Opcode Fuzzy Hash: e2c293241288eab1e13df7fde0370e45a040f518696632e50bb7446a6cafc5a0
              • Instruction Fuzzy Hash: 95D0CA30E08208CFCB00CF86D0486BDB7B2FB48300F208008D81AA3260D338B946CF00
              Function 04CE532C Relevance: .0, Instructions: 8COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2197933166.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4ce0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 205b37ae847da26f2d2de8fd6233b672bdec0ddfe0a8ef97c2f6b16e6aba083c
              • Instruction ID: 7ad364aae96eaf36a84d879bedd35ff78096f446a9c8686ded2b184cf87a9456
              • Opcode Fuzzy Hash: 205b37ae847da26f2d2de8fd6233b672bdec0ddfe0a8ef97c2f6b16e6aba083c
              • Instruction Fuzzy Hash: 74B012E6FB5300F5A0047EE6894083B6846EBB1718F80ED15330420044CBA07435F37B
              Function 04CE143C Relevance: .0, Instructions: 7COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2197933166.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4ce0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8dda625fd415dcc475fb974eb77821832300a7114fa96d7267117e670bd280cc
              • Instruction ID: 80c991b4dcd93c654e067e44458734ad8f300a81dd088fe77b3be1817ddc1e89
              • Opcode Fuzzy Hash: 8dda625fd415dcc475fb974eb77821832300a7114fa96d7267117e670bd280cc
              • Instruction Fuzzy Hash: A1C09B30D20135C6D544D775DD40C6C7B56FB80B00740693D4105560B1DA987D15A5D5

              Non-executed Functions

              Function 02AB20D1 Relevance: 2.7, Strings: 2, Instructions: 181COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2186492455.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2ab0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID: 9p+$9p+
              • API String ID: 0-3723980347
              • Opcode ID: 28cef3269a8e0006d9841277163d664cb32206a7fb444e2d6f3ec51e01975160
              • Instruction ID: 47e7cbbb8d8ea8b4001f3bf71281df081905bbe8ad37962c58a2cfc9529351e4
              • Opcode Fuzzy Hash: 28cef3269a8e0006d9841277163d664cb32206a7fb444e2d6f3ec51e01975160
              • Instruction Fuzzy Hash: E9712874E0520ADBCB05CF95E481AEEFBB5FF88310F14D52AE915AB215D7349A42CF90
              Function 04CE4BC0 Relevance: 1.6, Strings: 1, Instructions: 341COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2197933166.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4ce0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID: ~H@
              • API String ID: 0-3968150030
              • Opcode ID: 320a64f48ba7a9e162ec5f334b8ef3feb329cef545d30fe026ab86cdde24dac7
              • Instruction ID: 80d38f321b247698ead42383a03d9dd7639fbe7bedcb6abd39260a50dfcb4432
              • Opcode Fuzzy Hash: 320a64f48ba7a9e162ec5f334b8ef3feb329cef545d30fe026ab86cdde24dac7
              • Instruction Fuzzy Hash: 7EC1E330B146548BC71CCF2AC98257EFBE3EBC5300B58D96AE15A9B665C734FD428B44
              Function 04CE4BB0 Relevance: 1.5, Strings: 1, Instructions: 265COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2197933166.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4ce0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID: ~H@
              • API String ID: 0-3968150030
              • Opcode ID: 72bedcb59f9fed878b3b882953910f0a6c758fac696f3c6e0ae4e5cbc8896a80
              • Instruction ID: 8d752f809a73a94c61d730a7782911047188e4d513a677c911c420d956c1ee0a
              • Opcode Fuzzy Hash: 72bedcb59f9fed878b3b882953910f0a6c758fac696f3c6e0ae4e5cbc8896a80
              • Instruction Fuzzy Hash: 78A1CF30B046548BC718CF6AC98157EFBF3ABC5310B18896AE56A9B664C734FD41CB48
              Function 02AB4FE8 Relevance: 1.4, Strings: 1, Instructions: 166COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2186492455.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2ab0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID: Y`mD
              • API String ID: 0-2121581687
              • Opcode ID: a22330cd487db3e43d1919e65ceee3218d4d206dee99b5afb20bb8f1a9c7ad61
              • Instruction ID: c3ccf110b813d6c7a431dba1d5a2211522bf850df177385b2fad853afe429739
              • Opcode Fuzzy Hash: a22330cd487db3e43d1919e65ceee3218d4d206dee99b5afb20bb8f1a9c7ad61
              • Instruction Fuzzy Hash: FD7101B4E0120ADFCB05CF99D480AEEFBB5BF88350F54951AD415AB315CB34AA82CF95
              Function 02AB4FD9 Relevance: 1.4, Strings: 1, Instructions: 160COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2186492455.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2ab0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID: Y`mD
              • API String ID: 0-2121581687
              • Opcode ID: 6212baea06f4fdd0dafc0a01ac31d3ddc366af39b68e4530c799c61ef20458ed
              • Instruction ID: 3f70b89291010d94913ad72f840231f2f4f2ffe8cba60b7fddae82a262caa490
              • Opcode Fuzzy Hash: 6212baea06f4fdd0dafc0a01ac31d3ddc366af39b68e4530c799c61ef20458ed
              • Instruction Fuzzy Hash: B9611274E0024ACFCB05CF99D480AEEFBB5BF88310F54851AD415A7316DB70AA82CF90
              Function 02AB52F8 Relevance: 1.4, Strings: 1, Instructions: 159COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2186492455.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2ab0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID: %2e
              • API String ID: 0-3312534747
              • Opcode ID: ee889db48e9ce3be02d75be0248d1f2745b56ff8db00fff5504e85a321950350
              • Instruction ID: 2031b269a204c464900cb5eceff71c342290c709c8b823c5df668f554b667379
              • Opcode Fuzzy Hash: ee889db48e9ce3be02d75be0248d1f2745b56ff8db00fff5504e85a321950350
              • Instruction Fuzzy Hash: C16136B0D1420ADFCB05CFAAD5809EEBBB6BF88300F14D55AD424AB315D7749A82CF94
              Function 04CE0C6B Relevance: 1.4, Strings: 1, Instructions: 109COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2197933166.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4ce0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID: ax^
              • API String ID: 0-994873808
              • Opcode ID: 1483211491453ee8c58ce497b82d7e3a8499db31d38d575df6c5a6c4a37e1e03
              • Instruction ID: 834f126fdf105323510cee9c0114dd0bd91f29f5db3e6d836666ad0a57a44201
              • Opcode Fuzzy Hash: 1483211491453ee8c58ce497b82d7e3a8499db31d38d575df6c5a6c4a37e1e03
              • Instruction Fuzzy Hash: F341A531F156298FCB44CF9BC8855AEFBB6FB8D200B558526D406FB351D374E9028B92
              Function 04CE0C78 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2197933166.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4ce0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID: ax^
              • API String ID: 0-994873808
              • Opcode ID: 88b2785acfbd8b083902808058491b1a715a80119590771e7fa8961da31e068b
              • Instruction ID: 9f35bc34641d6fb38ed4e877fe42fba947239a25070a26c68012542f02dbdf0e
              • Opcode Fuzzy Hash: 88b2785acfbd8b083902808058491b1a715a80119590771e7fa8961da31e068b
              • Instruction Fuzzy Hash: 0641A031F1562A8F8B44CF9BC8854AEF7F6FB8C200B558526D506FB350D3B4E9028B92
              Function 04CE2D98 Relevance: .3, Instructions: 333COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2197933166.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4ce0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 84f15ebc618f128c465de11e8197cf7f13372b0418ff03352250ac630da6144f
              • Instruction ID: c25eec56c16f4c08e8efbfc9b0534e244ace0481f88e86373500176f4787cc59
              • Opcode Fuzzy Hash: 84f15ebc618f128c465de11e8197cf7f13372b0418ff03352250ac630da6144f
              • Instruction Fuzzy Hash: 58C1E031B042908BC715CF6AC8926BAFBE7EBC5300B18896ED446DB6A5D735FD42CB50
              Function 04CED958 Relevance: .3, Instructions: 318COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2197933166.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4ce0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c13a6903a3408508de67110da65cc4edc1978ece9e8650a8796c8a446bfa53f2
              • Instruction ID: 8913e2e47d7ccf2539a252660c8a705415bc6410b630c7db941563eb4bf202c2
              • Opcode Fuzzy Hash: c13a6903a3408508de67110da65cc4edc1978ece9e8650a8796c8a446bfa53f2
              • Instruction Fuzzy Hash: 4AE10874E002598FDB14DFA9D580AAEFBB2FF89304F248269D415AB355D770AD42CFA0
              Function 052B8B58 Relevance: .3, Instructions: 315COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2200355095.00000000052B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052B0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_52b0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1f3dafd509d892c6e743f20a45270500c9c0c927adac3045307a169af1a137bc
              • Instruction ID: 405bdad3196402772006d8399ac96b3b15c7f1839a6a240e8bccfc510b5beab1
              • Opcode Fuzzy Hash: 1f3dafd509d892c6e743f20a45270500c9c0c927adac3045307a169af1a137bc
              • Instruction Fuzzy Hash: FB1281F0D81B458AE710CF65FA4C3893BA1BB8D398BD04F09D2616B2E5DBB4156ACF44
              Function 04CEE1D8 Relevance: .3, Instructions: 312COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2197933166.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4ce0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6127016d1801a61871fa7de947499174a71aab5edd827765bd9d6bac6bf082d6
              • Instruction ID: d7e13253b305a9461a9b25aba8f4ed6c9d0e30e827df4c8554954826aa97359f
              • Opcode Fuzzy Hash: 6127016d1801a61871fa7de947499174a71aab5edd827765bd9d6bac6bf082d6
              • Instruction Fuzzy Hash: 16E1D874E002598FDB14DFA9D580AAEFBB2FF89304F248269D415AB355D730AD42CFA1
              Function 04CEDDA0 Relevance: .3, Instructions: 312COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2197933166.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4ce0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 40fe9ce354a5474f199e9d0aed5650edd040a5e02da41a0313e6a90cc3f4d388
              • Instruction ID: 93835a8f11f5e1037020f75f64f45a19d7401c05afa53fc13fead6b6991bea7c
              • Opcode Fuzzy Hash: 40fe9ce354a5474f199e9d0aed5650edd040a5e02da41a0313e6a90cc3f4d388
              • Instruction Fuzzy Hash: 9DE1E774E002598FDB14DFA9D580AAEFBB2FF89304F248269D415AB355D731AD42CFA0
              Function 04CEF880 Relevance: .3, Instructions: 312COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2197933166.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4ce0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 538f5bab6982a1e610cf427bff76af11e0ab2d71c75e190d55b8cc6d40e744cd
              • Instruction ID: c24dc43a9a2851bfab57c75618daaec3d317496c0fb34c17a0b7d534df557042
              • Opcode Fuzzy Hash: 538f5bab6982a1e610cf427bff76af11e0ab2d71c75e190d55b8cc6d40e744cd
              • Instruction Fuzzy Hash: 83E1E874E002599FDB14DFA9D590AAEFBB2FF89304F248269D414AB355D730AD42CFA0
              Function 04CE620A Relevance: .3, Instructions: 270COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2197933166.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4ce0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6a59acabc4837b4b0f0041470add56e8caf022b2068f62e1c6c6fc46b85b5c00
              • Instruction ID: 8c7e0722f2c1f67166eac89ff37d4f9b1973e71ff269729ff3c619cb69357ec9
              • Opcode Fuzzy Hash: 6a59acabc4837b4b0f0041470add56e8caf022b2068f62e1c6c6fc46b85b5c00
              • Instruction Fuzzy Hash: 71D1D431C2465ADADB10EB64D9906ADB7B1FFE5300F10CB9AD50937220EF746AC5CB91
              Function 04CE6218 Relevance: .3, Instructions: 264COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2197933166.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4ce0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 61c2ba1ecb25da8952bd31ab3cd451ee95637fda0224f765e2d832e8b9cbdd6e
              • Instruction ID: b3194ad556747ab7a392a21ad10337b312682556b252e7ac0ae631ad7069503f
              • Opcode Fuzzy Hash: 61c2ba1ecb25da8952bd31ab3cd451ee95637fda0224f765e2d832e8b9cbdd6e
              • Instruction Fuzzy Hash: FBD1C431C2065ADADB10EBA4D9906ADB7B1FFA5300F10DB9AD50937220EF746AC5CF91
              Function 052B6B4C Relevance: .3, Instructions: 264COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2200355095.00000000052B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052B0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_52b0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d8203b20f28ec2c0ee1e9f2b73686b066b4ff69d66256a4f48bceb750e444b14
              • Instruction ID: d4be687203b970c79d1a04e7caba4c7533d28778e8e217a5023f800ad5bec16c
              • Opcode Fuzzy Hash: d8203b20f28ec2c0ee1e9f2b73686b066b4ff69d66256a4f48bceb750e444b14
              • Instruction Fuzzy Hash: 5CA17032F206068FDF09DFA4C8445DEB7B6FF84340B15856AE80ABB251DBB1E955CB90
              Function 04CE2D88 Relevance: .3, Instructions: 262COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2197933166.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4ce0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b42a862ded0289ce4d299b2e81f5d06b0d5a3d75cf09af0706d0a3153473c1b1
              • Instruction ID: f1ba6deba3a1dc3c1edbddc2d2f00719b0ffb27a7dadb3ee35c635d4aea84389
              • Opcode Fuzzy Hash: b42a862ded0289ce4d299b2e81f5d06b0d5a3d75cf09af0706d0a3153473c1b1
              • Instruction Fuzzy Hash: 37A1BD30B042548BCB14CF6AC891ABEFBE7EBC5300B18896EE4569B6A5D735FD41CB50
              Function 052B8B4A Relevance: .2, Instructions: 221COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2200355095.00000000052B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052B0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_52b0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e17b44d2c95cbb5cbf210e38f580fba7126d764aacd29089d7006e58323f4232
              • Instruction ID: bce3181055b1acc6a231cebeb6f0bfd5af567902c81301c2d4816062249fe600
              • Opcode Fuzzy Hash: e17b44d2c95cbb5cbf210e38f580fba7126d764aacd29089d7006e58323f4232
              • Instruction Fuzzy Hash: 28C1F7B0D81B458BD710DF25FA483897BB1BB8D398FA14F09D2616B2D0DBB4156ACF44
              Function 04CE0040 Relevance: .2, Instructions: 186COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2197933166.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4ce0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ee90f53d4bc0bd0f1744e9c4f03dfc839ec1d4da3bd3e4356fd888d3a3a2030a
              • Instruction ID: a65759ead44e6e106366b1d5c05cdedd4f64dee8b8301a9bfcb3f48a491a4515
              • Opcode Fuzzy Hash: ee90f53d4bc0bd0f1744e9c4f03dfc839ec1d4da3bd3e4356fd888d3a3a2030a
              • Instruction Fuzzy Hash: 496144367142218FC750CF2BC885667BBF2EF85350B09C86AD41ADF252E3B4E946CB91
              Function 02AB4470 Relevance: .2, Instructions: 166COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2186492455.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2ab0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: fc7dbf150734efa50e98eec726be3a0e6ea9cf3af2693c699829cbfa64a0fd28
              • Instruction ID: 5921182050df69cc45b1bd68f34e9185a169d4854c23942f5b0cad126dda6f27
              • Opcode Fuzzy Hash: fc7dbf150734efa50e98eec726be3a0e6ea9cf3af2693c699829cbfa64a0fd28
              • Instruction Fuzzy Hash: D371AE74A10219CFCB44CFA9C59499EFBF6FF88310F24855AE419AB322D734AA52CF50
              Function 02AB4460 Relevance: .2, Instructions: 165COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2186492455.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2ab0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 49075533ae40fdc79c849f7e9bc16d1789e97636b1b7733726a3d1cfa33dd647
              • Instruction ID: 0a2980f7aff8c511eb96b5ab2fb9ff2bd6cfea04a566d97f91b4b0e05e8ec9e9
              • Opcode Fuzzy Hash: 49075533ae40fdc79c849f7e9bc16d1789e97636b1b7733726a3d1cfa33dd647
              • Instruction Fuzzy Hash: 7871CD74A102198FCB45CFA9C59499EBBF2FF88310F14856AE419AB322D734AE52CF50
              Function 02AB58D8 Relevance: .2, Instructions: 153COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2186492455.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2ab0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7703d2d82e4a2c7a26da8ef442ce957a501159c475ab64f16f98b383c97c8030
              • Instruction ID: 87210b8d1c91ad436e6cb225a333c6787f43b33e1f371e1decede3b6d154932c
              • Opcode Fuzzy Hash: 7703d2d82e4a2c7a26da8ef442ce957a501159c475ab64f16f98b383c97c8030
              • Instruction Fuzzy Hash: 70511474E1420A8FCB05CFA9D9809EEFBF2FF89310F64942AD415BB225D7349A02CB55
              Function 02AB58E8 Relevance: .1, Instructions: 149COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2186492455.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2ab0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8d2c57b8d0913cabfa9461c94c6b0f0d3ebe677a69abdc18fd4064fc51763413
              • Instruction ID: d97cfc05b3351d85621ddaba0a4eed92ae66b131dada97ff03dcb87334bd5fc9
              • Opcode Fuzzy Hash: 8d2c57b8d0913cabfa9461c94c6b0f0d3ebe677a69abdc18fd4064fc51763413
              • Instruction Fuzzy Hash: FB51E174E1421A8FDB05CFA9D9809DEFBF2BF89310F64942AD415B7215D730AA01CF94
              Function 04CE02B1 Relevance: .1, Instructions: 142COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2197933166.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4ce0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b62332ec81fc43bbb435abf266ae8c0d3af2dfaeba3a511092bd564d748a990f
              • Instruction ID: b0b44e356342c69f368c7056650656fabf2019f650d29ffd194a3109af6990a2
              • Opcode Fuzzy Hash: b62332ec81fc43bbb435abf266ae8c0d3af2dfaeba3a511092bd564d748a990f
              • Instruction Fuzzy Hash: 4151F536754722CFC3408B6BD84167AB7F2EB81360F188427D15ADFA91E3B4E851CB85
              Function 04CEE1C8 Relevance: .1, Instructions: 134COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2197933166.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4ce0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9ee4015b416ad20e88b393d6f61bb0fc69a6b36304de96817f3cde50119f317f
              • Instruction ID: c3328a0a96cd56b54c25ee68415e9b62ae476b788a3eeef914a69ac1c9d9ea85
              • Opcode Fuzzy Hash: 9ee4015b416ad20e88b393d6f61bb0fc69a6b36304de96817f3cde50119f317f
              • Instruction Fuzzy Hash: 7F51EC74E002598FDB14DFAAD5815AEFBF2FF89304F24C269D418A7255D731A942CFA0
              Function 02AB5D00 Relevance: .1, Instructions: 115COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2186492455.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2ab0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f5eacc6aa82bd540f1bcc30a534afb412d8b36f355841ea62e2c8a95aa9729d1
              • Instruction ID: 109c1b79176f7baca31867ec54bbd85d87ceaaa146f1fb32c7a80895c4618a3d
              • Opcode Fuzzy Hash: f5eacc6aa82bd540f1bcc30a534afb412d8b36f355841ea62e2c8a95aa9729d1
              • Instruction Fuzzy Hash: 85417D71E056588BDB18CF6B9D44799FBF3BFC9300F14C1BA850CAA225DB345A868F11
              Function 02AB5B10 Relevance: .1, Instructions: 114COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2186492455.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2ab0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 26016025cd32646cefd28cf6441bde805c7396e098aa1a47aaa24df31b766fd4
              • Instruction ID: 22073bde978be7ba5e9404532ed746d3203cc9da1ab74630aceb6a59bda2e2da
              • Opcode Fuzzy Hash: 26016025cd32646cefd28cf6441bde805c7396e098aa1a47aaa24df31b766fd4
              • Instruction Fuzzy Hash: 724107B0E0520ADFCB09CFA9D5815EEFBF6AF88300F64D16AC515B7215E7309A41CB94
              Function 02AB5720 Relevance: .1, Instructions: 114COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2186492455.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2ab0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 348b4a260c942b3bb6ec6804b7ca31b152eda489fa6fc2bb84a1fb9fd6b78198
              • Instruction ID: fd11c0915c98f5204c2d18afe30d22c70695af5fb3f9f274f48829918e3fad8d
              • Opcode Fuzzy Hash: 348b4a260c942b3bb6ec6804b7ca31b152eda489fa6fc2bb84a1fb9fd6b78198
              • Instruction Fuzzy Hash: 7A41F770E0520ADFCB15CFAAD5815EEFBB2AF88300F64D46AC415A7226D7349642CF94
              Function 02AB5730 Relevance: .1, Instructions: 113COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2186492455.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2ab0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f2939228c043ac27f2fb8307c023d0feb08966cd5032b37512c8e1c9244eb3d2
              • Instruction ID: c314cbb9db6eb04daa9455fdd0e6a8de07054e8a0a614abca8db158c15078bb3
              • Opcode Fuzzy Hash: f2939228c043ac27f2fb8307c023d0feb08966cd5032b37512c8e1c9244eb3d2
              • Instruction Fuzzy Hash: 0841C270E0420ADBCB05CFAAD5805EEFBB6BF88340F64D46AC415A7225D7349A42CF94
              Function 052BB798 Relevance: .1, Instructions: 113COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2200355095.00000000052B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052B0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_52b0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b982b572b42cc3f28d45ad1c6372db2874ce2d9bf928dcd68322f545753b5e71
              • Instruction ID: dd67878237fd71dde9edfe8552f8a044769c4f5d9f9462911e485d89880778f4
              • Opcode Fuzzy Hash: b982b572b42cc3f28d45ad1c6372db2874ce2d9bf928dcd68322f545753b5e71
              • Instruction Fuzzy Hash: F941EE75D052599FCB10CFA9D584ADEFBF1BF4A310F24906AE808BB211D374A945CB54
              Function 02AB5B01 Relevance: .1, Instructions: 112COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2186492455.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2ab0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a23a4df13edef61e23f6a14cd66aeef00ef7c828607404c7cce453cdc466c12c
              • Instruction ID: 6ff973717f17f2d7d78452bfc1deea0f80e17a8a5dfef4167f1ea58226192d36
              • Opcode Fuzzy Hash: a23a4df13edef61e23f6a14cd66aeef00ef7c828607404c7cce453cdc466c12c
              • Instruction Fuzzy Hash: EE4127B4E0524A9FCB09CFA9D5815EEFBF2AF88300F24D16AC505B7215E7309A41CB94
              Function 04CE0120 Relevance: .1, Instructions: 106COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2197933166.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4ce0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f711ce90deeb3a3efa33acdf9ef768020c863765cf3e421e16045cb6eeed0be7
              • Instruction ID: 8b2178b8539d6d5302d99d6ec3c233fbf932fa81d5e9346753895a4da5519db1
              • Opcode Fuzzy Hash: f711ce90deeb3a3efa33acdf9ef768020c863765cf3e421e16045cb6eeed0be7
              • Instruction Fuzzy Hash: 1641B135B14612CFC714CF6BC885A6ABBF2EF85350B08882AD06ACF651E374E945CF85
              Function 04CE0130 Relevance: .1, Instructions: 102COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2197933166.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4ce0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: dfbae5a3ee33d968d37573ce4d8502079af8f8310750bb7f709866ca8d92a7ce
              • Instruction ID: 377e7c1ec7719e931fb2d909519c68d373665c9c66e6b3335db3815958d74c21
              • Opcode Fuzzy Hash: dfbae5a3ee33d968d37573ce4d8502079af8f8310750bb7f709866ca8d92a7ce
              • Instruction Fuzzy Hash: CE418035610616CFC754CE6BC985A6BB7F2EF84350B04882AE06ACF650E374E950CF85
              Function 052B9CFC Relevance: .1, Instructions: 88COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2200355095.00000000052B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052B0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_52b0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: dd8070feaaa04548ffaebc72dcc9055cde86c6a06658d44a2c4db32d95328bd4
              • Instruction ID: 21eed984aff5813d9777d5e0d5ad0d95a920eb9b54fb36e6f3f3397d33fb33f3
              • Opcode Fuzzy Hash: dd8070feaaa04548ffaebc72dcc9055cde86c6a06658d44a2c4db32d95328bd4
              • Instruction Fuzzy Hash: 2E3197B4D012499FDB14CFA9E984ADEFBF1AF49310F24902AE818B7210D3B4A945CF94
              Function 04CE580C Relevance: .1, Instructions: 73COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2197933166.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4ce0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ff639f32fb7048dd310f1ff7450c90efded1090558dde5640e4b12a91f839eac
              • Instruction ID: b98c2e8926f6bb83e1468785b16b74d2de0c993fac7239b758cd55844d55801b
              • Opcode Fuzzy Hash: ff639f32fb7048dd310f1ff7450c90efded1090558dde5640e4b12a91f839eac
              • Instruction Fuzzy Hash: 6D3170B4D05209EFCB14CFAAD484AADBBF2BF49354F249529E814B7350D3349A41CF54
              Function 04CE5818 Relevance: .1, Instructions: 71COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2197933166.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4ce0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ff59025b52f957da4963bdbb5d8234baf943a7ee9440feed39807d1fa6295734
              • Instruction ID: 090a8127ccba71ddfd837f0d2497ce0d4c7ff05239fc92d48049a508d6190bd5
              • Opcode Fuzzy Hash: ff59025b52f957da4963bdbb5d8234baf943a7ee9440feed39807d1fa6295734
              • Instruction Fuzzy Hash: 64315DB4D05208EFCB14CFAAD484AADBBF2BB49354F24A529E814B7350D7349A42CF54
              Function 04CE5B2D Relevance: .1, Instructions: 66COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2197933166.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4ce0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2f1325245838893a4146068450c64fa759e3ef73b6cd0ff2515c7be2d5dd9fc7
              • Instruction ID: 5f816c26d0b81fcae5a8db79c557c698d62ffce4a442a60832f0497b4ab9b449
              • Opcode Fuzzy Hash: 2f1325245838893a4146068450c64fa759e3ef73b6cd0ff2515c7be2d5dd9fc7
              • Instruction Fuzzy Hash: B121A374D04209EFDB04CFAAD4446EDFBF2AB49354F24E165E824B7290D7749641CF94
              Function 02AB08D0 Relevance: .1, Instructions: 66COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2186492455.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2ab0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ca04a4eabcb1fb0e63f2c40187f9a1aae155081a32abf52cebe54c45a1503dd9
              • Instruction ID: 2792f97f118c5a34f895b78dbd9b7f442d887e502041801717e0fc015cac8d05
              • Opcode Fuzzy Hash: ca04a4eabcb1fb0e63f2c40187f9a1aae155081a32abf52cebe54c45a1503dd9
              • Instruction Fuzzy Hash: B821D871E147588BEB19CF6BD8406DAFBF7AFC9200F08C1BAC518A6225EB3445568F51
              Function 04CE5B38 Relevance: .1, Instructions: 59COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2197933166.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4ce0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 933b60a4d00c59daa4e175ca4b9b3cb5c826803617786e73930ea67d950350a8
              • Instruction ID: ecda9ea313cf61f50f1240cf75d6d62e1eddfdd670b3a9ca3f9ca8dab3268c7a
              • Opcode Fuzzy Hash: 933b60a4d00c59daa4e175ca4b9b3cb5c826803617786e73930ea67d950350a8
              • Instruction Fuzzy Hash: 6C216FB4D04208EFDB14CFAAD4446EEFBF2AB49314F24E169E824B7250D7349A45CF98
              Function 04CE5A65 Relevance: .0, Instructions: 38COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2197933166.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4ce0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3f3d4a102433381188aeb388c6762ae126720a7eef5314626341f79517f75937
              • Instruction ID: e8fb3904d6a5c853837d824e3be329ca2239b9109ea162c4091dde537d613c28
              • Opcode Fuzzy Hash: 3f3d4a102433381188aeb388c6762ae126720a7eef5314626341f79517f75937
              • Instruction Fuzzy Hash: 48F062B4E052499BEF44DFAAD5409EEFFF2AB5A310F14A16AE804B3310E3359911DF58
              Function 04CE5A70 Relevance: .0, Instructions: 34COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2197933166.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4ce0000_PO STS_2184_06_2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9eb7edaa31dfbf35867dc96d8b8f8c426529f6e1b54484e160c576f9eb5ddf33
              • Instruction ID: 02a98b900ba188070fa31d6fc6bf5f095b9aa3ab6b174f17ccad8f999c3b5ca2
              • Opcode Fuzzy Hash: 9eb7edaa31dfbf35867dc96d8b8f8c426529f6e1b54484e160c576f9eb5ddf33
              • Instruction Fuzzy Hash: A9F042B5D0520D9F8F04DFAAD5418EEFBF2BB5A310F14A16AE814B3310E73599518FA8

              Execution Graph

              Execution Coverage:0.8%
              Dynamic/Decrypted Code Coverage:6.2%
              Signature Coverage:6.2%
              Total number of Nodes:112
              Total number of Limit Nodes:12
              execution_graph 92423 424483 92426 424492 92423->92426 92424 4244d6 92431 42d1d3 92424->92431 92426->92424 92428 424514 92426->92428 92430 424519 92426->92430 92429 42d1d3 RtlFreeHeap 92428->92429 92429->92430 92434 42b663 92431->92434 92433 4244e6 92435 42b67d 92434->92435 92436 42b68e RtlFreeHeap 92435->92436 92436->92433 92437 42a923 92438 42a93d 92437->92438 92441 12e2df0 LdrInitializeThunk 92438->92441 92439 42a965 92441->92439 92517 4240f3 92518 42410f 92517->92518 92519 424137 92518->92519 92520 42414b 92518->92520 92522 42b2f3 NtClose 92519->92522 92521 42b2f3 NtClose 92520->92521 92523 424154 92521->92523 92524 424140 92522->92524 92527 42d2f3 RtlAllocateHeap 92523->92527 92526 42415f 92527->92526 92528 42e2b3 92529 42e2c3 92528->92529 92530 42e2c9 92528->92530 92533 42d2b3 92530->92533 92532 42e2ef 92536 42b613 92533->92536 92535 42d2ce 92535->92532 92537 42b630 92536->92537 92538 42b641 RtlAllocateHeap 92537->92538 92538->92535 92442 4177a3 92443 417754 92442->92443 92443->92442 92444 417773 LdrLoadDll 92443->92444 92445 41778a 92443->92445 92444->92445 92539 413a93 92543 413aa9 92539->92543 92541 413b0c 92542 413b04 92543->92541 92544 41ae93 RtlFreeHeap LdrInitializeThunk 92543->92544 92544->92542 92545 41de93 92546 41deb9 92545->92546 92549 41dfa7 92546->92549 92551 42e3e3 92546->92551 92548 41df4b 92548->92549 92550 42a973 LdrInitializeThunk 92548->92550 92550->92549 92552 42e353 92551->92552 92553 42e3b0 92552->92553 92554 42d2b3 RtlAllocateHeap 92552->92554 92553->92548 92555 42e38d 92554->92555 92556 42d1d3 RtlFreeHeap 92555->92556 92556->92553 92557 4138b3 92560 42b573 92557->92560 92561 42b58d 92560->92561 92564 12e2c70 LdrInitializeThunk 92561->92564 92562 4138d5 92564->92562 92446 401bea 92447 401c73 92446->92447 92450 42e773 92447->92450 92448 401ca6 92448->92448 92453 42cdd3 92450->92453 92454 42cdf6 92453->92454 92463 407673 92454->92463 92456 42ce0c 92462 42ce5d 92456->92462 92466 41ab83 92456->92466 92458 42ce2b 92459 42ce40 92458->92459 92460 42b6b3 ExitProcess 92458->92460 92477 42b6b3 92459->92477 92460->92459 92462->92448 92480 416443 92463->92480 92465 407680 92465->92456 92467 41abaf 92466->92467 92502 41aa73 92467->92502 92470 41abdc 92474 41abe7 92470->92474 92508 42b2f3 92470->92508 92472 41ac10 92472->92458 92473 41abf4 92473->92472 92475 42b2f3 NtClose 92473->92475 92474->92458 92476 41ac06 92475->92476 92476->92458 92478 42b6d0 92477->92478 92479 42b6e1 ExitProcess 92478->92479 92479->92462 92482 41645a 92480->92482 92481 416473 92481->92465 92482->92481 92487 42bd43 92482->92487 92484 4164c4 92484->92481 92494 427fe3 NtClose LdrInitializeThunk 92484->92494 92486 4164ea 92486->92465 92489 42bd5b 92487->92489 92488 42bd7f 92488->92484 92489->92488 92495 42a973 92489->92495 92492 42d1d3 RtlFreeHeap 92493 42bded 92492->92493 92493->92484 92494->92486 92496 42a98d 92495->92496 92499 12e2c0a 92496->92499 92497 42a9b9 92497->92492 92500 12e2c1f LdrInitializeThunk 92499->92500 92501 12e2c11 92499->92501 92500->92497 92501->92497 92503 41aa8d 92502->92503 92507 41ab69 92502->92507 92511 42aa13 92503->92511 92506 42b2f3 NtClose 92506->92507 92507->92470 92507->92473 92509 42b30d 92508->92509 92510 42b31e NtClose 92509->92510 92510->92474 92512 42aa30 92511->92512 92515 12e35c0 LdrInitializeThunk 92512->92515 92513 41ab5d 92513->92506 92515->92513 92516 12e2b60 LdrInitializeThunk

              Executed Functions

              Function 00417713 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 30 417713-41772f 31 417737-41773c 30->31 32 417732 call 42ded3 30->32 33 417742-417750 call 42e3f3 31->33 34 41773e-417741 31->34 32->31 37 417760-417771 call 42c8a3 33->37 38 417752-41775d call 42e693 33->38 43 417773-417787 LdrLoadDll 37->43 44 41778a-41778d 37->44 38->37 43->44
              APIs
              • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417785
              Memory Dump Source
              • Source File: 00000005.00000002.2630248642.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_400000_RegSvcs.jbxd
              Yara matches
              Similarity
              • API ID: Load
              • String ID:
              • API String ID: 2234796835-0
              • Opcode ID: cc12b25d517994b9bcc517731b469122a00c5f8ed43c7c54d5fb46cc540c6b3e
              • Instruction ID: f7a8e4cc8ee9c12b89df34b9b40b13426c85777aa375e7c50904cc4f8623699d
              • Opcode Fuzzy Hash: cc12b25d517994b9bcc517731b469122a00c5f8ed43c7c54d5fb46cc540c6b3e
              • Instruction Fuzzy Hash: 590171B5E4020DABDF10EBE1DC42FDEB378AB14304F0081AAF91897280F674EB548B95
              Function 0042B2F3 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 55 42b2f3-42b32c call 404a43 call 42c3a3 NtClose
              APIs
              • NtClose.NTDLL(?,0041634F,001F0001,?,00000000,?,?,00000104), ref: 0042B327
              Memory Dump Source
              • Source File: 00000005.00000002.2630248642.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_400000_RegSvcs.jbxd
              Yara matches
              Similarity
              • API ID: Close
              • String ID:
              • API String ID: 3535843008-0
              • Opcode ID: d3d6b15381d04093d5f5fe55dd480cccad6279c3d6fe1da05ed42425f988d16f
              • Instruction ID: 53dd517a889331028237bc314370696bfff4bf644c69084a9253c83b227c1596
              • Opcode Fuzzy Hash: d3d6b15381d04093d5f5fe55dd480cccad6279c3d6fe1da05ed42425f988d16f
              • Instruction Fuzzy Hash: E9E04676300614BBD620FA6ADC81F9BBB6CDFC5724F00441EFA08A7242C6B4BA1187A4
              Function 012E2B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 69 12e2b60-12e2b6c LdrInitializeThunk
              APIs
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID: InitializeThunk
              • String ID:
              • API String ID: 2994545307-0
              • Opcode ID: af671bcbb2bec84f81f5e69facda35edfac6e26bcfae8996cd2a21a8dbef4f66
              • Instruction ID: d854cbd88b64d400967c32a13373ecf20a017edcf4d312a0d60838775308858a
              • Opcode Fuzzy Hash: af671bcbb2bec84f81f5e69facda35edfac6e26bcfae8996cd2a21a8dbef4f66
              • Instruction Fuzzy Hash: 1990026121240003450571584414616C00AD7E1201F55C035E3014590DC625C9A56225
              Function 012E2DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 71 12e2df0-12e2dfc LdrInitializeThunk
              APIs
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID: InitializeThunk
              • String ID:
              • API String ID: 2994545307-0
              • Opcode ID: d1e7cdaae5709b96a16d62c9888541b7c2ab683c3a420147df43b7e30e1d4e8e
              • Instruction ID: 564b9e923b55c2217a6c61bbe1205c02219ab865aba90b255707bfa866606617
              • Opcode Fuzzy Hash: d1e7cdaae5709b96a16d62c9888541b7c2ab683c3a420147df43b7e30e1d4e8e
              • Instruction Fuzzy Hash: A790023121140413D511715845047078009D7D1241F95C426A2424558DD756CA66A221
              Function 012E2C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 70 12e2c70-12e2c7c LdrInitializeThunk
              APIs
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID: InitializeThunk
              • String ID:
              • API String ID: 2994545307-0
              • Opcode ID: 63bf733f8ac9e5e0d944d3d7709b08a8017a4ce9443961fa0bc72882d7ca6900
              • Instruction ID: 2e933515106f96864574be3d2b07d2b4ecb44796ab80b39e3106511f8deb435e
              • Opcode Fuzzy Hash: 63bf733f8ac9e5e0d944d3d7709b08a8017a4ce9443961fa0bc72882d7ca6900
              • Instruction Fuzzy Hash: 8090023121148802D5107158840474A8005D7D1301F59C425A6424658DC795C9A57221
              Function 012E35C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 72 12e35c0-12e35cc LdrInitializeThunk
              APIs
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID: InitializeThunk
              • String ID:
              • API String ID: 2994545307-0
              • Opcode ID: 1adc4b41a7f50b7f9a8f17c0c8db4e518099f13322cba43bf96e3b26690eb377
              • Instruction ID: 4902ea48382d392a7f83eda43a51edc9f6d996a62c29c32a7470489e9bdaef28
              • Opcode Fuzzy Hash: 1adc4b41a7f50b7f9a8f17c0c8db4e518099f13322cba43bf96e3b26690eb377
              • Instruction Fuzzy Hash: DF90023161550402D500715845147069005D7D1201F65C425A2424568DC795CA6566A2
              Function 004177A3 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 61libraryloaderCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 0 4177a3-4177ae 1 4177b0-4177ee 0->1 2 417754-417757 0->2 5 4177f0-4177f5 1->5 6 41779c-41779e 1->6 3 41775d-417771 call 42c8a3 2->3 4 417758 call 42e693 2->4 10 417773-417787 LdrLoadDll 3->10 11 41778a-41778d 3->11 4->3 6->0 10->11
              APIs
              • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417785
              Strings
              Memory Dump Source
              • Source File: 00000005.00000002.2630248642.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_400000_RegSvcs.jbxd
              Yara matches
              Similarity
              • API ID: Load
              • String ID: IcS
              • API String ID: 2234796835-1987933527
              • Opcode ID: f5f583a69386b01c095a90c42760c5261036c5fbe07497078ddc0ffe0f59a681
              • Instruction ID: 5788721e7e9f2c24babe7426dedec8dd053295ee8baa795d3979c0f058e8c471
              • Opcode Fuzzy Hash: f5f583a69386b01c095a90c42760c5261036c5fbe07497078ddc0ffe0f59a681
              • Instruction Fuzzy Hash: 6C1144B5E44609AFDF11DB64CC81BDAB770AB15708F10479AE9288B281E638EA158BC5
              Function 0042B663 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 50 42b663-42b6a4 call 404a43 call 42c3a3 RtlFreeHeap
              APIs
              • RtlFreeHeap.NTDLL(00000000,00000004,00000000,B48D02C8,00000007,00000000,00000004,00000000,00416FF0,000000F4,?,?,?,?,?), ref: 0042B69F
              Memory Dump Source
              • Source File: 00000005.00000002.2630248642.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_400000_RegSvcs.jbxd
              Yara matches
              Similarity
              • API ID: FreeHeap
              • String ID:
              • API String ID: 3298025750-0
              • Opcode ID: cebced99977a5d55a47b38dab37af0b27a1ac9148fdb3e20e58ea52957eed68e
              • Instruction ID: f2cc2bfdb2ff12fecd0f7bd87809f30f747ba7b5d46a7c07c7003119679ebdf5
              • Opcode Fuzzy Hash: cebced99977a5d55a47b38dab37af0b27a1ac9148fdb3e20e58ea52957eed68e
              • Instruction Fuzzy Hash: 11E0EDB12042147BD614EE59EC41F9B77ADEFC5714F40441EFA09A7241D670BA118BB8
              Function 0042B613 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 45 42b613-42b657 call 404a43 call 42c3a3 RtlAllocateHeap
              APIs
              • RtlAllocateHeap.NTDLL(?,0041DF4B,?,?,00000000,?,0041DF4B,?,?,?), ref: 0042B652
              Memory Dump Source
              • Source File: 00000005.00000002.2630248642.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_400000_RegSvcs.jbxd
              Yara matches
              Similarity
              • API ID: AllocateHeap
              • String ID:
              • API String ID: 1279760036-0
              • Opcode ID: 8bd46eee1116ebaa7ed0a1f4491624fb699c4da4c2f97eecd6693f680b796155
              • Instruction ID: 37d931e01a6baf8388d2ab498d80574958b4c8a0894e062320dc8a62f2b9b1e8
              • Opcode Fuzzy Hash: 8bd46eee1116ebaa7ed0a1f4491624fb699c4da4c2f97eecd6693f680b796155
              • Instruction Fuzzy Hash: C1E0EDB12042187BD614EF59EC41F9F77ADDFC5714F00441AFA08A7281D670BA118BB8
              Function 0042B6B3 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 60 42b6b3-42b6ef call 404a43 call 42c3a3 ExitProcess
              APIs
              Memory Dump Source
              • Source File: 00000005.00000002.2630248642.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_400000_RegSvcs.jbxd
              Yara matches
              Similarity
              • API ID: ExitProcess
              • String ID:
              • API String ID: 621844428-0
              • Opcode ID: 2637095884553c8c08140c647ed18d1a8093e123f28d43652d1efd832c85ded6
              • Instruction ID: 29c2a9b280cca169856d588aa7835bf88e6a03f6e5893e90ab8ecc7f4fd44f2b
              • Opcode Fuzzy Hash: 2637095884553c8c08140c647ed18d1a8093e123f28d43652d1efd832c85ded6
              • Instruction Fuzzy Hash: 53E08C763402147BCA20EA5ADC81F9BB7ACDFC5714F40442AFA0CA7242CA74BA118BF4
              Function 012E2C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 65 12e2c0a-12e2c0f 66 12e2c1f-12e2c26 LdrInitializeThunk 65->66 67 12e2c11-12e2c18 65->67
              APIs
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID: InitializeThunk
              • String ID:
              • API String ID: 2994545307-0
              • Opcode ID: 30ddca1165c0f8dda7b3accc98bb62900dba8ffe40e1f0962c3b971daed9a668
              • Instruction ID: bdb1a76d646617036db8a17a5c5a6ef7d99fc6ef314a54929e823e338f92a8fc
              • Opcode Fuzzy Hash: 30ddca1165c0f8dda7b3accc98bb62900dba8ffe40e1f0962c3b971daed9a668
              • Instruction Fuzzy Hash: F3B09B719115D5C5DE11E764460C717B954B7D1701F56C075D3030641F4738C1E5E375

              Non-executed Functions

              Function 01358D10 Relevance: 37.8, Strings: 30, Instructions: 268COMMONLIBRARYCODE
              Download Yara Rule
              Strings
              • The resource is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 01358E3F
              • The instruction at %p tried to %s , xrefs: 01358F66
              • a NULL pointer, xrefs: 01358F90
              • *** A stack buffer overrun occurred in %ws:%s, xrefs: 01358DA3
              • read from, xrefs: 01358F5D, 01358F62
              • The stack trace should show the guilty function (the function directly above __report_gsfailure)., xrefs: 01358DD3
              • The resource is owned exclusively by thread %p, xrefs: 01358E24
              • This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked., xrefs: 01358DB5
              • *** Critical Section Timeout (%p) in %ws:%s, xrefs: 01358E4B
              • If this bug ends up in the shipping product, it could be a severe security hole., xrefs: 01358DC4
              • an invalid address, %p, xrefs: 01358F7F
              • <unknown>, xrefs: 01358D2E, 01358D81, 01358E00, 01358E49, 01358EC7, 01358F3E
              • The critical section is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 01358E86
              • *** An Access Violation occurred in %ws:%s, xrefs: 01358F3F
              • This means that the I/O device reported an I/O error. Check your hardware., xrefs: 01358F26
              • *** Resource timeout (%p) in %ws:%s, xrefs: 01358E02
              • The critical section is owned by thread %p., xrefs: 01358E69
              • *** Restarting wait on critsec or resource at %p (in %ws:%s), xrefs: 01358FEF
              • This failed because of error %Ix., xrefs: 01358EF6
              • The resource is owned shared by %d threads, xrefs: 01358E2E
              • Go determine why that thread has not released the critical section., xrefs: 01358E75
              • The instruction at %p referenced memory at %p., xrefs: 01358EE2
              • *** Unhandled exception 0x%08lx, hit in %ws:%s, xrefs: 01358D8C
              • *** enter .exr %p for the exception record, xrefs: 01358FA1
              • *** enter .cxr %p for the context, xrefs: 01358FBD
              • This means the machine is out of memory. Use !vm to see where all the memory is being used., xrefs: 01358F34
              • write to, xrefs: 01358F56
              • *** then kb to get the faulting stack, xrefs: 01358FCC
              • This means the data could not be read, typically because of a bad block on the disk. Check your hardware., xrefs: 01358F2D
              • *** Inpage error in %ws:%s, xrefs: 01358EC8
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID: *** A stack buffer overrun occurred in %ws:%s$ *** An Access Violation occurred in %ws:%s$ *** Critical Section Timeout (%p) in %ws:%s$ *** Inpage error in %ws:%s$ *** Resource timeout (%p) in %ws:%s$ *** Unhandled exception 0x%08lx, hit in %ws:%s$ *** enter .cxr %p for the context$ *** Restarting wait on critsec or resource at %p (in %ws:%s)$ *** enter .exr %p for the exception record$ *** then kb to get the faulting stack$<unknown>$Go determine why that thread has not released the critical section.$If this bug ends up in the shipping product, it could be a severe security hole.$The critical section is owned by thread %p.$The critical section is unowned. This usually implies a slow-moving machine due to memory pressure$The instruction at %p referenced memory at %p.$The instruction at %p tried to %s $The resource is owned exclusively by thread %p$The resource is owned shared by %d threads$The resource is unowned. This usually implies a slow-moving machine due to memory pressure$The stack trace should show the guilty function (the function directly above __report_gsfailure).$This failed because of error %Ix.$This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked.$This means that the I/O device reported an I/O error. Check your hardware.$This means the data could not be read, typically because of a bad block on the disk. Check your hardware.$This means the machine is out of memory. Use !vm to see where all the memory is being used.$a NULL pointer$an invalid address, %p$read from$write to
              • API String ID: 0-108210295
              • Opcode ID: 263926f439c83a36208d4eb90dff7a0e2741e40131fdac832810f15feed23291
              • Instruction ID: 55d729413298809857d5e689414c123f11874398a7c74fc40a802400da3b6250
              • Opcode Fuzzy Hash: 263926f439c83a36208d4eb90dff7a0e2741e40131fdac832810f15feed23291
              • Instruction Fuzzy Hash: ED81D379A50214BFDF25EA2EDC45D6B3B79EF5BF18F010088FA086F212E3758812D661
              Function 01322349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
              • API String ID: 0-2160512332
              • Opcode ID: 046ed2de270cc60cc86908c1f3e893ba628eb389c29d431adfdf33920e67ee92
              • Instruction ID: eb81a0730bbe03b3c78059ef219e06457259a2aed369ef6007e34fa0fe60b41a
              • Opcode Fuzzy Hash: 046ed2de270cc60cc86908c1f3e893ba628eb389c29d431adfdf33920e67ee92
              • Instruction Fuzzy Hash: 35929F71618352AFE721EF28CC80B6BB7E8BB88758F04491DFA95D7251D770E844CB92
              Function 012D8620 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
              Download Yara Rule
              Strings
              • corrupted critical section, xrefs: 013154C2
              • Invalid debug info address of this critical section, xrefs: 013154B6
              • undeleted critical section in freed memory, xrefs: 0131542B
              • Address of the debug info found in the active list., xrefs: 013154AE, 013154FA
              • Thread is in a state in which it cannot own a critical section, xrefs: 01315543
              • Critical section address., xrefs: 01315502
              • Critical section debug info address, xrefs: 0131541F, 0131552E
              • 8, xrefs: 013152E3
              • Critical section address, xrefs: 01315425, 013154BC, 01315534
              • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 013154E2
              • Thread identifier, xrefs: 0131553A
              • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 0131540A, 01315496, 01315519
              • double initialized or corrupted critical section, xrefs: 01315508
              • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 013154CE
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
              • API String ID: 0-2368682639
              • Opcode ID: abec0c021d4d4f995282eec9352df840bc5930b8fe21701f9b8a967ab17feefa
              • Instruction ID: 56cb84cb9e72c09f89ef05a98c2cdd8178365a2c3f3af90966f42d9c79f431ad
              • Opcode Fuzzy Hash: abec0c021d4d4f995282eec9352df840bc5930b8fe21701f9b8a967ab17feefa
              • Instruction Fuzzy Hash: EB81CCB1A41348EFDB24CF99C845FAEBBB9FB49718F504119F605B7680D3B1A940CBA0
              Function 012D29F9 Relevance: 14.2, Strings: 11, Instructions: 411COMMON
              Download Yara Rule
              Strings
              • RtlpResolveAssemblyStorageMapEntry, xrefs: 0131261F
              • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 013122E4
              • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 013125EB
              • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 01312624
              • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 013124C0
              • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 01312412
              • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 01312498
              • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 01312409
              • @, xrefs: 0131259B
              • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 01312506
              • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 01312602
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
              • API String ID: 0-4009184096
              • Opcode ID: ff18643b5553fecfe27772586a3cf270e14250e03387098073ed402eacd37f54
              • Instruction ID: a31fdb944eb192c0397c183f4025b83c5e391ecc612e30d5f64c7b95bf586b44
              • Opcode Fuzzy Hash: ff18643b5553fecfe27772586a3cf270e14250e03387098073ed402eacd37f54
              • Instruction Fuzzy Hash: 6A027EB1D10229DFDB21DB54CC81BEAB7B8AB54704F1141DAE609B7241EB70AE84CF69
              Function 01348B42 Relevance: 12.6, Strings: 10, Instructions: 146COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
              • API String ID: 0-2515994595
              • Opcode ID: 7fffafb27f841e3db6559e29a6570eb0f86620e4e41b1463209eceacb17256d2
              • Instruction ID: 42a94de4622d93144c84b31c4797494760862b3c3fe5574d6a56529a0a4339b8
              • Opcode Fuzzy Hash: 7fffafb27f841e3db6559e29a6570eb0f86620e4e41b1463209eceacb17256d2
              • Instruction Fuzzy Hash: AE51D0715253059BC729DF58C848BABBBECFF94748F14496DE999C3240E770EA04CB92
              Function 012BAD00 Relevance: 11.8, Strings: 9, Instructions: 509COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID: DLL name: %wZ$DLL search path passed in externally: %ws$LdrGetDllHandleEx$LdrpFindLoadedDllInternal$LdrpInitializeDllPath$Status: 0x%08lx$minkernel\ntdll\ldrapi.c$minkernel\ntdll\ldrfind.c$minkernel\ntdll\ldrutil.c
              • API String ID: 0-3197712848
              • Opcode ID: 1e628ba92dc37a71258410a3b91e05a2856f95f73d8f8fa000bb9471d26f5dd0
              • Instruction ID: 673c4024747cf037d80177bb7bdc29b9d8bbd94957bf04558d9c620b55e256a0
              • Opcode Fuzzy Hash: 1e628ba92dc37a71258410a3b91e05a2856f95f73d8f8fa000bb9471d26f5dd0
              • Instruction Fuzzy Hash: 63121171A293428BD325DF28C481BFAB7E4FF84788F04096DFA858B281E775D944CB52
              Function 01350274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
              • API String ID: 0-1700792311
              • Opcode ID: 3b33c515fbf47c20c33ce977e4c9c0b5fcbb0dd2fceb10aa7fc428beb21d95ee
              • Instruction ID: 1641aa78ba6f4f22fafd13e0b59733f7d6837cfd04bbe3e65593f6c05be9e137
              • Opcode Fuzzy Hash: 3b33c515fbf47c20c33ce977e4c9c0b5fcbb0dd2fceb10aa7fc428beb21d95ee
              • Instruction Fuzzy Hash: DFD1DC31620686DFDB6ADF6CC440EAEBBF1FF49B18F088459F8459B652C7369981CB10
              Function 012D63FF Relevance: 10.3, Strings: 8, Instructions: 261COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID: Delaying execution failed with status 0x%08lx$H2$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c$p-
              • API String ID: 0-3791564390
              • Opcode ID: 00ced2879d8cd04c5bb26b382b0e1f3019d6dbd7d6577670e004583cd7c853f7
              • Instruction ID: d5344c64661afbd41502b632f7777ffaf642e38cc213cfa3d38812a639d369cd
              • Opcode Fuzzy Hash: 00ced2879d8cd04c5bb26b382b0e1f3019d6dbd7d6577670e004583cd7c853f7
              • Instruction Fuzzy Hash: 64917B70B21316DBEB39DF58D845BAE7BA5FF41B28F100129E6006B389D7B59882C7D0
              Function 013289B3 Relevance: 10.3, Strings: 8, Instructions: 259COMMON
              Download Yara Rule
              Strings
              • HandleTraces, xrefs: 01328C8F
              • AVRF: -*- final list of providers -*- , xrefs: 01328B8F
              • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 01328A67
              • p-, xrefs: 01328A35, 01328A5F
              • VerifierDebug, xrefs: 01328CA5
              • VerifierFlags, xrefs: 01328C50
              • VerifierDlls, xrefs: 01328CBD
              • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 01328A3D
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags$p-
              • API String ID: 0-2538775415
              • Opcode ID: 69a15291f5e4dcecf32b95b4a06c6a0e59547298a730888f366038b673d4e36b
              • Instruction ID: 26c2d42214a438e8c62ec7ab5a0ca270c2116bb615e8399d746641a3fcb25534
              • Opcode Fuzzy Hash: 69a15291f5e4dcecf32b95b4a06c6a0e59547298a730888f366038b673d4e36b
              • Instruction Fuzzy Hash: 9C912671645336AFEB22FF2CC881B6A77E8AB54B1CF05099DFA406B651C7309C44C795
              Function 0129645D Relevance: 8.9, Strings: 7, Instructions: 150COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID: Building shim user DLL system32 filename failed with status 0x%08lx$Getting the shim user exports failed with status 0x%08lx$LdrpInitShimuser$Loading the shim user DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c$p-
              • API String ID: 0-3413953472
              • Opcode ID: 5dbbb04a848834b2562aeee552608aacd24ba2ef2bc3849e7b87ab9dfa8e020b
              • Instruction ID: d78b4e17bc834a570d62828d886be207626b84db886dcce70be0cb654bbebc15
              • Opcode Fuzzy Hash: 5dbbb04a848834b2562aeee552608aacd24ba2ef2bc3849e7b87ab9dfa8e020b
              • Instruction Fuzzy Hash: CA51C6712683059FEB25EF28D881BABB7E8FF84748F00092DF68597150D671E944CB92
              Function 012AEA80 Relevance: 8.6, Strings: 6, Instructions: 1073COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T${
              • API String ID: 0-1109411897
              • Opcode ID: 99a37bafe0373bb80140b6f401ab71b03969b55033079d4367942daa421bbda3
              • Instruction ID: d787040445f2944fb0711d12fcf2020ef54023c8fdcd07ff8e6d7404c8cd6922
              • Opcode Fuzzy Hash: 99a37bafe0373bb80140b6f401ab71b03969b55033079d4367942daa421bbda3
              • Instruction Fuzzy Hash: A4A27870A2562A8FDB65DF18CD987ADBBB5BF45304F5042E9DA0DA7290DB349E81CF00
              Function 012D2674 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
              Download Yara Rule
              Strings
              • SXS: %s() passed the empty activation context, xrefs: 01312165
              • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 01312180
              • RtlGetAssemblyStorageRoot, xrefs: 01312160, 0131219A, 013121BA
              • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 013121BF
              • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 0131219F
              • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 01312178
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
              • API String ID: 0-861424205
              • Opcode ID: c72f2aaae569f16fe42b8cfc1f8f046268d621af451958f044caa30e0c91b9d0
              • Instruction ID: 1b8806f52b091ec4da73b0b07f618455b99ed96e731efe9bba4d6fe4c7151d66
              • Opcode Fuzzy Hash: c72f2aaae569f16fe42b8cfc1f8f046268d621af451958f044caa30e0c91b9d0
              • Instruction Fuzzy Hash: 84315A3AF61225BBF725DA99CC81F5B7B78DF55A44F254069FB0477144D2709E00C3A0
              Function 012DC6A6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
              Download Yara Rule
              Strings
              • Loading import redirection DLL: '%wZ', xrefs: 01318170
              • minkernel\ntdll\ldrredirect.c, xrefs: 01318181, 013181F5
              • minkernel\ntdll\ldrinit.c, xrefs: 012DC6C3
              • LdrpInitializeProcess, xrefs: 012DC6C4
              • LdrpInitializeImportRedirection, xrefs: 01318177, 013181EB
              • Unable to build import redirection Table, Status = 0x%x, xrefs: 013181E5
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
              • API String ID: 0-475462383
              • Opcode ID: 9e8396fd6ac2ef306097f2dffc1be7db3451d482ab4ddebe0ed4e9c30301f9d4
              • Instruction ID: b3002015915c7276aa20fa6e71a70fda00f7b4b9bfa079fabc80f9ba0c35e91f
              • Opcode Fuzzy Hash: 9e8396fd6ac2ef306097f2dffc1be7db3451d482ab4ddebe0ed4e9c30301f9d4
              • Instruction Fuzzy Hash: 3331F3B26643429FD224EF2DD946E2B77D4EF94B24F04066CF945AB295E620EC04C7A2
              Function 012E096E Relevance: 6.6, APIs: 4, Instructions: 606COMMON
              Download Yara Rule
              APIs
                • Part of subcall function 012E2DF0: LdrInitializeThunk.NTDLL ref: 012E2DFA
              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 012E0BA3
              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 012E0BB6
              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 012E0D60
              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 012E0D74
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
              • String ID:
              • API String ID: 1404860816-0
              • Opcode ID: 8536908324cb209dfd99dc3a218bbdbbecd9b4f4464f49d643a390679861306e
              • Instruction ID: 0b3be7353c1d2d23f00d0f00920e94ead6e55b07de2470078fd077a3a4f8775d
              • Opcode Fuzzy Hash: 8536908324cb209dfd99dc3a218bbdbbecd9b4f4464f49d643a390679861306e
              • Instruction Fuzzy Hash: 77428C71A10705DFDB25CF28C894BAAB7F5FF04304F4445A9E989EB245E7B0AA85CF60
              Function 012D4D1D Relevance: 6.4, Strings: 5, Instructions: 117COMMON
              Download Yara Rule
              Strings
              • minkernel\ntdll\ldrsnap.c, xrefs: 01313640, 0131366C
              • Probing for the manifest of DLL "%wZ" failed with status 0x%08lx, xrefs: 0131362F
              • p-, xrefs: 012D4D3D
              • Querying the active activation context failed with status 0x%08lx, xrefs: 0131365C
              • LdrpFindDllActivationContext, xrefs: 01313636, 01313662
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID: LdrpFindDllActivationContext$Probing for the manifest of DLL "%wZ" failed with status 0x%08lx$Querying the active activation context failed with status 0x%08lx$minkernel\ntdll\ldrsnap.c$p-
              • API String ID: 0-1931516821
              • Opcode ID: 4202bf490236f12e16deb549487e6633f5d30177b521085f38987781e622fc67
              • Instruction ID: 8fb1b18fffdd6853508b272978bb3c6d97326570b17965772aa73668364d802f
              • Opcode Fuzzy Hash: 4202bf490236f12e16deb549487e6633f5d30177b521085f38987781e622fc67
              • Instruction Fuzzy Hash: DF310C72930293AFEF36FB0CC849B3576A8BB01B54F0A412ADB0557A55D7B09D80C795
              Function 012AA3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
              • API String ID: 0-379654539
              • Opcode ID: 9f35b91cdd1daccb8b6566aad486e36f3971976d91b8d2613cc8342cc74345e5
              • Instruction ID: 4936d9d0567bb3a08767db2f6d94d88b7b1c8135209151f4778ad483aec49e27
              • Opcode Fuzzy Hash: 9f35b91cdd1daccb8b6566aad486e36f3971976d91b8d2613cc8342cc74345e5
              • Instruction Fuzzy Hash: C0C18C74528382CFDB22CF58C044B6BBBE4FF84708F44496AF9968B291E774C949CB56
              Function 012D8402 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
              Download Yara Rule
              Strings
              • minkernel\ntdll\ldrinit.c, xrefs: 012D8421
              • LdrpInitializeProcess, xrefs: 012D8422
              • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 012D855E
              • @, xrefs: 012D8591
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
              • API String ID: 0-1918872054
              • Opcode ID: 76d34b646394c37979714eac0bf4c12403272f1ff941f6f31305a6640193ff24
              • Instruction ID: 5318f25498416480fa870e9263c4ce0b2fbccf1f0c574d412ea8de621ce5a0bf
              • Opcode Fuzzy Hash: 76d34b646394c37979714eac0bf4c12403272f1ff941f6f31305a6640193ff24
              • Instruction Fuzzy Hash: 84917B71568345AFDB22DB65CC81FABBAECFF84744F80092EFA8592151E374D904CB62
              Function 012D273C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
              Download Yara Rule
              Strings
              • SXS: %s() passed the empty activation context, xrefs: 013121DE
              • .Local, xrefs: 012D28D8
              • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 013121D9, 013122B1
              • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 013122B6
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
              • API String ID: 0-1239276146
              • Opcode ID: b32ec5bfd78eb37f87e8b93d83a8b4e80af27d7354b3b49b124198d8333132e0
              • Instruction ID: f1e862f7bd3e389204678730e854e95e647801f6dc01eed401a91b040edd214f
              • Opcode Fuzzy Hash: b32ec5bfd78eb37f87e8b93d83a8b4e80af27d7354b3b49b124198d8333132e0
              • Instruction Fuzzy Hash: 62A1D13192122ADFDB25CF68CC84BEAB7B1BF58354F2441E9D908AB255D7309E81CF90
              Function 012D4AD0 Relevance: 5.2, Strings: 4, Instructions: 228COMMON
              Download Yara Rule
              Strings
              • RtlDeactivateActivationContext, xrefs: 01313425, 01313432, 01313451
              • SXS: %s() called with invalid flags 0x%08lx, xrefs: 0131342A
              • SXS: %s() called with invalid cookie type 0x%08Ix, xrefs: 01313437
              • SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix, xrefs: 01313456
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID: RtlDeactivateActivationContext$SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix$SXS: %s() called with invalid cookie type 0x%08Ix$SXS: %s() called with invalid flags 0x%08lx
              • API String ID: 0-1245972979
              • Opcode ID: dedb7798698d6d66ae37e40f80e89c98b03ed5f68ec0dd58fbfccd8d9acd9e2c
              • Instruction ID: 0996cde346f32ecc38cfcec79b3f4e2105e9ad1a676debed2f1d8569da84ae23
              • Opcode Fuzzy Hash: dedb7798698d6d66ae37e40f80e89c98b03ed5f68ec0dd58fbfccd8d9acd9e2c
              • Instruction Fuzzy Hash: A66169326607529FD726EF1CC881B3AB7E4FF90B24F14852DE955AB684DB30E800CB91
              Function 012A64AB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
              Download Yara Rule
              Strings
              • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 0130106B
              • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 01300FE5
              • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 01301028
              • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 013010AE
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
              • API String ID: 0-1468400865
              • Opcode ID: 5b9c4cef9ff89b235053566131b87238801f68e23507ba0c2018ca4ba5bf2f2f
              • Instruction ID: e92d0fa6dfd4c69629a1eb791529aaefa388554b18a7125de093263d8eafa95b
              • Opcode Fuzzy Hash: 5b9c4cef9ff89b235053566131b87238801f68e23507ba0c2018ca4ba5bf2f2f
              • Instruction Fuzzy Hash: C27102B19143069FCB21EF18C884BAB7FE8AF55754F840469FA898B286D374D588CBD1
              Function 012C245A Relevance: 5.1, Strings: 4, Instructions: 111COMMON
              Download Yara Rule
              Strings
              • LdrpDynamicShimModule, xrefs: 0130A998
              • minkernel\ntdll\ldrinit.c, xrefs: 0130A9A2
              • apphelp.dll, xrefs: 012C2462
              • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 0130A992
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
              • API String ID: 0-176724104
              • Opcode ID: 144ace345eb8204e13f3609e7d57bb5df70d829ad6d725561a3c8776c2558aea
              • Instruction ID: 3745182426ccf45861fcc4dcd1476a09f45a9bd21eae2e89ad5cb6135fcfe4d9
              • Opcode Fuzzy Hash: 144ace345eb8204e13f3609e7d57bb5df70d829ad6d725561a3c8776c2558aea
              • Instruction Fuzzy Hash: EA312CB5710302EBDB329F6DA995A7ABBFCFB84B08F15011DE9106B295C7715881C780
              Function 013220DE Relevance: 5.0, Strings: 4, Instructions: 41COMMON
              Download Yara Rule
              Strings
              • minkernel\ntdll\ldrinit.c, xrefs: 01322104
              • Process initialization failed with status 0x%08lx, xrefs: 013220F3
              • p-, xrefs: 013220EB
              • LdrpInitializationFailure, xrefs: 013220FA
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c$p-
              • API String ID: 0-2108767535
              • Opcode ID: 9aef3ee6c35a92d3003c24a1f6d812bcc12ddc7081b95921ffc2f36b7c380088
              • Instruction ID: 107f868cbc17dc06d1fa36004e2e401229cfcec1b0b7a1eef13dc3600dd605c2
              • Opcode Fuzzy Hash: 9aef3ee6c35a92d3003c24a1f6d812bcc12ddc7081b95921ffc2f36b7c380088
              • Instruction Fuzzy Hash: 54F0C275651318AFEB24FA4CCC46F9A376CFB40B58F200069FA007B2C5D2B1A940CA91
              Function 012B29A0 Relevance: 4.7, Strings: 3, Instructions: 966COMMON
              Download Yara Rule
              Strings
              • Unable to release memory at %p for %Ix bytes - Status == %x, xrefs: 012B327D
              • HEAP[%wZ]: , xrefs: 012B3255
              • HEAP: , xrefs: 012B3264
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
              • API String ID: 0-617086771
              • Opcode ID: bf3864ca2de2c5ea748e08fc16e9d1f8131d072a8553c2db84be9c511ac73117
              • Instruction ID: 04205d0d3f76ec2a77f676e6007ee595636e9c3445864e8875a3a8a02e16692a
              • Opcode Fuzzy Hash: bf3864ca2de2c5ea748e08fc16e9d1f8131d072a8553c2db84be9c511ac73117
              • Instruction Fuzzy Hash: EA92AA71A2424ADFEB25CF68C480BEEBBF1FF08340F188059E999AB251D775A945CF50
              Function 012B0770 Relevance: 4.2, Strings: 3, Instructions: 414COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
              • API String ID: 0-4253913091
              • Opcode ID: 3aa34b700e527d88882468f7db4c8206b2727f80ec02f156c2a35155605c8f48
              • Instruction ID: a822c7e39c175282210c41dedf7705995179c79f758e4c2aca5d083b51933322
              • Opcode Fuzzy Hash: 3aa34b700e527d88882468f7db4c8206b2727f80ec02f156c2a35155605c8f48
              • Instruction Fuzzy Hash: D2F1CE70610606DFEB2ACF68C894BAAB7F9FF44744F148168E5169B381D770E981CF94
              Function 012C6962 Relevance: 4.0, Strings: 2, Instructions: 1492COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID: $@
              • API String ID: 0-1077428164
              • Opcode ID: 5a084feb9f6ff76178c43239073b4178b0dae6a5862731a9d4af22eda6dae651
              • Instruction ID: 6799e801360dca7dba21b6f0877cddb1d679f487855aaffe1bb60b16ee0cfb3e
              • Opcode Fuzzy Hash: 5a084feb9f6ff76178c43239073b4178b0dae6a5862731a9d4af22eda6dae651
              • Instruction Fuzzy Hash: C8C281716283419FD725CF28C891BABBBE5BF88B54F048A2DFA89C7241D774D844CB52
              Function 0129A197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID: FilterFullPath$UseFilter$\??\
              • API String ID: 0-2779062949
              • Opcode ID: f1e5f92e61d24b8965d97ce344c6776af0f7014af5dce5fc6ecea8167617a337
              • Instruction ID: 72a50ad58d71481aeb76ff1e77c61ec7c0a9737b170656c9b5fc21829de33343
              • Opcode Fuzzy Hash: f1e5f92e61d24b8965d97ce344c6776af0f7014af5dce5fc6ecea8167617a337
              • Instruction Fuzzy Hash: DCA14A75D2162A9BDF31DB68CC88BAAB7B8EF44710F1001E9EA09A7250D7759E84CF50
              Function 012C0BCB Relevance: 4.0, Strings: 3, Instructions: 210COMMON
              Download Yara Rule
              Strings
              • minkernel\ntdll\ldrinit.c, xrefs: 0130A121
              • LdrpCheckModule, xrefs: 0130A117
              • Failed to allocated memory for shimmed module list, xrefs: 0130A10F
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
              • API String ID: 0-161242083
              • Opcode ID: 6607f0cc58a9689943498a15df44ae0e3bdf08d7d46d981ac9023886a103e4eb
              • Instruction ID: 2d95041d0a6264bcacfd82fb02301a0da25cb0e2a8301688b006fe9c101dea4b
              • Opcode Fuzzy Hash: 6607f0cc58a9689943498a15df44ae0e3bdf08d7d46d981ac9023886a103e4eb
              • Instruction Fuzzy Hash: 1471D0B4A10306DFDB29DF68C991BBEB7F8FB44708F14412DE602AB251E735AA41CB54
              Function 012B0A5B Relevance: 3.9, Strings: 3, Instructions: 190COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
              • API String ID: 0-1334570610
              • Opcode ID: 43712c23731b6fa186f84979e7716aa5d69c2b7ab62b12cca0f42470f85653e1
              • Instruction ID: c6aff0262fe8af64a9a8f89d5bb2073871785d259f333ba7e20b75a9d3fd8a43
              • Opcode Fuzzy Hash: 43712c23731b6fa186f84979e7716aa5d69c2b7ab62b12cca0f42470f85653e1
              • Instruction Fuzzy Hash: E761CF70620302DFDB2ACF28C491BABBBF5FF44748F148599E5598B292D770E881CB95
              Function 012DC720 Relevance: 3.9, Strings: 3, Instructions: 141COMMON
              Download Yara Rule
              Strings
              • Failed to reallocate the system dirs string !, xrefs: 013182D7
              • minkernel\ntdll\ldrinit.c, xrefs: 013182E8
              • LdrpInitializePerUserWindowsDirectory, xrefs: 013182DE
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
              • API String ID: 0-1783798831
              • Opcode ID: 04d37ed9feb6fa26b163c6511b6a6e3ce338053f47aed9c1e244875c253e09fc
              • Instruction ID: 5fae109c41dfdfc9a226464ef09b57978fc7e2d7453d36b44931397a733bbf28
              • Opcode Fuzzy Hash: 04d37ed9feb6fa26b163c6511b6a6e3ce338053f47aed9c1e244875c253e09fc
              • Instruction Fuzzy Hash: 934121B1521301EBDB25EB68D885BAB77ECAF48764F01092EFA48D3294E771D800CB91
              Function 0135C188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
              Download Yara Rule
              Strings
              • PreferredUILanguages, xrefs: 0135C212
              • @, xrefs: 0135C1F1
              • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 0135C1C5
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
              • API String ID: 0-2968386058
              • Opcode ID: 0553203751a00426568ed294a26071d05bae4ec4e62e735b0159dd5de8d9e7ad
              • Instruction ID: 1292161a6f2cf19b9af50684d7cb89b676ffa2192b55942fee4a8f174af477ff
              • Opcode Fuzzy Hash: 0553203751a00426568ed294a26071d05bae4ec4e62e735b0159dd5de8d9e7ad
              • Instruction Fuzzy Hash: C3416375E10309EBDF51DED8C891FEEBBBCAB14B4CF14416AEA05B7240D7749A448B90
              Function 01334144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
              • API String ID: 0-1373925480
              • Opcode ID: 4c0c2241e50315929d904814814933a05aea244881a7dc623787ea9dd2d5b9e5
              • Instruction ID: df7c651e8ea1b2b47858b489d7f6d860ce329c92e1ad33c4cc5d1a93f009076f
              • Opcode Fuzzy Hash: 4c0c2241e50315929d904814814933a05aea244881a7dc623787ea9dd2d5b9e5
              • Instruction Fuzzy Hash: CF41FF32A10659CBEB26DBE8C844BADBBB8FF95348F24045AD941FB791DB348901CB54
              Function 01324755 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
              Download Yara Rule
              Strings
              • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 01324888
              • minkernel\ntdll\ldrredirect.c, xrefs: 01324899
              • LdrpCheckRedirection, xrefs: 0132488F
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
              • API String ID: 0-3154609507
              • Opcode ID: b2c7ad165838a7e56ac19d238d33e18c1c1498de7b235ca050492e4eff6809bb
              • Instruction ID: 9b667d4c2a82d5bed92278418ad49d31697adc9fb99ee86c2b61d4ae7f0b9a89
              • Opcode Fuzzy Hash: b2c7ad165838a7e56ac19d238d33e18c1c1498de7b235ca050492e4eff6809bb
              • Instruction Fuzzy Hash: 1D41BE72A242719BCB21EF6CD840A267FE8BF49B58F060569ED699B311D772D800CB91
              Function 012B0BBE Relevance: 3.8, Strings: 3, Instructions: 70COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
              • API String ID: 0-2558761708
              • Opcode ID: 347758de7470c21b4a55f74c7b57257e6112124a5872192eb529962bf1b13f5b
              • Instruction ID: bf2583a1f3f82af69d0ac12e7711118456d90cffad370db9ccbe0d7293d9b12e
              • Opcode Fuzzy Hash: 347758de7470c21b4a55f74c7b57257e6112124a5872192eb529962bf1b13f5b
              • Instruction Fuzzy Hash: 2411C0313351429FDB2ACB18C495BBAB3A8AF40B59F158159F4069B691EB30D840CB54
              Function 012B03E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON
              Download Yara Rule
              APIs
              Strings
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID: ___swprintf_l
              • String ID: #%u
              • API String ID: 48624451-232158463
              • Opcode ID: 0ca2541f83fa045fe0748bcf85d99558cf26453f2c944f7fc14f2531fddb98f1
              • Instruction ID: a446487fb6079a693f5fd6232310fb0d077cbfad36858772d65822b694c3b9c0
              • Opcode Fuzzy Hash: 0ca2541f83fa045fe0748bcf85d99558cf26453f2c944f7fc14f2531fddb98f1
              • Instruction Fuzzy Hash: A0714D71A1014A9FDB06DF98C994BAEB7F8FF08744F144065EA05E7251EA38EE05CB64
              Function 012AA9D0 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
              Download Yara Rule
              Strings
              • LdrResSearchResource Enter, xrefs: 012AAA13
              • LdrResSearchResource Exit, xrefs: 012AAA25
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
              • API String ID: 0-4066393604
              • Opcode ID: 89ce423015bb5906aef44b86edf35fd8b5e5349765d749ae24496085cb5ae878
              • Instruction ID: f11ede663ccb09e5a9ea7548fb6682fa1c1ca7ff384c90e57c7eefe7f8d484cb
              • Opcode Fuzzy Hash: 89ce423015bb5906aef44b86edf35fd8b5e5349765d749ae24496085cb5ae878
              • Instruction Fuzzy Hash: 51E1A571E202199FEB22CF99C994BAEBBF9FF18354F50442AE901E7281E774D940CB50
              Function 0136A352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID: `$`
              • API String ID: 0-197956300
              • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
              • Instruction ID: 95440620b5c19d16c140e4088e1f42bad6c5564f98193c9a130849c75e924f8e
              • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
              • Instruction Fuzzy Hash: 41C1E2312043469BE725CF28C841B6BBBE9BFC4318F188A2CF696EB294D774D905CB51
              Function 0131E6F2 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID: InitializeThunk
              • String ID: Legacy$UEFI
              • API String ID: 2994545307-634100481
              • Opcode ID: 073dfb035bffb69fd21ecce6280dd9b93d59724dec72558eec1a83f1b35e95fc
              • Instruction ID: d877a86f3f7b0fb25655fa65ab8b6ee6c1eb7764de9cda3c11d1f6244a2863ea
              • Opcode Fuzzy Hash: 073dfb035bffb69fd21ecce6280dd9b93d59724dec72558eec1a83f1b35e95fc
              • Instruction Fuzzy Hash: 3A615E71E102199FEB19DFA8C840BADBBF9FB48704F14407DEA59EB295D732A940CB50
              Function 013443D4 Relevance: 2.7, Strings: 2, Instructions: 169COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID: @$MUI
              • API String ID: 0-17815947
              • Opcode ID: 4f302e938fb252acc6cbcf066be84533283fd71e90a4400130e977296e1dff7b
              • Instruction ID: 9f8d1ef4853555d6c228c03389c08c385cd37e4b29a11e7645b7ee3b6d57e5f2
              • Opcode Fuzzy Hash: 4f302e938fb252acc6cbcf066be84533283fd71e90a4400130e977296e1dff7b
              • Instruction Fuzzy Hash: B9510771E1021DAFDF11DFA9CC84BEEBBFCAB44758F100569E615B7290D670A905CBA0
              Function 012A04E5 Relevance: 2.7, Strings: 2, Instructions: 153COMMON
              Download Yara Rule
              Strings
              • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 012A063D
              • kLsE, xrefs: 012A0540
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
              • API String ID: 0-2547482624
              • Opcode ID: 0a999f0509883676219a1bc0bfbf25977653170c8a096945506c42321f2229b6
              • Instruction ID: 2b2a897eea450ec24adfdcbeb508d6b6ed9266158d96368e49f1cf78a9981ac5
              • Opcode Fuzzy Hash: 0a999f0509883676219a1bc0bfbf25977653170c8a096945506c42321f2229b6
              • Instruction Fuzzy Hash: 8051ACB15247438FD724EF69C4406A7BBE4AF84708F50483EEAEA87241E770E545CB9A
              Function 012AA2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
              Download Yara Rule
              Strings
              • RtlpResUltimateFallbackInfo Exit, xrefs: 012AA309
              • RtlpResUltimateFallbackInfo Enter, xrefs: 012AA2FB
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
              • API String ID: 0-2876891731
              • Opcode ID: 324548ccf7112adbbdd152ad05a6e02ef11482b3b254938373c0bff9c7323f46
              • Instruction ID: 8f799578399cab6d51ca40d875d671a9882acdb4280f2c2133739a4682e2453a
              • Opcode Fuzzy Hash: 324548ccf7112adbbdd152ad05a6e02ef11482b3b254938373c0bff9c7323f46
              • Instruction Fuzzy Hash: 3A41CF30A24A5ADBEB16CF6DC894B6EBBF4FF84704F1440A5EA01DB291E3B5D900CB50
              Function 012DA5D0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID: InitializeThunk
              • String ID: Cleanup Group$Threadpool!
              • API String ID: 2994545307-4008356553
              • Opcode ID: 99697027cb34ea42b1400a55b5f998e04e021b058fb2b1547ba642b9dea62084
              • Instruction ID: 4be5f52c8ed8b48ea8a3c65a9cd1059cd7127c788bf867d176f15edd4786ac9a
              • Opcode Fuzzy Hash: 99697027cb34ea42b1400a55b5f998e04e021b058fb2b1547ba642b9dea62084
              • Instruction Fuzzy Hash: 1701F4B2264744EFE311DF14CD46F26B7E8E794725F048939B648C7190E3B4D804CB86
              Function 012AC7C0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID: MUI
              • API String ID: 0-1339004836
              • Opcode ID: 555e0cdb3d08d517b7cc5338efcb14f2f83b0d5085fc5d475202b94aaa5b752e
              • Instruction ID: 863bc4a5cb50049f4f3df88b68916e070544acaacaf600e718686018a3a20163
              • Opcode Fuzzy Hash: 555e0cdb3d08d517b7cc5338efcb14f2f83b0d5085fc5d475202b94aaa5b752e
              • Instruction Fuzzy Hash: 3A827C75E202198FEB25CFA8C880BEDBBB5FF48310F54816AEA19AB751D7709941CF50
              Function 01326420 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID: 0-3916222277
              • Opcode ID: 3a5be0288bf0cf5e1b3ce9999143181a5b5bea9d4a168913eabd574b2956f4dd
              • Instruction ID: 9003dd1b5348f50a352353df46deca179f8dbc438a4c5f59e65b3f549fbb7061
              • Opcode Fuzzy Hash: 3a5be0288bf0cf5e1b3ce9999143181a5b5bea9d4a168913eabd574b2956f4dd
              • Instruction Fuzzy Hash: 409174B1910229AFEB21EF95CC85FAE7BB8EF14B54F104155FB01AB190D774AD04CB90
              Function 0134E10E Relevance: 1.5, Strings: 1, Instructions: 255COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID: 0-3916222277
              • Opcode ID: c7a778044852059cc8f3a7d58b5db7f98509bcaa9493062bdc2190114dcf1882
              • Instruction ID: f84dcccdb406f2964547e9e34aabe2644b868e1bdcd3556b435409a63b6bad8f
              • Opcode Fuzzy Hash: c7a778044852059cc8f3a7d58b5db7f98509bcaa9493062bdc2190114dcf1882
              • Instruction Fuzzy Hash: ED918F72910649BFDB26ABA5DC84FEFBBB9FF55748F100029F501A7250E778A901CB90
              Function 012DA660 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID: GlobalTags
              • API String ID: 0-1106856819
              • Opcode ID: 0c8beab8328416843eb8e13beaba365417e05789ddb8b013ea4ae573c872da08
              • Instruction ID: 78f06120e95582ac7359ca8ded13c2d1962694f48cc577c5c893ee15b3d9d061
              • Opcode Fuzzy Hash: 0c8beab8328416843eb8e13beaba365417e05789ddb8b013ea4ae573c872da08
              • Instruction Fuzzy Hash: FC7180B5E0021ACFDF28CF9CD591AADBBB1BF88714F14812EE905A7245E7B19941CB50
              Function 01344978 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID: .mui
              • API String ID: 0-1199573805
              • Opcode ID: e7d3660928202ef1737245f16da4205463189b8dfc393eb7c5a00ed63c289419
              • Instruction ID: 5d7f1123de0ae5fbbd480db695ef7ffb340c9def6016aed7fa7c4644316192b0
              • Opcode Fuzzy Hash: e7d3660928202ef1737245f16da4205463189b8dfc393eb7c5a00ed63c289419
              • Instruction Fuzzy Hash: 3F519372D1022A9BDF10DF99D940BAEBBF8AF04758F054139EA11BB240D738AC01CBE4
              Function 012BE627 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID: EXT-
              • API String ID: 0-1948896318
              • Opcode ID: 0bec5c9219768c0c16e4fe987f07d647e7878bc4508f61df3549df0257b1df17
              • Instruction ID: ae67c54eb3e089ed7d83a6b9a5446da9d2049d32c6aa0426a9d4fd18fb2b0406
              • Opcode Fuzzy Hash: 0bec5c9219768c0c16e4fe987f07d647e7878bc4508f61df3549df0257b1df17
              • Instruction Fuzzy Hash: D441B372528302ABD715DA75C880BEBB7E8AF98784F450A2DF684D7140E674D904C793
              Function 0131C730 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID: BinaryHash
              • API String ID: 0-2202222882
              • Opcode ID: 4dd24f75e157d9e3839e10701d3a090cd757ce8a21e8075f15477d77129c06c1
              • Instruction ID: cc51d99bddd9ca2574745f50b11037f2787156c1db97c8acc4981c880b6617ff
              • Opcode Fuzzy Hash: 4dd24f75e157d9e3839e10701d3a090cd757ce8a21e8075f15477d77129c06c1
              • Instruction Fuzzy Hash: 344154B1D5012DABDF21DA54CC84FEEBB7CAB44718F4045A5EA08A7144DB709E89CF94
              Function 01336B40 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID: #
              • API String ID: 0-1885708031
              • Opcode ID: 119b87fabfedb641c6ebb54b7089b0e55829c207cd16651f4f06057ca0626143
              • Instruction ID: 299319f2de6dd81b9c74503574f56a273c85efd0fbea8d38f41b3eae0704f2c8
              • Opcode Fuzzy Hash: 119b87fabfedb641c6ebb54b7089b0e55829c207cd16651f4f06057ca0626143
              • Instruction Fuzzy Hash: 58314C71A00749AFDF22DB69C855BEE7BB8DF84708F504028EA419B282C775DE05CB58
              Function 0131CA72 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID: BinaryName
              • API String ID: 0-215506332
              • Opcode ID: 166527cdca6568100f6c1ab0e9435f2ffb0d73c5b3d1a2e9b29ae3ae10ef3337
              • Instruction ID: 20ef9a04011c06ef982dfa85e52f768cdc39b9382176b7bdd9ba10948b31f551
              • Opcode Fuzzy Hash: 166527cdca6568100f6c1ab0e9435f2ffb0d73c5b3d1a2e9b29ae3ae10ef3337
              • Instruction Fuzzy Hash: 73310536940519AFEB1ADA58C845EBFBB78FB80754F018129E901E7250D730AE00D7E0
              Function 013206F1 Relevance: 1.3, Strings: 1, Instructions: 79COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID: p-
              • API String ID: 0-429624042
              • Opcode ID: 6792ca315700078e04c5a88999ba5abd8bdd3ca22cab6b069f169c6c65972efd
              • Instruction ID: d2064143d9b630e9f05b23467eab3b8407a7c9328fe26d008dcc4261dc10cc6d
              • Opcode Fuzzy Hash: 6792ca315700078e04c5a88999ba5abd8bdd3ca22cab6b069f169c6c65972efd
              • Instruction Fuzzy Hash: 0C218D71910229ABCF25EF59C881ABEB7F8FF48744F540069F941AB250D738AD52CBA0
              Function 01320946 Relevance: 1.3, Strings: 1, Instructions: 70COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID: p-
              • API String ID: 0-429624042
              • Opcode ID: 7e10b9fc46bb7cfbff23bfbe65719a1a2a4eb4fb4c622d19566079ddcefe934d
              • Instruction ID: 1839694f06507a456fbb269e67d9fbc417cead2e09c3737ebe8398e46c39be59
              • Opcode Fuzzy Hash: 7e10b9fc46bb7cfbff23bfbe65719a1a2a4eb4fb4c622d19566079ddcefe934d
              • Instruction Fuzzy Hash: E42148B1E10218ABCB24DFAAD880AAEFBF8FF98704F10012FE405A7254D7709945CF60
              Function 012CEA2E Relevance: 1.3, Strings: 1, Instructions: 56COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID: 3
              • API String ID: 0-4259502353
              • Opcode ID: 7f2cd45cf8da1aeee0b6681cbdb8518d7d12465d07d600ba5afb6be3890d9078
              • Instruction ID: 5276aa92b980815549c9f22c07e625a8f12b59701821b412f66fff67ed5e4563
              • Opcode Fuzzy Hash: 7f2cd45cf8da1aeee0b6681cbdb8518d7d12465d07d600ba5afb6be3890d9078
              • Instruction Fuzzy Hash: BE01DE7151010A9FDB26DB28D444F26BBFDFF85718F22826EE2048B260D770AC86CB90
              Function 0132892A Relevance: 1.3, Strings: 1, Instructions: 47COMMON
              Download Yara Rule
              Strings
              • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 0132895E
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
              • API String ID: 0-702105204
              • Opcode ID: b070fb8cd30150f955688b7d48990200096ab59755f41991a9bdc4d2ebd0b209
              • Instruction ID: fb1a96db81324ee40d244c557c1fd7fce682cde41dff86aa12b97e4877a173d1
              • Opcode Fuzzy Hash: b070fb8cd30150f955688b7d48990200096ab59755f41991a9bdc4d2ebd0b209
              • Instruction Fuzzy Hash: DF01A2323102359FEB257F5A9884BAA7BA9EF8575CF0404ADF68116951CB21B881C792
              Function 01342000 Relevance: .8, Instructions: 757COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ebabc86d307afabdc4dcfa8e0f1ee906453784c1931b6242c19dbd422864cbdd
              • Instruction ID: 57e06e7d60508285ccd518edc1d8ce2330483469f76e8a5ff486de2618a15024
              • Opcode Fuzzy Hash: ebabc86d307afabdc4dcfa8e0f1ee906453784c1931b6242c19dbd422864cbdd
              • Instruction Fuzzy Hash: 5942D4356183418FE725CF68D890A6FBBE5FF88308F08092DFA82A7250D771E845CB52
              Function 01338158 Relevance: .6, Instructions: 617COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2f7647eff39fcc584bbf2ca6a3fbe8c924bb3c9fcc2d990236875d868a4b6799
              • Instruction ID: 1297017404391ee88b86725aea8f0d9506d96da3149ea723bf2903bf1e23ab10
              • Opcode Fuzzy Hash: 2f7647eff39fcc584bbf2ca6a3fbe8c924bb3c9fcc2d990236875d868a4b6799
              • Instruction Fuzzy Hash: A5427C75E102198FEB25CF69C881BADBBF5BF88314F1482D9E948EB242D7349981CF54
              Function 012B2840 Relevance: .6, Instructions: 605COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 41fd215446eced2548f2ab31a9307331f45e4c0d637a2b3de34d31cff818d4cf
              • Instruction ID: ed22d5960ebae5d10775a96999894c8c5b337f666195b7580ce7a8062ab4a4f4
              • Opcode Fuzzy Hash: 41fd215446eced2548f2ab31a9307331f45e4c0d637a2b3de34d31cff818d4cf
              • Instruction Fuzzy Hash: 383212B0A00719CFDB26CF69C8617BEBBF6BF84708F24411DD5469B688D735A921CB50
              Function 0134A118 Relevance: .6, Instructions: 591COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b7d5ea316e8fec127300264815ec260de257b1ba39bbe2d90c04746cf6dee24f
              • Instruction ID: a859f40d181ad4130b9abf5b85aabe7e82c528915a61e02211bcf47701731581
              • Opcode Fuzzy Hash: b7d5ea316e8fec127300264815ec260de257b1ba39bbe2d90c04746cf6dee24f
              • Instruction Fuzzy Hash: 6022E2742846658FEB25CF2DC094376BBF1AF44308F088499E9978F686E739F452DB60
              Function 012A6A50 Relevance: .5, Instructions: 548COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c488d1ed214141ebb407204dcb26e71e8dcf766d4e642bb822f0de302a310a81
              • Instruction ID: 5301332f2d2b6228f9649141aff125580efc4acf8a3fbf57d071050a08dbf50b
              • Opcode Fuzzy Hash: c488d1ed214141ebb407204dcb26e71e8dcf766d4e642bb822f0de302a310a81
              • Instruction Fuzzy Hash: 1C32E071A10205CFDB26CF68C490BAEBBF5FF48304F588569EA56AB391D774E841CB90
              Function 012C4A35 Relevance: .4, Instructions: 423COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
              • Instruction ID: c2d1dd2d01608a6b361c801ed36a44e5b4cdc4637b4f04c5035b0b0ac9ffce67
              • Opcode Fuzzy Hash: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
              • Instruction Fuzzy Hash: 91F1A270E1024A9BDB15DF98C4A0BAFBBF5BF44B14F04822DEA05AB354E774E941CB50
              Function 0133892B Relevance: .4, Instructions: 386COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d83c25876a2545c23fbab93e97e85d44fe3aa59bb97606f633b0edd55e3ccbf6
              • Instruction ID: 84a3227c8521149aec8da1e15cd5a50d3f1cd30ca944757e7fb7a61c961e0844
              • Opcode Fuzzy Hash: d83c25876a2545c23fbab93e97e85d44fe3aa59bb97606f633b0edd55e3ccbf6
              • Instruction Fuzzy Hash: 42D1E571E0060A8BDF19CF69C841AFEB7F5AFC8308F1882A9E955E7241D735E906CB54
              Function 012A65D0 Relevance: .4, Instructions: 383COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1c77143bd6b0f82fa211483e19e1dca37bda120e4983ff5e502684591310744e
              • Instruction ID: bceb7afba0c06ed0744c021eabe2fd6ab114ccdec0db98dcf796504dc46e97de
              • Opcode Fuzzy Hash: 1c77143bd6b0f82fa211483e19e1dca37bda120e4983ff5e502684591310744e
              • Instruction Fuzzy Hash: 09E1A071618342CFC719CF28C490A6ABBF1FF89314F49896DE99587351EB31E909CB92
              Function 01298397 Relevance: .4, Instructions: 380COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 19aada6fab5ebf82a6cc29f27773983ca6441e7f1ba0536ceaacf56f72045736
              • Instruction ID: 6ef4da9e30970a976cb209fdad4e6bda949576a94c32117081460788eca9c8f0
              • Opcode Fuzzy Hash: 19aada6fab5ebf82a6cc29f27773983ca6441e7f1ba0536ceaacf56f72045736
              • Instruction Fuzzy Hash: 61D1D171A2020A9FDF18DF6CC881ABEB7A5FF55704F08422DEA16DB280E734D955CB60
              Function 01328243 Relevance: .3, Instructions: 322COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
              • Instruction ID: 10e0dca906b6ac123df0e637929c79086fae1153c4449d15b85bd00ce7e99d90
              • Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
              • Instruction Fuzzy Hash: 1DB14274A007159FDB24EF99C940AABBBF9FF85308F14449DEA4297790DB34E905CB10
              Function 012B0535 Relevance: .3, Instructions: 300COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
              • Instruction ID: c49523593831bff375aaadf0eadef46d10e64f9e10ada707aae4ea0447fbd1e1
              • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
              • Instruction Fuzzy Hash: 25B11531620646AFDB27CB68C890BBFBBF6BF84344F140159E65297281DB70EE41CB94
              Function 012A83C0 Relevance: .3, Instructions: 281COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: af4fca12e1e4b7bc863c3683bc3e5cb33e83ad66f9984a0e970ad1fe2d787ad0
              • Instruction ID: db9e0aeda2609311cc3bd86668f5f88f5d92955e21e826f8c64f399d8c36d8ff
              • Opcode Fuzzy Hash: af4fca12e1e4b7bc863c3683bc3e5cb33e83ad66f9984a0e970ad1fe2d787ad0
              • Instruction Fuzzy Hash: 07C147741183818FE764DF19C494BABB7E5FF88308F44496DEA8987291D774E908CF92
              Function 0129C427 Relevance: .3, Instructions: 280COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 29c8d019f3018da51627ac1696b6a6f9316f6327480401ec5a932857c012c315
              • Instruction ID: e3922fbfb3df9a6ea3dee2f11a8fdd7af75663d88349366f1b54f81810947203
              • Opcode Fuzzy Hash: 29c8d019f3018da51627ac1696b6a6f9316f6327480401ec5a932857c012c315
              • Instruction Fuzzy Hash: 3FB16170A202668BDB74DF58D890BB9B7B5EF44700F0485E9D60AE7281EB70DD85CB20
              Function 012CE5E7 Relevance: .3, Instructions: 278COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7edba76320f7020c90652d4404b22f72c9adf20562acee10987e584dd11c7e17
              • Instruction ID: 078dd5ad5f9b67ee8ef07b389e3c5196b01c6f87d291b2e34b3f5568545ea502
              • Opcode Fuzzy Hash: 7edba76320f7020c90652d4404b22f72c9adf20562acee10987e584dd11c7e17
              • Instruction Fuzzy Hash: 92A12531E206159FEB36DB5CC855BAEBFE8BB01B18F160219EB01AB2C1D7749D40CB91
              Function 012E0185 Relevance: .3, Instructions: 276COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6f8944689332c294304abfff2a8739e33e83073b601cbd3744e9082c6c2706bd
              • Instruction ID: 8b30b52b9f2b9d789f5037fbcc079555a6d7218c865bc2fa912a731959c70d90
              • Opcode Fuzzy Hash: 6f8944689332c294304abfff2a8739e33e83073b601cbd3744e9082c6c2706bd
              • Instruction Fuzzy Hash: 65A11571B20616DFDB24CF69C9A4BBAB7F5FF54318F404029EA05A7281DBB4E812CB54
              Function 01374500 Relevance: .3, Instructions: 275COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ab750fb843308f0ee118cabac714b2ff0c0ae81766be121de6392af92f843e9c
              • Instruction ID: 578bbc7bc1d33b472f4e2cce9085e1f39642234bea327817e1b0b1144c62f60d
              • Opcode Fuzzy Hash: ab750fb843308f0ee118cabac714b2ff0c0ae81766be121de6392af92f843e9c
              • Instruction Fuzzy Hash: A0A1EDB2A14252EFC722DF28C980B6ABBE9FF48758F450528F5959B651D339FC00CB91
              Function 013260E0 Relevance: .3, Instructions: 264COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e299d7a5b01fe199c6f85d8c6767afb51200444fc8abdfb699dce3e08986e276
              • Instruction ID: ccdc0167445cb726bdd164d28b0d9cffecfddc5dfacb28c7a651f20c563f8267
              • Opcode Fuzzy Hash: e299d7a5b01fe199c6f85d8c6767afb51200444fc8abdfb699dce3e08986e276
              • Instruction Fuzzy Hash: 1D91B4B1D0022AAFDB15DF68D885BBEBBB9AF48714F154159EA10AB350D734E9008BA0
              Function 012BE3F0 Relevance: .3, Instructions: 261COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5e4b8153ffda9b487a4df9e281b890f5aa8c0d61cff4eec69e659d409a47df64
              • Instruction ID: 419244d09fb893b829e62d1c89da8ddd140373acb52c798d959828c466b95840
              • Opcode Fuzzy Hash: 5e4b8153ffda9b487a4df9e281b890f5aa8c0d61cff4eec69e659d409a47df64
              • Instruction Fuzzy Hash: 61916871A20212CBEB25DB1CD8C1BFE7BF1EF94798F064065EA059B381E638D941C751
              Function 012F6ACC Relevance: .2, Instructions: 226COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 91ad97794c0d421d5af5409a9f74571b841d55e2ecfa133b6441bc1ec1547ced
              • Instruction ID: 1185d4a3d185f5758b92c922deb99b50aac14a4f36a1ca25fcbba6da8bdf1222
              • Opcode Fuzzy Hash: 91ad97794c0d421d5af5409a9f74571b841d55e2ecfa133b6441bc1ec1547ced
              • Instruction Fuzzy Hash: D281A371A1061A9BDB18CFA9D844ABEFBF9FB48700F04853EE645E7640E334D940CBA4
              Function 0136AB40 Relevance: .2, Instructions: 222COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
              • Instruction ID: ca6b83a99956398b582bbfc5750678eba272a6c9eb87d4852b837c9860fe4293
              • Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
              • Instruction Fuzzy Hash: AA817171A102099FDF19CF98C890AAEBBFAFF94314F18C569D916AB348D774E901CB50
              Function 01296D10 Relevance: .2, Instructions: 216COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 26f224f31583e8b4d4e8aca31077685ec7a653a92f49cc3680bc284e9cc0d8d9
              • Instruction ID: 29ff524a35329097486d35f76be412f6297a4d627cf5de8438cd37be5900c7d9
              • Opcode Fuzzy Hash: 26f224f31583e8b4d4e8aca31077685ec7a653a92f49cc3680bc284e9cc0d8d9
              • Instruction Fuzzy Hash: 06718D71A242039BDF21DE19C981B6AF7E8AB48258F14493EFB55D7340E730E8C48B92
              Function 012DE284 Relevance: .2, Instructions: 212COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8bb15e41af9f035862766101a1f96671bbfdced69f39e0af7b220ca08dd32fde
              • Instruction ID: 5ee7516bfd4cdef2b72a1d302d5b82f0e395a948856f36598e98a9a016f3295b
              • Opcode Fuzzy Hash: 8bb15e41af9f035862766101a1f96671bbfdced69f39e0af7b220ca08dd32fde
              • Instruction Fuzzy Hash: F0815F71A10609EFDB25CFA9C880BEEBBF9FF48354F114429E656A7250DB70AC45CB60
              Function 012BC640 Relevance: .2, Instructions: 206COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1aa54362b0e084398961d58119626a8060a4f0e593488e05748a23892ab16ae4
              • Instruction ID: bb415d979aea5fcd167e6d1ffd34fbb779a4ce73f1d9b03f50dd8e454aed8aed
              • Opcode Fuzzy Hash: 1aa54362b0e084398961d58119626a8060a4f0e593488e05748a23892ab16ae4
              • Instruction Fuzzy Hash: 6471D0B5C25625DBCB2A8F58C4A07FEBBF9FF58754F14425AE941AB390D3709810CB90
              Function 013547A0 Relevance: .2, Instructions: 202COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e23135e8bd3bc15107e01b840e6379504d5a452d859e2c14068db3b9e7c331b9
              • Instruction ID: 55f794d8796b9bfdda9936ac313ed51ef3c252388e8f7535097417c8544123af
              • Opcode Fuzzy Hash: e23135e8bd3bc15107e01b840e6379504d5a452d859e2c14068db3b9e7c331b9
              • Instruction Fuzzy Hash: AD71B9B0902205EFEFA8CF59D946E9ABBFCFF80704F10415AEA1497258E7729984CF54
              Function 012B260B Relevance: .2, Instructions: 201COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1614dd17b04cbf110a0c982d11e40a443ccc715c9c81cc5e8c38dc2b51a48904
              • Instruction ID: 9ad501e14b8e3ae763b3c67ca26e0b4b4221a74aed9cdfb144bc777119503a6d
              • Opcode Fuzzy Hash: 1614dd17b04cbf110a0c982d11e40a443ccc715c9c81cc5e8c38dc2b51a48904
              • Instruction Fuzzy Hash: B471EF71624242CFD316DF2CC480BAAB7E5FF84354F0485A9E9988B356EB34E846CB91
              Function 0132035C Relevance: .2, Instructions: 198COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
              • Instruction ID: 81b55898be2610977f4eaf7218758e2fb9c59f694c91a09b79a0b3e5a06da96b
              • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
              • Instruction Fuzzy Hash: 53718F71A1061AEFDB14EFA9C984EEEBBB9FF48304F104569E505E7250DB34EA05CB90
              Function 013362A0 Relevance: .2, Instructions: 198COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d0e974e459c7fe5ab68152d738e02c43cc32b12f4a06272b5d31db1bf681ff52
              • Instruction ID: a2fb182398d7bc62d22ce9ec75c1be192c102442d978cf57c97ac8369f17fb1d
              • Opcode Fuzzy Hash: d0e974e459c7fe5ab68152d738e02c43cc32b12f4a06272b5d31db1bf681ff52
              • Instruction Fuzzy Hash: 0E7103B2600701FFEB22CF18C846F66BBE6EF80768F154418E216976A1D771EA44CB54
              Function 012A8AA0 Relevance: .2, Instructions: 197COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2669609ed0f3a4732a71a75551a46745d0326916cc48da5245864a1ed7c1ef35
              • Instruction ID: 9499ea84c65fe130cd843631a38f58e18d2d2111d9da460239ccc821b9b9c4aa
              • Opcode Fuzzy Hash: 2669609ed0f3a4732a71a75551a46745d0326916cc48da5245864a1ed7c1ef35
              • Instruction Fuzzy Hash: A2810F72A14306CFDB26CF98C598BAEB7F9BF48318F55412DDA01AB281E3759D01CB90
              Function 0135A250 Relevance: .2, Instructions: 184COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1e359847279f89018bb96eb8c17f6f8c277c6d766198b48fac22c91c77ccdbd3
              • Instruction ID: 22bbe1455441c94569d256bf7b20800db1a79daa4054e82cf1316ab5ef1ee71f
              • Opcode Fuzzy Hash: 1e359847279f89018bb96eb8c17f6f8c277c6d766198b48fac22c91c77ccdbd3
              • Instruction Fuzzy Hash: C451C5B2504752AFD751DEA8C844E6BBBE8EFC5B58F010A29BE40EB250D770DD05C792
              Function 01348350 Relevance: .2, Instructions: 161COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: eb12d7618a3372055e7132b3cf4673c7a2b3419d6930aab804e78124a056a262
              • Instruction ID: a6beb3efee1fdf400d273a265710b3424a3ce1b356e3603008fffa1e99164e79
              • Opcode Fuzzy Hash: eb12d7618a3372055e7132b3cf4673c7a2b3419d6930aab804e78124a056a262
              • Instruction Fuzzy Hash: 7C51C070900709DFD721DF9AC884AABFBF8BF54718F10465ED296A76A0C7B0B545CB90
              Function 012DE443 Relevance: .2, Instructions: 158COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: de7eb2aa2fa996ca6b1816760f2ea49cbc84e16293ca45337a1b322a953bcfb8
              • Instruction ID: ebaa47c465c68698951cc53204346e1cb147d179777f996cbfd03474d5ede91a
              • Opcode Fuzzy Hash: de7eb2aa2fa996ca6b1816760f2ea49cbc84e16293ca45337a1b322a953bcfb8
              • Instruction Fuzzy Hash: 45514A71220A05DFCB22EFA9C9D0FAAB3F9FF14784F410429E6569B260D734E941CB50
              Function 01344180 Relevance: .2, Instructions: 156COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0b2e0f3fcd1f2f3966831417013c26cec9913f3081575089d9c99b332b98fd3f
              • Instruction ID: 9d107c6a7e9f155c03d3800a7e0781b4d36df49f84a4b53381f93b3b898e047f
              • Opcode Fuzzy Hash: 0b2e0f3fcd1f2f3966831417013c26cec9913f3081575089d9c99b332b98fd3f
              • Instruction Fuzzy Hash: DF5187716083428FD750DF29D880A6BBBE5BFC8A08F444A3DF589C7250EB30E915CB92
              Function 012C45B1 Relevance: .2, Instructions: 156COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
              • Instruction ID: 2cdcd0fa8b5190362ab9eca24f30df5d9d4b406951ab26ffc585ac89f1bdd321
              • Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
              • Instruction Fuzzy Hash: EC519F75E1024AABDF16EF94C860BFFBBB5AF44B54F044269EA01AB240D774D944CBA0
              Function 0132E9E0 Relevance: .2, Instructions: 154COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
              • Instruction ID: c4f765e25a90e2a8939d8250025d36391843e0fcc7665279afd803b4b8dce483
              • Opcode Fuzzy Hash: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
              • Instruction Fuzzy Hash: F051BA71D0422AEFEF11AF98C896BAEBBB9AF00318F154675D61267190D7709D40CBA0
              Function 01368B28 Relevance: .2, Instructions: 152COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0a4d1d5cebed1faea439611804384b05d7d477575b972c17f36bd6397765fcc1
              • Instruction ID: 958baf0fcca350d31e9d8f765a2372cde0167ee0bac8b22ce20ea97ba90044a0
              • Opcode Fuzzy Hash: 0a4d1d5cebed1faea439611804384b05d7d477575b972c17f36bd6397765fcc1
              • Instruction Fuzzy Hash: F441D4B07017019BDB29DB2DC894B7BFB9EEF98228F04C659E9559728CDB70D801C691
              Function 0132CBF0 Relevance: .1, Instructions: 148COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 43bcb6850825f8a6bd1ecb7cb1ca7551572debf45223a1b7cb59b09921244f96
              • Instruction ID: a23b6f976b413f40778ca41b1562463004cf6d7984243671dde4b9f34cf169e9
              • Opcode Fuzzy Hash: 43bcb6850825f8a6bd1ecb7cb1ca7551572debf45223a1b7cb59b09921244f96
              • Instruction Fuzzy Hash: 76518CB290022ADFCB20EFA9C9C09AEBBB9FF48358B515529D505A7700D731AD01CBD0
              Function 012DA430 Relevance: .1, Instructions: 139COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2cbf9a3be8dd64cf91a788b88002d9c46634af51a8e8a6cf455a30b597ef831e
              • Instruction ID: b826430f3de4fb503b5adf406514840fc03bd78bc0a3fabcd3abf135b418dd35
              • Opcode Fuzzy Hash: 2cbf9a3be8dd64cf91a788b88002d9c46634af51a8e8a6cf455a30b597ef831e
              • Instruction Fuzzy Hash: 5A412B72660206DBDF29EFA8E883F7A7769EB5871CF41046CEE429B245D7B2D810C750
              Function 0136A9D3 Relevance: .1, Instructions: 139COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
              • Instruction ID: fa460c58a5150c77ce946287a89193826a4ada1e3d0e6c5b95bbd5cea02674ba
              • Opcode Fuzzy Hash: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
              • Instruction Fuzzy Hash: D441E5716107169FEB25CF28C984A6EB7ADFF80318B05C62EE95297648EB30ED14C7D0
              Function 012D01F8 Relevance: .1, Instructions: 138COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d13185bd8c80a0f387e9285c5138b4752c396becbf11ca09441e1855d42333a3
              • Instruction ID: a8bdf8f0763995cab4c24797d653e0df2f2d9d2a4f0ce74d825094e28dc75df0
              • Opcode Fuzzy Hash: d13185bd8c80a0f387e9285c5138b4752c396becbf11ca09441e1855d42333a3
              • Instruction Fuzzy Hash: 5A41BA36E2121ADBDB14DF98C440AEEBBB4BF48714F14816AF915E7360DB749C41CBA8
              Function 012CEBFC Relevance: .1, Instructions: 138COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9b5d16c0a1e9b038c49c37d5a5d2584e77c3b929ff42639359c33d1c32600e1b
              • Instruction ID: cf78d1545c48937eeafa1a584356df780a21c2a3317fc97d855a2bd4b1a2c4ac
              • Opcode Fuzzy Hash: 9b5d16c0a1e9b038c49c37d5a5d2584e77c3b929ff42639359c33d1c32600e1b
              • Instruction Fuzzy Hash: AA41D2B12203029FD725DF28C884A6BBBF9FF88728F01492DE657C3651DB75E9448B50
              Function 012E2750 Relevance: .1, Instructions: 137COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
              • Instruction ID: 87e817460f9b9d38c600d29f1c779d7091c2c5e2ba397fc04abd61e026a550d5
              • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
              • Instruction Fuzzy Hash: 1E519B75A01259CFCB19CF9CC480AAEF7B2FF84714F2485A9D815A7355D730AE42CB90
              Function 012A6154 Relevance: .1, Instructions: 133COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c77653cfdab6bb67168b4ef4957b498c61232beee3cabd700817afde147b681e
              • Instruction ID: 8cdb89f2a7f209e56ffd543dc88860a9e85b4ba8d1f150f54461ff0ca5cc7d89
              • Opcode Fuzzy Hash: c77653cfdab6bb67168b4ef4957b498c61232beee3cabd700817afde147b681e
              • Instruction Fuzzy Hash: B0512AB0910217DBDB2ACB28CC55BF8BBB5FF11318F4842A9D5259B6D1D7746981CF40
              Function 012A0BCD Relevance: .1, Instructions: 130COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6c7f00d2affed4177d05ae5c0bfb9a3e33c3fd6db302cf814f91fb179d4a447d
              • Instruction ID: e234db8cae18ad87ac0578fd9d7dc4156e858c5ce6f266625aa3f1b8ebaee677
              • Opcode Fuzzy Hash: 6c7f00d2affed4177d05ae5c0bfb9a3e33c3fd6db302cf814f91fb179d4a447d
              • Instruction Fuzzy Hash: 73418571A203299BDB21DF68C940BEEB7B9EF45740F4200A9EA09AB251D7749E80CF55
              Function 0136866E Relevance: .1, Instructions: 129COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
              • Instruction ID: 81634d7a8186f8203479143dc18f25d58d3b396749ce50258e4aa4b7071c9514
              • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
              • Instruction Fuzzy Hash: 6F41B575B10305ABEB15DF9DCC84AAFBBBEAF8C658F1480A9EA00A7345D674DD008760
              Function 012A0887 Relevance: .1, Instructions: 128COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f643f1e837fb39ff1d9549d382f26e74f9e3fb916f42eaed83665a7a5e866edb
              • Instruction ID: 2a5841b02f2a6ca6d4c5a64ee95e4c3cfbc947b260076b5a1e1d15be828c2093
              • Opcode Fuzzy Hash: f643f1e837fb39ff1d9549d382f26e74f9e3fb916f42eaed83665a7a5e866edb
              • Instruction Fuzzy Hash: 3D41C1B16207039FE325CF28C480A26BBF9FF48714B504A6DE65787A50E770F845CB98
              Function 012CA470 Relevance: .1, Instructions: 127COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1fc5e813fcf795b185e48861a707fc3cbe2fb6f4fb57ebb8571e4eb41d3a2be6
              • Instruction ID: 35edb5ad94bbfd021256becd962b7eb2e44ceaf7702ea1f777a453a69f26782b
              • Opcode Fuzzy Hash: 1fc5e813fcf795b185e48861a707fc3cbe2fb6f4fb57ebb8571e4eb41d3a2be6
              • Instruction Fuzzy Hash: 3A411432A6420ACFDB25CF68E5987FD7BB4FB14794F044269D612A7280EB759901CBA0
              Function 012A8BF0 Relevance: .1, Instructions: 124COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e560dd4dfc81663fe833d3faeed13ecce378ff95cca14877adbcf460306b42cf
              • Instruction ID: 41f3abd365d76960df38389aa410d96b6e2cfe84d55d86d8b28fdd029475b4e2
              • Opcode Fuzzy Hash: e560dd4dfc81663fe833d3faeed13ecce378ff95cca14877adbcf460306b42cf
              • Instruction Fuzzy Hash: 8E411332A20203CFD729DF58C984A6ABBFAFB94704F55802ED9029B255D776D842CF90
              Function 01298918 Relevance: .1, Instructions: 123COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 14c6bb98505cb15513a8dc53819fe9e1aae8d9436273922a1edf8c9d96b23813
              • Instruction ID: 0fa8e0421a62a3322c325240455126735af58993d7beea8cb7af75e656dd0a19
              • Opcode Fuzzy Hash: 14c6bb98505cb15513a8dc53819fe9e1aae8d9436273922a1edf8c9d96b23813
              • Instruction Fuzzy Hash: 124180325283069EE712DF69C841A6BF7E9EF85B54F44092EFA84D7250E770DE048B93
              Function 0129A020 Relevance: .1, Instructions: 122COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
              • Instruction ID: a8c9f661d3eb0a867669835cb329c37ebd2da5d9b25ef8665a4579468dbecde7
              • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
              • Instruction Fuzzy Hash: 92411331A20313DBDF25DE2CC4917BAFB71AB94754F15817EBB459B240D6728D808B90
              Function 012A09AD Relevance: .1, Instructions: 122COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: fe0678bf33f7a0b0ce44c45227774a5c811dceb534d6622eef51c55bf9ca7e29
              • Instruction ID: eb840854badf84e353ad6da3665e8710ec5e092cd2825694ec5d273757c3a74b
              • Opcode Fuzzy Hash: fe0678bf33f7a0b0ce44c45227774a5c811dceb534d6622eef51c55bf9ca7e29
              • Instruction Fuzzy Hash: 11416971620702EFD721CF18C880B66BBF4FF54714F618A2AE6498B252E771E9428B94
              Function 012D0710 Relevance: .1, Instructions: 121COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
              • Instruction ID: fa6858c5776193b4fc2588181a7d2dacd5be0e2ecb0764bb4faf99eaacd96964
              • Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
              • Instruction Fuzzy Hash: 6C412871A10605EFDB24CF99C981AAABBF9EF18700F10496DE656DB260D370EA44CF54
              Function 012A262C Relevance: .1, Instructions: 119COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d51bbc3ae92a0baa0166474a77210a382777704a8c78d3bccb5dee927803694e
              • Instruction ID: ccfc81e0d78dfe3ffb1ae3eaa0a123cfd4057a55a74a7601cd746c7094fca7bf
              • Opcode Fuzzy Hash: d51bbc3ae92a0baa0166474a77210a382777704a8c78d3bccb5dee927803694e
              • Instruction Fuzzy Hash: FC4104B1922702CFCB26EF28C941B69BBF5FF44714F5082ADC6169B6A1DB309A41CF41
              Function 012DC8F9 Relevance: .1, Instructions: 116COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b9df843c7b68e1a3731d1482bbefe7e65fd6f2c0db76161e2a72899e990629d8
              • Instruction ID: 0d85424935162dff1d64386afc6d2defc5d036cec1a991b57aacab3d9a198823
              • Opcode Fuzzy Hash: b9df843c7b68e1a3731d1482bbefe7e65fd6f2c0db76161e2a72899e990629d8
              • Instruction Fuzzy Hash: 833159B1A11346DFDB12CF58C4407A9BBF0EB09728F2085AED119EB251D7769942CB94
              Function 013207C3 Relevance: .1, Instructions: 114COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7579b34cbe17c49f91c44ebd4418f43ff71a8ac39bc2041e1162d4c9a9e5409a
              • Instruction ID: a34ab1073f9ed76b96152da43b78e2f1ba2388ba2627935c0ed380ae654618a6
              • Opcode Fuzzy Hash: 7579b34cbe17c49f91c44ebd4418f43ff71a8ac39bc2041e1162d4c9a9e5409a
              • Instruction Fuzzy Hash: 60417BB15143519FD760EF29C845BABBBE8FF88714F004A2EF598C7290D7709904CB92
              Function 013205A7 Relevance: .1, Instructions: 111COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 693323b50b85a1045b4380e96aba0e9d9179e42d903207188aed6ac239b2518e
              • Instruction ID: d90a2a1b51551bc66e6808efa0e2f57c3c3f55e47fec7ba8375a378863ca5cc6
              • Opcode Fuzzy Hash: 693323b50b85a1045b4380e96aba0e9d9179e42d903207188aed6ac239b2518e
              • Instruction Fuzzy Hash: 1741D4726046529FD324EF6CD880A7AB7E9FFC8704F14461DF99497680E730E908C7A6
              Function 012A4859 Relevance: .1, Instructions: 111COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1df51bdc80e7f8bdd3bfc314732d7565e63e649d9d6af6230f6520ed5847c235
              • Instruction ID: 81cccb4f2494ba996ad1104ad107c50519b681bd80ade7fb0b54770abeb39184
              • Opcode Fuzzy Hash: 1df51bdc80e7f8bdd3bfc314732d7565e63e649d9d6af6230f6520ed5847c235
              • Instruction Fuzzy Hash: 3241E3702203438FD725EF2CD884B3ABBE9EF80354F58442DE641872A1D7B0D865CB91
              Function 012B02E1 Relevance: .1, Instructions: 106COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
              • Instruction ID: 926c956d8cde91ae0d0c59d3abe35c7347252363bb12417c871fdc7a25737b0c
              • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
              • Instruction Fuzzy Hash: 08312731A25245AFDB12CB68CC84BEBBFF8AF14390F048165F815D7392D6B49984CBA4
              Function 0134E3DB Relevance: .1, Instructions: 105COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e5da887861f360cc582345fc7100e71655b9eb4aa3555686dc2206bb0d9df6a3
              • Instruction ID: 35bffded7f9404dc19af3c8955c5b034476633a0038e20e58ff2e94a12f2f1e1
              • Opcode Fuzzy Hash: e5da887861f360cc582345fc7100e71655b9eb4aa3555686dc2206bb0d9df6a3
              • Instruction Fuzzy Hash: A6317835750716ABD7229F599C81FAB77E9BB58B54F000038F600BB391DA68ED008790
              Function 01354B4B Relevance: .1, Instructions: 104COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 04831b2a690ff5a4db1a45661ae3c41538cc9e4b0b6f0dc607db9fddba9e452a
              • Instruction ID: 803860d56fce51cb75a7aa03bed34e99c813a5ddc8233841cbc499a6035761ef
              • Opcode Fuzzy Hash: 04831b2a690ff5a4db1a45661ae3c41538cc9e4b0b6f0dc607db9fddba9e452a
              • Instruction Fuzzy Hash: 3B31F0722052019FC729DF1DD881E66BBFAFB80764F0A446EED959B651E731E880CF90
              Function 012A4260 Relevance: .1, Instructions: 102COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d39ac30e0f234ee76e6950c45e0a770277314ba772f7d0dc1ec58c36b8201788
              • Instruction ID: afb4ec08d11a43453eb25da8b92fbfeeee79e594a4dcc01c1b66e7a81dcadf49
              • Opcode Fuzzy Hash: d39ac30e0f234ee76e6950c45e0a770277314ba772f7d0dc1ec58c36b8201788
              • Instruction Fuzzy Hash: 7A41AE71210B45DFD726DF28C891FE77BE9BF44358F148429EA998B290C7B4E800CB90
              Function 01354BB0 Relevance: .1, Instructions: 101COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b1044a6bb9792f24bd9139bbd2cc2872b61d4433514f723fcbb938c02e3455eb
              • Instruction ID: 75cfd454c8eca16f4fef4fcee078d45d0763591f8aea3289f487ab2ab41e9d22
              • Opcode Fuzzy Hash: b1044a6bb9792f24bd9139bbd2cc2872b61d4433514f723fcbb938c02e3455eb
              • Instruction Fuzzy Hash: 8431BE71204301AFDB28DF28C881E2AB7E9FBC4B14F05452DFD559B250E730E844CB91
              Function 0131EB1D Relevance: .1, Instructions: 100COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: bf41357acb1b9eb02dcd47787794f8c9cb55873ed9df147bd4ea27bc39a5c9b0
              • Instruction ID: d2d6a76a62f4934be4c8e2693384ce970b93395664039d9e9c96964ff0171702
              • Opcode Fuzzy Hash: bf41357acb1b9eb02dcd47787794f8c9cb55873ed9df147bd4ea27bc39a5c9b0
              • Instruction Fuzzy Hash: 673106723056869BF72B9B5CCD88B657BD8BF40B88F1D44B0EF419B6D5DB29D840C220
              Function 013661C3 Relevance: .1, Instructions: 97COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 068bd99592801700b3a9f9b0f94e2dd28ad8e48da8bcc8e7e32bb62a80cde783
              • Instruction ID: 0cf1192357a16408898aaeb913462e0e0816dbc8fc6451fb2d916396c14af833
              • Opcode Fuzzy Hash: 068bd99592801700b3a9f9b0f94e2dd28ad8e48da8bcc8e7e32bb62a80cde783
              • Instruction Fuzzy Hash: 4531C675A00156ABDB15DF98CC85FBEB7B9FB44784F458168E500EB248D770ED00CB94
              Function 0134483A Relevance: .1, Instructions: 96COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6ece0caaf195f22420f8d6e0ddf2d3857773b7002998783b0cda39501058db9b
              • Instruction ID: 039bb11c95fe111e56dd0fa33b8bd0340c6f7221c8059db20cf8abab0fb6a3d3
              • Opcode Fuzzy Hash: 6ece0caaf195f22420f8d6e0ddf2d3857773b7002998783b0cda39501058db9b
              • Instruction Fuzzy Hash: D2316576A4012DABCF61DF58DD84BDEBBF9AB98354F1000A5E508A7250CA30EE91DF90
              Function 012CEB20 Relevance: .1, Instructions: 96COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c3595e132ebc7bbc769a89e334953b08828339a096a2f0d503022dcfeaadd0d6
              • Instruction ID: 220e1a2bc734a91dc79eafe569afcb73fd6114765b8ca2af44f0e98ebafd323e
              • Opcode Fuzzy Hash: c3595e132ebc7bbc769a89e334953b08828339a096a2f0d503022dcfeaadd0d6
              • Instruction Fuzzy Hash: FF31B572E21215AFDB31DFA9C840ABEBBF9FF04750F014569E615D7250E2709E008BA0
              Function 013660B8 Relevance: .1, Instructions: 95COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 973c682fbf7da51979410b1c8560abfbe0dd2ef1d549bef90fb661feb515dacf
              • Instruction ID: 910ca046d8be39793d04152f0e063a83360bbcb487da0c4db75af2e64ce134d4
              • Opcode Fuzzy Hash: 973c682fbf7da51979410b1c8560abfbe0dd2ef1d549bef90fb661feb515dacf
              • Instruction Fuzzy Hash: 4831E8B1600606EFDB129FA9CC91B6ABBBDEF44798F008069E505EB345DA70DD018790
              Function 012A07AF Relevance: .1, Instructions: 95COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 52435e12c9d730b52da0a294011a70f2e93a531cb655e01718d02d66e3503152
              • Instruction ID: 59e8c1648d3fa6116e08a15e0b7ad6d90e84cb3fa8f3fe1bba78f27d7a19570e
              • Opcode Fuzzy Hash: 52435e12c9d730b52da0a294011a70f2e93a531cb655e01718d02d66e3503152
              • Instruction Fuzzy Hash: 9431E572A24712DFC712DE688880A7FBBA5AF94750F42452DFE5597310DA30EC1187ED
              Function 012A8550 Relevance: .1, Instructions: 94COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c85fd8225ba478cde79195408828fadfa0aaddc89ff012d2599f9877c710302c
              • Instruction ID: 3b941d84cb627fa22b26c98d2b0f65009545bbdcc582cfef0905e698ccd175c9
              • Opcode Fuzzy Hash: c85fd8225ba478cde79195408828fadfa0aaddc89ff012d2599f9877c710302c
              • Instruction Fuzzy Hash: 4D317AB16193028FE721CF19C848B2BFBE5FB98704F45496DEA8897291D770E848CB91
              Function 012DA6C7 Relevance: .1, Instructions: 92COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
              • Instruction ID: 3bd1e0a966e070c0ad7a25559a192e3c380c2f421977d6dc21d30df69ab134de
              • Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
              • Instruction Fuzzy Hash: 2E312CB2B10701AFE769CF6DCD41B5BBBF8AB08650F05492DA69AC3651E670E900CB60
              Function 0134EBD0 Relevance: .1, Instructions: 91COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e34ac5710231bb4fdadb6ae575cf6d0d7a9181e714428d41d43b05fb4136987e
              • Instruction ID: d2bcce304af4ddb900a3ceb27b9bbc55826c98a96c41e4a1ed5ee030ffc9768c
              • Opcode Fuzzy Hash: e34ac5710231bb4fdadb6ae575cf6d0d7a9181e714428d41d43b05fb4136987e
              • Instruction Fuzzy Hash: 293176B1505302CFCB11DF19C58096ABBF5FF89758F0449AEE4889B351D335AD44CB96
              Function 012C438F Relevance: .1, Instructions: 89COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1f661f048bc7c9fad9b8281a2cfb55c39e65f04485c16f887ea5ffaa824ac81b
              • Instruction ID: 7bf04374740099a1ab569b0521635ef43c41cc388c8a9f0c218fbc35847ac869
              • Opcode Fuzzy Hash: 1f661f048bc7c9fad9b8281a2cfb55c39e65f04485c16f887ea5ffaa824ac81b
              • Instruction Fuzzy Hash: 4F31E471B202859FD720EFA8C891A6FBBF9EF90B44F10862DD205D7294D730D941CB50
              Function 0129CB7E Relevance: .1, Instructions: 89COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
              • Instruction ID: 7e88fc831aff90890798acad865e5b578a8891e84f1fe755b689f86a4c2a572d
              • Opcode Fuzzy Hash: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
              • Instruction Fuzzy Hash: 4321E636E6125BAADB11DBB98851BBFFBB5EF54780F0580399F59E7340E270D90087A0
              Function 0129C156 Relevance: .1, Instructions: 88COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 324bacb2abda25d8c03c909616fdc2754a22c60fc354268a3f4a06b02ce9c2e9
              • Instruction ID: cc7d67cd3544097ce8c7b923bb42f247cd1447f14ff620634dfc9891196adb92
              • Opcode Fuzzy Hash: 324bacb2abda25d8c03c909616fdc2754a22c60fc354268a3f4a06b02ce9c2e9
              • Instruction Fuzzy Hash: A43129B25102058BDB35AF5CC881BB9B7B4EF50314F54817DEB459F342DA749981CB90
              Function 0135C3CD Relevance: .1, Instructions: 88COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
              • Instruction ID: 057d9c9984d7f3733c50255f0659e8f84d946b79a36791eb14cae303e24832c9
              • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
              • Instruction Fuzzy Hash: 04212D7660075666CF16AB998800EBABFB8EF40B1CF40901AFE9597651E634D940C360
              Function 0129E420 Relevance: .1, Instructions: 88COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 12bb1e163ad52fe297f9b407d2255b5cae87e4f983422051a872ea0ed385a13c
              • Instruction ID: 03dda7788187bc1cf3e7133f31f00b2e1024dc9af371e4a6700eb37a2d14e961
              • Opcode Fuzzy Hash: 12bb1e163ad52fe297f9b407d2255b5cae87e4f983422051a872ea0ed385a13c
              • Instruction Fuzzy Hash: 4C31D631A2011D9BDF31DB1CDC81FEE77B9EB15740F0200A1E655A7290D6B4AE808FA0
              Function 012D4588 Relevance: .1, Instructions: 87COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
              • Instruction ID: 61d3eb8425a60fccc47198940bec9f48e2e19cf402a9a4706c73f3d0d1781d0a
              • Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
              • Instruction Fuzzy Hash: 57219171A10649EFCB11DF58C980A9EBBB5FF48714F108065FE169F681D670EA058B90
              Function 012D44B0 Relevance: .1, Instructions: 87COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ccbb72fe269c773b3186a0d5de8b71366820b57f7948b29e2d8587bb64d99135
              • Instruction ID: 904f6bf607040109e7b45d29f849808ff764b1e5a16312d49a022197b5347eff
              • Opcode Fuzzy Hash: ccbb72fe269c773b3186a0d5de8b71366820b57f7948b29e2d8587bb64d99135
              • Instruction Fuzzy Hash: 4521C3726247869BCB21EF18D880F6B77E4FB98760F404519FE559BA45D730E900CFA2
              Function 0129E388 Relevance: .1, Instructions: 86COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
              • Instruction ID: 60319fdbbae904d3c6143e0c6a24ea1eaab62c7ec90c473952b574d7f5ec14c6
              • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
              • Instruction Fuzzy Hash: F8319A31620605EFEB21CFA8C884F6AB7F9FF45354F1549A9E6528B290E770EE01CB50
              Function 0131E609 Relevance: .1, Instructions: 86COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 89c95f2f7c071c6588221a74f884a078642e00add27875d1ac0f39733a7205c7
              • Instruction ID: 0bfe755b867eb43b033b6d8dd7e93583f544a26e4dc57eec96ac64a6b15fe035
              • Opcode Fuzzy Hash: 89c95f2f7c071c6588221a74f884a078642e00add27875d1ac0f39733a7205c7
              • Instruction Fuzzy Hash: D0319F75A10205DFCB19CF1CC8849AEB7B5FF84328B554969EC099B395E732EA50CB90
              Function 0132019F Relevance: .1, Instructions: 78COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d00284c83c34aef34c4d84bc8d23dcea0d9612fc51342db165881a15e2ecb2b8
              • Instruction ID: 62f81c0681f387a835f339a244feb781b1d7e1f06f1e84e871a17ccca2f29487
              • Opcode Fuzzy Hash: d00284c83c34aef34c4d84bc8d23dcea0d9612fc51342db165881a15e2ecb2b8
              • Instruction Fuzzy Hash: CD219C71610655AFD715EFACC884F6AB7B8FF48784F14006AF944DB6A0D634ED40CB64
              Function 01320283 Relevance: .1, Instructions: 74COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7e7b00789fd5f77ddde46070dd385dbba2609c8a71673bce28912875155c4530
              • Instruction ID: bb0a658faed180d279d44a28c8295ad2fbdd8cc1abb0c15350b552096b58edd2
              • Opcode Fuzzy Hash: 7e7b00789fd5f77ddde46070dd385dbba2609c8a71673bce28912875155c4530
              • Instruction Fuzzy Hash: 5B21D3725043569FD716FF99C884BABBBECAF91648F080456FE80C7251D730C908C7A1
              Function 012C2835 Relevance: .1, Instructions: 73COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a2a769577d97f6a0cd25a9d4319a2c21c0540f25ded1902052303b7636149a72
              • Instruction ID: a207b14f526e0d0f6e43f899be064d5c6420e54ac9871f4c72ab0cdc09c90609
              • Opcode Fuzzy Hash: a2a769577d97f6a0cd25a9d4319a2c21c0540f25ded1902052303b7636149a72
              • Instruction Fuzzy Hash: 79210731624782DBF323972CDC64B253BD4AB41F68F280364FB609B6E2DB68C8018220
              Function 012DA30B Relevance: .1, Instructions: 70COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 712e778ce7d26a4bec4811d8e21686b4a96ac3df255f25e644eb1b899cea8cf4
              • Instruction ID: 3936b3536329478ffbcc305e5545c185ab8332ddb3fe5d2e122412a7ef02e183
              • Opcode Fuzzy Hash: 712e778ce7d26a4bec4811d8e21686b4a96ac3df255f25e644eb1b899cea8cf4
              • Instruction Fuzzy Hash: AD21CC75211601DFCB29DF69C841B5677F6BF08748F148468E509CB721E771E842CB94
              Function 0135A49A Relevance: .1, Instructions: 70COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 26fc4731535e238c6e060eea04d40308402153617338c215c468706bd9d79229
              • Instruction ID: 91b35a107688551b715acc65f0e053638ef9043ba6a6f1ad1923e45899536153
              • Opcode Fuzzy Hash: 26fc4731535e238c6e060eea04d40308402153617338c215c468706bd9d79229
              • Instruction Fuzzy Hash: 6C113672390A11FFE3625A59AC00F27BA99DBD4F68F510629BF48DB280EB70DC009795
              Function 013380A8 Relevance: .1, Instructions: 69COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
              • Instruction ID: 54ccc5abbaa12f4dbc1b68933aa9d021fd6fd489bee42c707db2e169ab8a7c4b
              • Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
              • Instruction Fuzzy Hash: A1218C72A0020AEFDF129F98CC40BAEBBB9EF88354F204459F914A7251D774D9508B54
              Function 012D0124 Relevance: .1, Instructions: 68COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
              • Instruction ID: 33c6944e7e8b18e584a9bf4821715e345076923fd16ef156e68ccf8e12d15967
              • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
              • Instruction Fuzzy Hash: 2A11B272611606AFD7229F58DC41FAABBB8EB81754F104029F7049B190D671ED44DB68
              Function 012A8770 Relevance: .1, Instructions: 68COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: cb1fd13b62e9485ae1855c2add51ea618e27fc81386e472a3632aacda334f251
              • Instruction ID: ba8fca8888e80828049a74c5cf11b73f6bfa9048368a564d1cfd2254f4f6bb86
              • Opcode Fuzzy Hash: cb1fd13b62e9485ae1855c2add51ea618e27fc81386e472a3632aacda334f251
              • Instruction Fuzzy Hash: 6611E23A7216129BDB15CF4DC880A26BFE9AF4A711B98406DEE088F200D6B2D901CB90
              Function 012DAAEE Relevance: .1, Instructions: 68COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
              • Instruction ID: 17f68dc6587e32d3fbe940344cea0b4fad151fc25a7b6c781a904f3837cbe04c
              • Opcode Fuzzy Hash: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
              • Instruction Fuzzy Hash: BF216A72620641DBD7258F49C541E66BBE6EBA4B50F14882DE6468B650D770EC02CB80
              Function 012A80E9 Relevance: .1, Instructions: 66COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 58193dbd6239a8564bcea3fef953d5eacac069f316da731da6b85e3bfe3d7127
              • Instruction ID: dbc3a64b47302d874a3f5fc1cb50911b495700cafd78784f11f0719f13929719
              • Opcode Fuzzy Hash: 58193dbd6239a8564bcea3fef953d5eacac069f316da731da6b85e3bfe3d7127
              • Instruction Fuzzy Hash: 33215B75A10206DFCB14CF98C581AAEBBB5FB88319F64416DD205AB311CB71BD06CBD0
              Function 012D674D Relevance: .1, Instructions: 65COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e5a0927a58fd8e9451d7c22dc7e7a011e423de20e933eda47f5013bf6e48eaa6
              • Instruction ID: d87ddb484edf7dab39b498a3191730739fa176f3cd15a2cb1b4a3870ed311d06
              • Opcode Fuzzy Hash: e5a0927a58fd8e9451d7c22dc7e7a011e423de20e933eda47f5013bf6e48eaa6
              • Instruction Fuzzy Hash: 76215C75624A01EFE7258F69C881B66B7E8FF44350F54882DE5AAC7250DA71A850CBA0
              Function 01336870 Relevance: .1, Instructions: 63COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 790d2e12a574c4236d5b76d6c809e1022d248941f2bda8d624d6fdaa182896a1
              • Instruction ID: 0f9e0cc51c864fd30f1dc402ae2d7935ba510553b901e9197d3046fbf0b8c80c
              • Opcode Fuzzy Hash: 790d2e12a574c4236d5b76d6c809e1022d248941f2bda8d624d6fdaa182896a1
              • Instruction Fuzzy Hash: 9911E7B2240904FFC722CB5DC941F9A7BACEF99754F014025F205DF251D674EA01C7A4
              Function 012CE8C0 Relevance: .1, Instructions: 63COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 17ae58fc24679b757dc7b69da699aa506bed065aeaa1ca73ec006d772b366dd0
              • Instruction ID: 7465b785be360c1ea0f835100e77fe23ee2a9eaeb2e033ac746235e58417d20e
              • Opcode Fuzzy Hash: 17ae58fc24679b757dc7b69da699aa506bed065aeaa1ca73ec006d772b366dd0
              • Instruction Fuzzy Hash: 25114C773101149BCF1ADB28CC92A7F765AEBD5774B25452DD6228B281D9309802C390
              Function 012D66B0 Relevance: .1, Instructions: 61COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1c0df4337d836ffcfc02ee61df2868572791c5cf11546776f306173c6ca339fa
              • Instruction ID: c5266d3af4989208a72ca6d083faf21817e500f7361a0a1cb6380ffb4b22e907
              • Opcode Fuzzy Hash: 1c0df4337d836ffcfc02ee61df2868572791c5cf11546776f306173c6ca339fa
              • Instruction Fuzzy Hash: E411E3B6A2120ADFDB29CF59D580E5ABBF8EF94750F068079DA059B314E674DD00CB90
              Function 0136A8E4 Relevance: .1, Instructions: 61COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
              • Instruction ID: 520444c6743b9b0227668e7a4902f9aa6ce2bf741ea4769aace3f6a9b5ae7b4a
              • Opcode Fuzzy Hash: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
              • Instruction Fuzzy Hash: 1211E236A00909AFDB19CB58C805B9DFBF9EF84214F158269E845A7344E671AD51CB80
              Function 012A0AD0 Relevance: .1, Instructions: 61COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
              • Instruction ID: 7e48943a9c881a9ed5daa79638c768991691a665a8c7a458d1558dd9ab63807f
              • Opcode Fuzzy Hash: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
              • Instruction Fuzzy Hash: 922106B5A00B059FD3A0CF29C581B52BBF4FB48B10F50492EE98AC7B40E371E854CB94
              Function 0132E7E1 Relevance: .1, Instructions: 59COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
              • Instruction ID: f5a95703b73332f3942ec708a2d8644d5cdc1c585a62ccf7ec51742f58ab6642
              • Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
              • Instruction Fuzzy Hash: 52110631600614EFEB21AF49CC42B667FE5EF41B58F068438EA989B160D7B0DC40DB90
              Function 012C27ED Relevance: .1, Instructions: 58COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 214895d9386191c639adf126ede1323afe9ecba6535eb66559bf6861044266ce
              • Instruction ID: 1640e61302a5e9deb3b2ec0db5b1e05d9c32976812a4731a8dcde8591918ae8b
              • Opcode Fuzzy Hash: 214895d9386191c639adf126ede1323afe9ecba6535eb66559bf6861044266ce
              • Instruction Fuzzy Hash: 2D012631225646AFE317A66DECA4F677BCCEF40B98F050178FA008B290D964DC00C271
              Function 012A4690 Relevance: .1, Instructions: 57COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6e5ead20b309856dd19586ff727b70e7b483dbf8e785ea663d4418cb098421a9
              • Instruction ID: 3241530eca5bd57b8cf587f801d9f2227f73e42507f3e6511450c7854e300567
              • Opcode Fuzzy Hash: 6e5ead20b309856dd19586ff727b70e7b483dbf8e785ea663d4418cb098421a9
              • Instruction Fuzzy Hash: 8811A0362606C6AFDB2AEF5DD841B567FA8EB85B64F484119FA048B250C3B0F850CF60
              Function 012D6620 Relevance: .1, Instructions: 56COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 395beb1443d3c078ca89ee1bac838770d7de6c5f0c142fd46b3a3df4c71ea1ed
              • Instruction ID: 188d48c14c0685fedbd8019e3b10d437ce2f97c17ecf87e4c1dbe2fe658c7c80
              • Opcode Fuzzy Hash: 395beb1443d3c078ca89ee1bac838770d7de6c5f0c142fd46b3a3df4c71ea1ed
              • Instruction Fuzzy Hash: D611A176A10716AFDB22DF99C9C0B6EFBB8FF84750F500459EB01A7200D735AD418BA0
              Function 012CE53E Relevance: .1, Instructions: 55COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
              • Instruction ID: d5ad54f2c2e3afd8b30966254456e1da996df05bf4c136a375413b6d7d236e00
              • Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
              • Instruction Fuzzy Hash: D611E5712216C29BE7339B2CD9A4B653BD8BF51BC8F1A04A4DF418B682F338C842C650
              Function 0132E75D Relevance: .1, Instructions: 54COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
              • Instruction ID: 40cce001b63300515bedf167ade0f45b010e2280f746f7b852dc1108506b8740
              • Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
              • Instruction Fuzzy Hash: 5B01F532600125AFEB25AF5DCC02FAA7FA9EF40758F158034EA059B270E771DD40CB90
              Function 0129A250 Relevance: .1, Instructions: 52COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
              • Instruction ID: 328bfcf57a8951ceffafa1c3cd87ceca21f2164e2e5274f7d621a7016d58238e
              • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
              • Instruction Fuzzy Hash: C001C072925B229BCF218F1DDC40A767BB5EB55B607008AADFA958B681D731D800CBA0
              Function 0131E1D0 Relevance: .1, Instructions: 51COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0f493a6ddf2c0518d39b3254413c81897b9d6a0c647cae827be0bd1477fe52f5
              • Instruction ID: 1c85a8fdce5ed540035fd76e165cc9b9f32ffdc0d396f7e642667a15bcd24185
              • Opcode Fuzzy Hash: 0f493a6ddf2c0518d39b3254413c81897b9d6a0c647cae827be0bd1477fe52f5
              • Instruction Fuzzy Hash: 9011AD32251241EFDB16EF19CD91F66BBB8FF58B88F200075EE059B6A1C235ED01CA90
              Function 012A6259 Relevance: .1, Instructions: 51COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a583b8b4de188dd73906cfde253117b66b4e97476c755295c61769a5615aab6e
              • Instruction ID: a598eb795d1d4d7c10cae311e9b010fede79f4bf7fc6bc4c9716a18478d666e5
              • Opcode Fuzzy Hash: a583b8b4de188dd73906cfde253117b66b4e97476c755295c61769a5615aab6e
              • Instruction Fuzzy Hash: DB117071951219ABEF25EB64CC46FE973B8BF14710F9041D8A315A61E0E7709E81CF84
              Function 01326050 Relevance: .0, Instructions: 50COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: dc9d60ce1531173c79779cf2e84af9123ed948e8d1229155142c2cdbdcf9bf2b
              • Instruction ID: 681732912bf2ce45dfe7ae6728b89ababc854b1b7b1f1a50d2f20ecafb4827fe
              • Opcode Fuzzy Hash: dc9d60ce1531173c79779cf2e84af9123ed948e8d1229155142c2cdbdcf9bf2b
              • Instruction Fuzzy Hash: C5111BB2900019ABCB12DB94CC84DEF777CEF48358F044166E906A7211EA34AA55CBA0
              Function 012A208A Relevance: .0, Instructions: 50COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
              • Instruction ID: 32f3347674585b6d27aeb3b35fa9a7fd873211019fffc429ad02dcbeb7c0f178
              • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
              • Instruction Fuzzy Hash: 5A01F533220212CBEF118A5DD880BA2B767BFE4700F9545A9EE018F246DAB1D881C390
              Function 01336500 Relevance: .0, Instructions: 50COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a77b659407ae453021bf5f4fc8a7eab4521a3b520f739af07f4d709251da14bd
              • Instruction ID: 26a5390473f433139774565b273a4ad9514506826443dae35f77b64d60e29218
              • Opcode Fuzzy Hash: a77b659407ae453021bf5f4fc8a7eab4521a3b520f739af07f4d709251da14bd
              • Instruction Fuzzy Hash: 84110872600145EFD701CF18C400BA1B7B9FB96308F088169E844CF355D732ED80CBA0
              Function 0132C810 Relevance: .0, Instructions: 50COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 69702b0d4badc1da432d66f51d66accede9e5b36a154291e98247cdcf439a107
              • Instruction ID: 1b370995a38e7a5de6f6d911d61dff4879b8edbb12e34204e26a37418476989f
              • Opcode Fuzzy Hash: 69702b0d4badc1da432d66f51d66accede9e5b36a154291e98247cdcf439a107
              • Instruction Fuzzy Hash: F2111CB1A102199BCB00DF99D585AAEBBF8FF58350F10806AE905E7351D674EA018BA4
              Function 0134EA60 Relevance: .0, Instructions: 50COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 430090b2e6b54f65b3dfc113cbff28980266f6c49f87da39586527feff0d2c24
              • Instruction ID: f6ea772d2e3ace9de1c3e4d07bf68889fdd35481ea214c99af45fc408ed55776
              • Opcode Fuzzy Hash: 430090b2e6b54f65b3dfc113cbff28980266f6c49f87da39586527feff0d2c24
              • Instruction Fuzzy Hash: 0B01D471140211DBEB36AF298484D7ABBFAFF51798B04443EE1555B611CB39FC41CBA1
              Function 0129C020 Relevance: .0, Instructions: 49COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
              • Instruction ID: d4cba95c3ff8daa9ac47f0cee4e52438722a44190ae495f021e030a6d8854bb4
              • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
              • Instruction Fuzzy Hash: 9301B53212074A9FEF2296AED844BA7B7E9FFC5654F04482DE7468B540DA74E501C750
              Function 012E20F0 Relevance: .0, Instructions: 49COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8d67c53066708a76106d296476b8c50c535afec2ee4f285c22bad592a43baac3
              • Instruction ID: a86a5fde13799a61f2a44228525ddbdc5e1e673ca76894c7d624a9398757a0f6
              • Opcode Fuzzy Hash: 8d67c53066708a76106d296476b8c50c535afec2ee4f285c22bad592a43baac3
              • Instruction Fuzzy Hash: 69116935A1124DEBCF05EFA8C855FAE7BB9EB44784F404069E9029B290DA35EE11CB90
              Function 012DE5CF Relevance: .0, Instructions: 49COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 63121f10210fa5d87c50ccb7d685220e912d0b06619149f9b9585ee6005c259d
              • Instruction ID: f4d6aaab7af054cd009014f15eb4f83faf3606d815a233e9b74087edc90719ae
              • Opcode Fuzzy Hash: 63121f10210fa5d87c50ccb7d685220e912d0b06619149f9b9585ee6005c259d
              • Instruction Fuzzy Hash: 8B01D4B1221A05BBC715AB69CDC4EA3BBBCFB557A47000629B10587550DB24FC01C7A0
              Function 013369C0 Relevance: .0, Instructions: 49COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 43bf985ceea7ad6d6da8232a29ed1f5e469fe16d7e2851c1a3d6c6efb20f6770
              • Instruction ID: 014dfdd135738dfe78a8b18d0b1d5930b60ef24b4f507ac8b64e9be836d2868f
              • Opcode Fuzzy Hash: 43bf985ceea7ad6d6da8232a29ed1f5e469fe16d7e2851c1a3d6c6efb20f6770
              • Instruction Fuzzy Hash: D5014CB2224206AFD320DF6DC8899B7FBECFF88764F104129E95987180E7309A12C7D5
              Function 0132C460 Relevance: .0, Instructions: 48COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1cdfade60a7f7d80cfadee560fab48c945a7d21cef5b6168018cc93051a72a10
              • Instruction ID: fbaba8d6b0a8499eae9138109f91494ed7ab6623261d347beb3d7639260aca52
              • Opcode Fuzzy Hash: 1cdfade60a7f7d80cfadee560fab48c945a7d21cef5b6168018cc93051a72a10
              • Instruction Fuzzy Hash: FD116971A0025DEBDF15EFA8C894EAEBBB9FB48744F004059FD01A7380DA35EA11CB90
              Function 0132C97C Relevance: .0, Instructions: 48COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6e05da1b5652e3fdd11418d8263ee5e7ceefc585adf0679e3fa1a557c77adc4f
              • Instruction ID: 8f11dc710bdc2b24912ce85e04e69a48e552346c8430bef7c459d12c0634d2b9
              • Opcode Fuzzy Hash: 6e05da1b5652e3fdd11418d8263ee5e7ceefc585adf0679e3fa1a557c77adc4f
              • Instruction Fuzzy Hash: D01179B16183099FC700EF69D48199BBBE8FF98710F00495AF998D7390E630E900CB92
              Function 0132CA11 Relevance: .0, Instructions: 48COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a3231896f3469983df5867726a17aa8a41e1ead4820e11bf2834a9c724acd56d
              • Instruction ID: f77f1a2dab570d63a00faffcf9ef51c72b637af77ef98b5501f6b684eac957a3
              • Opcode Fuzzy Hash: a3231896f3469983df5867726a17aa8a41e1ead4820e11bf2834a9c724acd56d
              • Instruction Fuzzy Hash: 001179B16183099FC700EF69D48195FBBE8FF99750F00895AF998D73A0E630E900CB92
              Function 01374A80 Relevance: .0, Instructions: 48COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
              • Instruction ID: 1bc0d31aceee878b9dadb5f13dafc382350894f5323394da9c69ec96a4699163
              • Opcode Fuzzy Hash: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
              • Instruction Fuzzy Hash: 5A01FC32200705DFE771EA5DD844F97B7EAFFC5614F044819E6428B650DA74F840C794
              Function 012BE016 Relevance: .0, Instructions: 46COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
              • Instruction ID: 70e47b19c75e21c42976d0195df1f949c6a2d0d732e69aa9c56d01eeb74c6fdf
              • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
              • Instruction Fuzzy Hash: FC01DF32224581DFE722871DC988FA6BBE8EF44784F0E08B5FB05DB691C678DC80C221
              Function 0129826B Relevance: .0, Instructions: 46COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: fbbd4734dd1cf6d5f3740d4fba636411f1273c3353301c7c251c98789094fbe6
              • Instruction ID: 14694200e39bc3a5bc22784f4c662bd89f35dd91df9c087292b96883b2d645e2
              • Opcode Fuzzy Hash: fbbd4734dd1cf6d5f3740d4fba636411f1273c3353301c7c251c98789094fbe6
              • Instruction Fuzzy Hash: 8E01DF31A205499BDB14EB6DD9449BEB7A9EF82214F1940A9DA01E7280DE30DC01C690
              Function 0134EB50 Relevance: .0, Instructions: 46COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID: InitializeThunk
              • String ID:
              • API String ID: 2994545307-0
              • Opcode ID: 2beea826859af8bf03adb146310f68df985e979083b1733f84e885e2a1c92aeb
              • Instruction ID: 9f6fc63c13e089f7a3a8fe730fcc8d70f6f7bf543fc5dd94f2662e6394883ae1
              • Opcode Fuzzy Hash: 2beea826859af8bf03adb146310f68df985e979083b1733f84e885e2a1c92aeb
              • Instruction Fuzzy Hash: A801F2B1244711AFE3315F19D841F56BAE8EF54B94F00082EB3069F390C6B6A8408B64
              Function 012A2582 Relevance: .0, Instructions: 45COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 90760b8379bcc82a84853f881e9c91b82d446bdecd9d58aed7d99e2459d581d6
              • Instruction ID: 00d65bada10dc5fcbecf08cd72473bebf9a1dbdb9347b499fc92b0a63673b8bc
              • Opcode Fuzzy Hash: 90760b8379bcc82a84853f881e9c91b82d446bdecd9d58aed7d99e2459d581d6
              • Instruction Fuzzy Hash: F8F0F432651B11F7C736DB5ADD40F57BBAAEB84B90F004028E60597640DA30ED01CBA0
              Function 012CC073 Relevance: .0, Instructions: 43COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
              • Instruction ID: c7364f8e047f5a0bd2ebd80b825de76e07f4be708dc0575fe3551ecf8d9c8d2a
              • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
              • Instruction Fuzzy Hash: BCF062B2600A15ABD325CF4DDC40E67FBEADBD5A90F058129A659DB220EA31ED05CB90
              Function 0129C310 Relevance: .0, Instructions: 43COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
              • Instruction ID: a7bd80701135cbb2349668976a52144b2775277247ffd9beb0bf34e5f6c40ce8
              • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
              • Instruction Fuzzy Hash: 4FF021332746739BDF32575D4840B7BA5958FD5B64F190035F30D9B244C9B08D1157D4
              Function 012DCA6F Relevance: .0, Instructions: 42COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
              • Instruction ID: 666a3bc5de8f7e54ad853a77a33cd5eab46a4c436449f4cbdc1036daabbdeddf
              • Opcode Fuzzy Hash: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
              • Instruction Fuzzy Hash: BC0144322546869BD32ADB1CC805F99BB98FF41758F0840A9FA049B6A1DE78C800C215
              Function 013761E5 Relevance: .0, Instructions: 41COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 082187d8e3a9ef445d34714ecbaffe9dbade791e195f16373c3615812e3f30d4
              • Instruction ID: 55503f40cd82664c10103f7c85a7c0003635d0d3bd538d26e9fe72ce931d5e06
              • Opcode Fuzzy Hash: 082187d8e3a9ef445d34714ecbaffe9dbade791e195f16373c3615812e3f30d4
              • Instruction Fuzzy Hash: AA018F71A10249ABDB00DFA9D855AEEBBF8BF58314F14005AE500E7280D734EA01CB94
              Function 013263C0 Relevance: .0, Instructions: 41COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
              • Instruction ID: f76b9a71affafff79ed1f5c9f62d531cc1845df270c6646f0365b7cd9b17a2a7
              • Opcode Fuzzy Hash: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
              • Instruction Fuzzy Hash: B0F0497220001DBFEF01AF94CD80DEF7B7EEF58698B104124FA10A2120D231DD21ABA0
              Function 0132A4B0 Relevance: .0, Instructions: 40COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8fb6e4d6d748a9498d9b20f383e0ce592e4ebde8009a7dd8b3b1e250018e432d
              • Instruction ID: 9df3f776fce107e1aade13a032cc1888a7fe7a37f7cf1e6e6f0f8fe92c74934e
              • Opcode Fuzzy Hash: 8fb6e4d6d748a9498d9b20f383e0ce592e4ebde8009a7dd8b3b1e250018e432d
              • Instruction Fuzzy Hash: 38018536100219EBCF12AE84D840EDA7F6AFB4C768F068205FE1866620C336D970EB81
              Function 0129C0F0 Relevance: .0, Instructions: 39COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e932ce43583d070f9a09e8202a861c3741de8e9b796c43db53b28bf00f3ec072
              • Instruction ID: 915d2672f581aaa7e29ecb0017b4bc32be5a89e807ac826fe01af6ca55e5ce08
              • Opcode Fuzzy Hash: e932ce43583d070f9a09e8202a861c3741de8e9b796c43db53b28bf00f3ec072
              • Instruction Fuzzy Hash: C1F0B4B22342425BFB54961D9C06F33369AE7D0751F65806AEB058B2D1EA71DC118798
              Function 012D656A Relevance: .0, Instructions: 39COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: fe884dbc918884e4a2378995904d089a193a6ae6c2ce6ebe2dbc1dd287e26694
              • Instruction ID: aee942b2fab65f4f6a0c4898c3160cb225821833a96fabc02616b1da1082bfbe
              • Opcode Fuzzy Hash: fe884dbc918884e4a2378995904d089a193a6ae6c2ce6ebe2dbc1dd287e26694
              • Instruction Fuzzy Hash: FA01A470210682DBE3369B2CDD48B6537A8BB40B44F880590FA41CBADAE768D4828210
              Function 0134437C Relevance: .0, Instructions: 37COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
              • Instruction ID: 5ff193e5f9c4097f0deb9142142cbece0e85c79e61ddcbf0d6dcc4488f126c05
              • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
              • Instruction Fuzzy Hash: 19F02E33341D1347E776AA2D8420B3FA6D5AF90E44B05453CA642CB640DF20FC10C780
              Function 0132E872 Relevance: .0, Instructions: 36COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
              • Instruction ID: e0847859327e8b4da89b513346411e61f15923c44f68e090926a05c59cfec526
              • Opcode Fuzzy Hash: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
              • Instruction Fuzzy Hash: 06F05E337116329BE321AA8EDC81F16BBA8AFD5E64F190079E6549B664C7B0EC0187D0
              Function 0132C89D Relevance: .0, Instructions: 36COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f045ef5de88d594ee4f2fac51526ec70a41c21f9f113d6e2f72a383059da47c6
              • Instruction ID: f884a955d8d8fc2888cb74e38be8d817c9b3c214e9e53ac943e423202447007e
              • Opcode Fuzzy Hash: f045ef5de88d594ee4f2fac51526ec70a41c21f9f113d6e2f72a383059da47c6
              • Instruction Fuzzy Hash: 5BF0AF706153449FC310FF28C845A2EBBE4FF98714F80865AB898DB394E634EA00CB96
              Function 012D0854 Relevance: .0, Instructions: 35COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
              • Instruction ID: e04bf8f69c26e830f7c3b64c1d2136027a383bb5797c106ba4274699c755b5dc
              • Opcode Fuzzy Hash: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
              • Instruction Fuzzy Hash: 70F0E972624205AFE715DF26CC02F96B7E9EF98350F148078A645D7170FAB0ED41C658
              Function 01328D20 Relevance: .0, Instructions: 35COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5a977f06c85a6228cb56f36d82bd366c412593aa802766fe8659847a8dbbedc0
              • Instruction ID: 8c2a9037d3e6c3c1423f6090dd0bca4985c14445c4ca223f9d12331d3e741192
              • Opcode Fuzzy Hash: 5a977f06c85a6228cb56f36d82bd366c412593aa802766fe8659847a8dbbedc0
              • Instruction Fuzzy Hash: 08F0E9365002586FDB327E1CEC44B6ABB9DFB94718F49049AF98527161C7356CC5C780
              Function 0132C912 Relevance: .0, Instructions: 34COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 36866fa086d17c1be318d413e689b5a4474eae84400470695b04988591feeddb
              • Instruction ID: 09bff5fcf159ae659261c71b57b63cd3e6de3b382cca07c9116c6fd4da05360a
              • Opcode Fuzzy Hash: 36866fa086d17c1be318d413e689b5a4474eae84400470695b04988591feeddb
              • Instruction Fuzzy Hash: 88F0AF70A10249AFCB04EF69C555AAEB7F4FF18344F008055A845EB385DA34EA01CB50
              Function 012A47FB Relevance: .0, Instructions: 33COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f1b263fec59f5d11260264f1d898ea3b40f6585f9e06c9c3448f54144518fefc
              • Instruction ID: 33510afc55c14e9ca949aaf1f86572b78f9bdaa3ad14414b037234375e8bcb38
              • Opcode Fuzzy Hash: f1b263fec59f5d11260264f1d898ea3b40f6585f9e06c9c3448f54144518fefc
              • Instruction Fuzzy Hash: 7AF024319322E28FE732EB1CE844B217BC49F00738F8C48AAC65983502C3E4E880C601
              Function 01360115 Relevance: .0, Instructions: 32COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3883ea57e91d4dad1a4265fa97951cbe936ea6d1733b3a93669087345699a795
              • Instruction ID: f7a3713f99bc4d559bcd6208d5884e3a794e7a6f0f39285ecff3c48aa238762a
              • Opcode Fuzzy Hash: 3883ea57e91d4dad1a4265fa97951cbe936ea6d1733b3a93669087345699a795
              • Instruction Fuzzy Hash: 27F055BE41B6C08ACF366B3C78977D17F6CA74162CF095089ECA16720EC5798883C320
              Function 012DC5ED Relevance: .0, Instructions: 31COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 99f3dc35a3169a9a48b554a4891911c64ba5ec758306b15c5f835c5713f01fe1
              • Instruction ID: 40a040559055d27106a82f9ffd463ccd0dcd532d570d6e72f1e1ff39bf6bad3d
              • Opcode Fuzzy Hash: 99f3dc35a3169a9a48b554a4891911c64ba5ec758306b15c5f835c5713f01fe1
              • Instruction Fuzzy Hash: 63F052718312528FE332871CC048B21BBD49B807A0F1C942DE66687602C260F8A0CAC0
              Function 012E2619 Relevance: .0, Instructions: 31COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
              • Instruction ID: c2087724cffc61834a28bc7d5a2ef966c9996d25d989e20a62c401e441212fa0
              • Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
              • Instruction Fuzzy Hash: 9CE0D8723506016BE7129F59CCC4F677BAEDFD2B10F440479B6055F252C9E2DD0986A4
              Function 01336030 Relevance: .0, Instructions: 29COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
              • Instruction ID: d4d086d99ff02aa93afa62456e96fa957fc992908e102c0047c5f4e66791a8ce
              • Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
              • Instruction Fuzzy Hash: D3F030B2118204AFE3218F09D986F52F7F8EB45368F45C025E6099B561D37AED40CBA8
              Function 012A0710 Relevance: .0, Instructions: 28COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
              • Instruction ID: 0a713fdfcd7dd22f8835f4db066cddc87e2ef3f52d88ece1254b4630f1e7cb46
              • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
              • Instruction Fuzzy Hash: 7BF0E5392643469BEB1ADF19C440AA5BFE4FB51390F010098FD428B311E771E981CB95
              Function 012D49D0 Relevance: .0, Instructions: 28COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
              • Instruction ID: b9b289cf5515f12560bf8f8d3ec65fd75b0f315a5a2f953ab5f69e0a7fa4d9a6
              • Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
              • Instruction Fuzzy Hash: FCE0D8322741C6ABD3313A59C821F6677A5DBD87E0F260429E3408B954DBB0EC40C7D9
              Function 0134678E Relevance: .0, Instructions: 27COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
              • Instruction ID: ee89c7d2aa90175e839751de648b385b070492c44770079647540724eaeb41d8
              • Opcode Fuzzy Hash: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
              • Instruction Fuzzy Hash: D5E0DF72A40210BBDB22AB998D02FAABEACDB90FA4F150054B600EB094E530EE00C690
              Function 012A25E0 Relevance: .0, Instructions: 23COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID: InitializeThunk
              • String ID:
              • API String ID: 2994545307-0
              • Opcode ID: 4a34975f7a4eca1fe8523744c8fe56378d12ce726ccff60b93747a229f1e905e
              • Instruction ID: 079090bf5f981bda4cbed70b9deb7786f99436cd1c8f1556b814a8d8efd9cf93
              • Opcode Fuzzy Hash: 4a34975f7a4eca1fe8523744c8fe56378d12ce726ccff60b93747a229f1e905e
              • Instruction Fuzzy Hash: F8E092721105949BC721FF29DD01FAA779AEB60760F414519F11557190CA70A810C7C4
              Function 0135A456 Relevance: .0, Instructions: 23COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
              • Instruction ID: c1fa152c00931484beccc4051e08150b7ae8a92b4fd4b112adb3e27ed4b5dc8e
              • Opcode Fuzzy Hash: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
              • Instruction Fuzzy Hash: 50E09231020A12DFE7726F6AD848F627EE0BF50B15F148D2CE196225B0C7B598C1DA40
              Function 01324000 Relevance: .0, Instructions: 22COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
              • Instruction ID: 8987d632d29fc5f2d730ba86926f3898732ddba648fbcc6d07156d17c5da24c0
              • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
              • Instruction Fuzzy Hash: BFE0C2343003158FE715DF1AC040B62BBB6BFD5A14F28C068E9488F205EB36E882CB40
              Function 012DCA38 Relevance: .0, Instructions: 22COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5e3af47ed87a3962b13a1744b3c51e08fa6cb1ee04bf912221556ebbd52a15ef
              • Instruction ID: b2e7fcc67f626eef0659177083dee44c57e007199915fb33c70fe529728f524c
              • Opcode Fuzzy Hash: 5e3af47ed87a3962b13a1744b3c51e08fa6cb1ee04bf912221556ebbd52a15ef
              • Instruction Fuzzy Hash: FED02B324F10616ACB36F918FC44FE33A5D9B50760F014869F20896010D565CC91D3C4
              Function 0129823B Relevance: .0, Instructions: 21COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
              • Instruction ID: 0fa1053db18f842c1c4583f19fcb90445563335b2784f70b8d4513a03db820e6
              • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
              • Instruction Fuzzy Hash: 79E0C232870A59EFDF322F29DC04F6176E9FF55B50F24486EE186064A487F4AC81CB44
              Function 012A2050 Relevance: .0, Instructions: 20COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0d280edd2bd3bffe59e700e996024c69ffad8bfce4cb61abe44c53158cd0267d
              • Instruction ID: 26bc4a51d9aded3f5d73dae3698a76b12e2ef4adc3a3feeaa61fd4e0ed59bdb6
              • Opcode Fuzzy Hash: 0d280edd2bd3bffe59e700e996024c69ffad8bfce4cb61abe44c53158cd0267d
              • Instruction Fuzzy Hash: 2BE08C32111490ABC211FA5DDD41EAA739EEBA47A0F440221F15087294CA60AC00C794
              Function 012D8A90 Relevance: .0, Instructions: 20COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
              • Instruction ID: fde7963c8f2b58d543a4318e0a89b7a03d26370bbbedd6c047bc3eb8ede2557a
              • Opcode Fuzzy Hash: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
              • Instruction Fuzzy Hash: B7E08633121A1487C728DE18D512B7277A4EF45720F09463EE61347780C534F544C795
              Function 012F6AA4 Relevance: .0, Instructions: 17COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
              • Instruction ID: 2b2d6a009211088c4f6a4cd4a206f595b1c639cad78623c36fc0902c6d2c41bc
              • Opcode Fuzzy Hash: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
              • Instruction Fuzzy Hash: F7D05E36521A50AFC3329F1BEA00C53FBF9FBC4B50705063EE64583924C670E806CBA0
              Function 012DE59C Relevance: .0, Instructions: 16COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
              • Instruction ID: 4c9bc5135d240f7114f36dc86041f864a728f52099107c4ae48cbc829fc5b349
              • Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
              • Instruction Fuzzy Hash: 3DD0A932214620ABD772AA1CFC00FD333E8BB88B64F060459F018C7054C360AC82CB84
              Function 0131E908 Relevance: .0, Instructions: 16COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
              • Instruction ID: 457a4d6d3c3c15d356ba82fedf4c50b69092f5fd7eef4810fc58302ec7080197
              • Opcode Fuzzy Hash: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
              • Instruction Fuzzy Hash: EEE08C319106809FCF57DF99C640F5ABBB5BB84B40F190054A4085B224C239AC00CB40
              Function 0129A0E3 Relevance: .0, Instructions: 15COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
              • Instruction ID: c1eca4abb4187900dd30b0cb196b26836806aba6f15a3844f6ba4a48cbbb360d
              • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
              • Instruction Fuzzy Hash: C1D0223223203193CF2896996800FA36905EB81AD0F0A002C750AA3800C0148C42C2E0
              Function 012DA830 Relevance: .0, Instructions: 14COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
              • Instruction ID: ccec8a3bd9ede1ab7c9b1eedcdd7cee529f1cb4f93a379ea94a35b0ea037eaf6
              • Opcode Fuzzy Hash: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
              • Instruction Fuzzy Hash: 10D012371E054DBBCB11DFA6DC41FA57BA9E764BA0F444020F514875A0C63AE950D684
              Function 012DCA24 Relevance: .0, Instructions: 14COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 499abe105a8ae6a16975ae7fc68adef1b42f4f2647f97fa2fd69d2fc46978caf
              • Instruction ID: 3595886e8f08f34834787ea56f10d5fedfa0cf8b4fc8ba6a90ae2bf755e9d72a
              • Opcode Fuzzy Hash: 499abe105a8ae6a16975ae7fc68adef1b42f4f2647f97fa2fd69d2fc46978caf
              • Instruction Fuzzy Hash: B4D0A730561002CBDF1ACF89C511D7E3674FB20740F4000ACE74061024D725FC11C740
              Function 012DC700 Relevance: .0, Instructions: 12COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
              • Instruction ID: eef6b296e81f9fc62e969e5cd55919f698e35ca51f834bc5677896b11a1bcb83
              • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
              • Instruction Fuzzy Hash: 68C012322A0648AFC712EA99CD41F527BA9EBA8B80F000021F2048B670C631E820EA84
              Function 012C0310 Relevance: .0, Instructions: 11COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
              • Instruction ID: ef8508b2d6eeaf4e1a0ba675197054346fb8d765bb68ee99f3e3907e4c3d66ec
              • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
              • Instruction Fuzzy Hash: 20D01236110248EFCB01DF41C890DAA772AFBD8B10F108019FD19076108A31ED63DA50
              Function 012A0750 Relevance: .0, Instructions: 9COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
              • Instruction ID: b1a2fc724c4b8aeed44ffdece6604b62d3a8f41e3df5b290001e94edaddc981f
              • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
              • Instruction Fuzzy Hash: C6C04C757115428FCF16DF19D6D4F5577E4F744740F160890E945CB721E624E801CA10
              Function 012E4340 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2bc9df96bdc25882998de5f54f853a42daf9fb02adc4e56da806b41a2ca9de76
              • Instruction ID: e027987373c5cee49ae6df7d71d5ee2445044f62f8d6f5c1a062250c0425aeb1
              • Opcode Fuzzy Hash: 2bc9df96bdc25882998de5f54f853a42daf9fb02adc4e56da806b41a2ca9de76
              • Instruction Fuzzy Hash: 4A90023161580012954071584884546C005E7E1301F55C025E2424554CCB14CA6A5361
              Function 012E4650 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 31ea2d2e3640456be3f69e49bd6a24749aa78d6bde237432104bfe7d1bf098fe
              • Instruction ID: f16ba7291152749d5b09e3a9b2b684e1ac2637385379c31b6dec71414cf96a56
              • Opcode Fuzzy Hash: 31ea2d2e3640456be3f69e49bd6a24749aa78d6bde237432104bfe7d1bf098fe
              • Instruction Fuzzy Hash: 2F90026161150042454071584804406E005E7E2301795C129A2554560CC718C9699369
              Function 012E2BA0 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d8dffe61921fcc926fcc9233afc90fb76e2fac4f62ce3d5960c37dd9cf1f9aae
              • Instruction ID: ff18f04835710d43fce0ff546e060f2851a254aa5793f4c66115a588163c4273
              • Opcode Fuzzy Hash: d8dffe61921fcc926fcc9233afc90fb76e2fac4f62ce3d5960c37dd9cf1f9aae
              • Instruction Fuzzy Hash: 6190023161540802D550715844147468005D7D1301F55C025A2024654DC755CB6977A1
              Function 012E2B80 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ab3babb0d8ff400085ec5acb4cec31f443eae514fa049dce62cb157e01310700
              • Instruction ID: 0cd2992e5162986cd96e4fdb9e876c4a7c9b85513868d161c7c0556837b50eef
              • Opcode Fuzzy Hash: ab3babb0d8ff400085ec5acb4cec31f443eae514fa049dce62cb157e01310700
              • Instruction Fuzzy Hash: 9190023121140802D504715848046868005D7D1301F55C025A7024655ED765C9A57231
              Function 012E2BE0 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 87f66c767acee32158001708e24b529fdf9d1f3b79d7c54a1bed7fc0a619d689
              • Instruction ID: f842175cda6c862fcd369807b2bf9128206faf4a0fc5fe2d60c10ab1ae6e056c
              • Opcode Fuzzy Hash: 87f66c767acee32158001708e24b529fdf9d1f3b79d7c54a1bed7fc0a619d689
              • Instruction Fuzzy Hash: E790023121544842D54071584404A468015D7D1305F55C025A2064694DD725CE69B761
              Function 012E2BF0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3362d467b04a0e7b008710daf87418c31a9517517693e71234102b0c92a4572b
              • Instruction ID: 35aec620f47816ccde3d6706e76bc520520560e5fba21bc95d43b95dcc58bde5
              • Opcode Fuzzy Hash: 3362d467b04a0e7b008710daf87418c31a9517517693e71234102b0c92a4572b
              • Instruction Fuzzy Hash: 3590023121140802D5807158440464A8005D7D2301F95C029A2025654DCB15CB6D77A1
              Function 012E2AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 96c2ec16b4db6943f72c71224df1df753efcb4edbc9071bde1e07844680043c3
              • Instruction ID: 4f18102bff423548d23ebf32867bf1560b61201a0d9fd275cc120b8857d19ff9
              • Opcode Fuzzy Hash: 96c2ec16b4db6943f72c71224df1df753efcb4edbc9071bde1e07844680043c3
              • Instruction Fuzzy Hash: 919002A1211540924900B2588404B0AC505D7E1201F55C02AE3054560CC625C9659235
              Function 012E2AF0 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6776d36ead30d21c3f0ae26a3b86dff98eb8a53ef1780263f3b4ba288037259c
              • Instruction ID: 9d405db88c6bf99f652b617962067cf1aa41fd3c0f41ba938b8efb7f857e059f
              • Opcode Fuzzy Hash: 6776d36ead30d21c3f0ae26a3b86dff98eb8a53ef1780263f3b4ba288037259c
              • Instruction Fuzzy Hash: 92900225231400020545B558060450B8445E7D7351795C029F3416590CC721C9795321
              Function 012E2AD0 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: cc418bc915f04a8b12e030d068223abd0c3207530f4341e303b32ee10d2f916e
              • Instruction ID: 618f5d407648bb095806dcad3992acc54128cb5b8e525444c1c8e17a15bd327a
              • Opcode Fuzzy Hash: cc418bc915f04a8b12e030d068223abd0c3207530f4341e303b32ee10d2f916e
              • Instruction Fuzzy Hash: 67900435331400030505F55C0704507C047D7D7351755C035F3015550CD731CD755331
              Function 012E2D30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6223183af40b524a054f0f0f76702c5ee9d651449d54fdb42ac0eb7b80b9d751
              • Instruction ID: d302857551b043c155c2ba2b68312325caf99814865a59fcdbf1740a5e036bb2
              • Opcode Fuzzy Hash: 6223183af40b524a054f0f0f76702c5ee9d651449d54fdb42ac0eb7b80b9d751
              • Instruction Fuzzy Hash: 4390022131140003D54071585418606C005E7E2301F55D025E2414554CDA15C96A5322
              Function 012E2D00 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 85f8f8e8a07bf10a96b1a7c90c1c36cbaac2a915bb85cff00a1b7d24bc90378b
              • Instruction ID: 4d7d080f930e9f2188f02fba4145a2eff4e92143961ae34b5dfc3040fac33677
              • Opcode Fuzzy Hash: 85f8f8e8a07bf10a96b1a7c90c1c36cbaac2a915bb85cff00a1b7d24bc90378b
              • Instruction Fuzzy Hash: 6690022121544442D50075585408A068005D7D1205F55D025A3064595DC735C965A231
              Function 012E2D10 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 56d82a944df08d5288b81a1dcdf68037732808669b6915fdb0c2de790821ae9c
              • Instruction ID: 6afec66dfa395c451449ea2fc5a93c22e39189a4e800472488da0f77c61123fe
              • Opcode Fuzzy Hash: 56d82a944df08d5288b81a1dcdf68037732808669b6915fdb0c2de790821ae9c
              • Instruction Fuzzy Hash: 4190022922340002D5807158540860A8005D7D2202F95D429A2015558CCA15C97D5321
              Function 012E2DB0 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8c24acfaa4957bf2ca2273e68a14799fb53f4c2d85fdcff474fd37c4ae07b4ab
              • Instruction ID: 7e6e194fafee53b2f93abd5a4c38576efd0e378973ba5c5e3f040db5835c1298
              • Opcode Fuzzy Hash: 8c24acfaa4957bf2ca2273e68a14799fb53f4c2d85fdcff474fd37c4ae07b4ab
              • Instruction Fuzzy Hash: 5990023125140402D541715844046068009E7D1241F95C026A2424554EC755CB6AAB61
              Function 012E2DD0 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d052e2a2c8380ba717fd8afeeae98d2153a876d8226ab47b9a8cd6537f65a5c8
              • Instruction ID: 00d6322864c5d598369714b86ac20f788b1fcd3a442eea22e3ed1e67c576b234
              • Opcode Fuzzy Hash: d052e2a2c8380ba717fd8afeeae98d2153a876d8226ab47b9a8cd6537f65a5c8
              • Instruction Fuzzy Hash: C8900221252441525945B1584404507C006E7E1241B95C026A3414950CC626D96AD721
              Function 012E2C60 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9e1eace544bf511e79c30f0667f05f0afa1f07c4dc8f7b32b58c6fad4b140804
              • Instruction ID: 97f4c345ae2bb1885a57c077af9821131c968c90d612d98010d9e0d930235769
              • Opcode Fuzzy Hash: 9e1eace544bf511e79c30f0667f05f0afa1f07c4dc8f7b32b58c6fad4b140804
              • Instruction Fuzzy Hash: 5290023121140842D50071584404B468005D7E1301F55C02AA2124654DC715C9657621
              Function 012E2CA0 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a98ed6958994e461e68dd857fb01e65293dc65ecd3eebf8b9ff7863661b0ce0b
              • Instruction ID: dba74a9611b1ae4a3f7621d4e35aa995a505ca9acdcd2afbd368c11e82931cc4
              • Opcode Fuzzy Hash: a98ed6958994e461e68dd857fb01e65293dc65ecd3eebf8b9ff7863661b0ce0b
              • Instruction Fuzzy Hash: 7B90023121140402D500759854086468005D7E1301F55D025A7024555EC765C9A56231
              Function 012E2CF0 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5a91f5a71877eff2109031ae4789b9541f810c6f3d75deb5054fd916a9a400ec
              • Instruction ID: 1bfe670e41e9edcb12cd223419f4fddbd5d3c5890d8f5f1748413b641ee60650
              • Opcode Fuzzy Hash: 5a91f5a71877eff2109031ae4789b9541f810c6f3d75deb5054fd916a9a400ec
              • Instruction Fuzzy Hash: 6690023121140403D500715855087078005D7D1201F55D425A2424558DD756C9656221
              Function 012E2CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 087944c906a47ec996373ffc30bd865a6f17f1bc4260462804920c8ebe3752a5
              • Instruction ID: 6091e2e0a393bb39824d42eb94e9a28b7109b721e9fc55e972dde48e98446b6d
              • Opcode Fuzzy Hash: 087944c906a47ec996373ffc30bd865a6f17f1bc4260462804920c8ebe3752a5
              • Instruction Fuzzy Hash: 8490022161540402D540715854187068015D7D1201F55D025A2024554DC759CB6967A1
              Function 012E2F30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 933a4b71de5e1582e4e5bf67883b384a96880a32c45d45d2fe569399cb1d4bf9
              • Instruction ID: ccdc18df7c75d385cf6a072200648dbf4cc16bcd9212025f31bc62fc8e39bfb5
              • Opcode Fuzzy Hash: 933a4b71de5e1582e4e5bf67883b384a96880a32c45d45d2fe569399cb1d4bf9
              • Instruction Fuzzy Hash: 2F90026135140442D50071584414B068005D7E2301F55C029E3064554DC719CD666226
              Function 012E2F60 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 94c4d826974056bcb8ce472830666e2dac7f840c874e795f045ac208c2ce4b84
              • Instruction ID: 076b535d1054ce191d1641ee625eb7a0ee43fb3d22bfb5323efa47c5632bdba9
              • Opcode Fuzzy Hash: 94c4d826974056bcb8ce472830666e2dac7f840c874e795f045ac208c2ce4b84
              • Instruction Fuzzy Hash: 9B90026122140042D504715844047068045D7E2201F55C026A3154554CC629CD755225
              Function 012E2FA0 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f963e081187f203001035dfa16394f0ec2c98a37ca11be8b82e16e1dc1c1ecba
              • Instruction ID: 4d18b0aae422654437295bf7462efb96796b6f7641d91584e2a34266f9cab8c2
              • Opcode Fuzzy Hash: f963e081187f203001035dfa16394f0ec2c98a37ca11be8b82e16e1dc1c1ecba
              • Instruction Fuzzy Hash: 4690023121180402D500715848087478005D7D1302F55C025A7164555EC765C9A56631
              Function 012E2FB0 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f16cd20942dd70645854cff26c2500120678ee1fd236cadc9b4d98311eeee80f
              • Instruction ID: c0b4c762bf8fcff03a84ef7051b1f02af518afe029a84fe92f7033a40c043a07
              • Opcode Fuzzy Hash: f16cd20942dd70645854cff26c2500120678ee1fd236cadc9b4d98311eeee80f
              • Instruction Fuzzy Hash: 8490022161140042454071688844906C005FBE2211B55C135A2998550DC659C9795765
              Function 012E2F90 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 66429149fad94779386549835e40e26d225eeaf7dcc3569ba4b44d9d68550713
              • Instruction ID: f8729bee8f54cec946a97b0e96c215890930e3d4e0d96d26541c78435997e188
              • Opcode Fuzzy Hash: 66429149fad94779386549835e40e26d225eeaf7dcc3569ba4b44d9d68550713
              • Instruction Fuzzy Hash: 9390023121180402D5007158481470B8005D7D1302F55C025A3164555DC725C9656671
              Function 012E2FE0 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2a11e05847328acb3dd5c706a7b55eb9529f69837b2dbf78035193b65feef9d7
              • Instruction ID: 14ec983998e7575a038ccef680fee5b621bc768664d461952e2de3c6ad3f04f5
              • Opcode Fuzzy Hash: 2a11e05847328acb3dd5c706a7b55eb9529f69837b2dbf78035193b65feef9d7
              • Instruction Fuzzy Hash: 9D900221221C0042D60075684C14B078005D7D1303F55C129A2154554CCA15C9755621
              Function 012E2E30 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f12136e5cf57517b90c4feb4c0309ee205a2f6c69df05968d137765837465233
              • Instruction ID: 70e9e1172b66693e1d739d6a1a3308ce44db0fe860843a6a71e495ba7b3e4760
              • Opcode Fuzzy Hash: f12136e5cf57517b90c4feb4c0309ee205a2f6c69df05968d137765837465233
              • Instruction Fuzzy Hash: 4090022131140402D502715844146068009D7D2345F95C026E3424555DC725CA67A232
              Function 012E2EA0 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6dae5670d35ebbec9ecf3cf37c3187989f3145e7487db8f3363708da8cf35df2
              • Instruction ID: c037b815cbf61b5fdbbe550744ce60fc006ad559a06e2245bc505d2289504f73
              • Opcode Fuzzy Hash: 6dae5670d35ebbec9ecf3cf37c3187989f3145e7487db8f3363708da8cf35df2
              • Instruction Fuzzy Hash: 2090027121140402D540715844047468005D7D1301F55C025A7064554EC759CEE96765
              Function 012E2E80 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f93eb65134ed829c770336298af0d70232f5b4d631e13c21f50065a42e910d86
              • Instruction ID: cd18effd09521368041ed873c22d27338742ce4d43d7b099f3cd02a1a6f0650c
              • Opcode Fuzzy Hash: f93eb65134ed829c770336298af0d70232f5b4d631e13c21f50065a42e910d86
              • Instruction Fuzzy Hash: DF90022161140502D50171584404616800AD7D1241F95C036A3024555ECB25CAA6A231
              Function 012E2EE0 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ce1b1f840ef82adf45bd002408df9fb4756825bd1e93c5164b09e259e372a25f
              • Instruction ID: 3c5a9260be82a79a4f45fdc469fa757ef14a850ab0683ac70ecda0838f8d2bfb
              • Opcode Fuzzy Hash: ce1b1f840ef82adf45bd002408df9fb4756825bd1e93c5164b09e259e372a25f
              • Instruction Fuzzy Hash: 5090026121180403D540755848046078005D7D1302F55C025A3064555ECB29CD656235
              Function 012E3010 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 60e9cd4ed41db9e24e3e502ad2f2d2aca51651a7a49858674a850f8ad9915abb
              • Instruction ID: a6956ded2ddb0d5467464b9d4e6313600c9521dc61e8343de87c86443bda478b
              • Opcode Fuzzy Hash: 60e9cd4ed41db9e24e3e502ad2f2d2aca51651a7a49858674a850f8ad9915abb
              • Instruction Fuzzy Hash: 6A90022121184442D54072584804B0FC105D7E2202F95C02DA6156554CCA15C9695721
              Function 012E3090 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: fc41c0ae9e89bb1f14645022d84b2e0769daa0f656d6cc09b9f5cdfee4239903
              • Instruction ID: b0f0fdbb3ffc3209d847080dc8f0348be86e4a1dc074907650722bd531f155f3
              • Opcode Fuzzy Hash: fc41c0ae9e89bb1f14645022d84b2e0769daa0f656d6cc09b9f5cdfee4239903
              • Instruction Fuzzy Hash: 0C90022125140802D540715884147078006D7D1601F55C025A2024554DC716CA7967B1
              Function 012E39B0 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9b32c49de9b73c7b3d663e4f9156d7bad4c61fbe09268e105b62204f8c52682a
              • Instruction ID: 8e87a546aa990b8f368d37ea2e2db84fae49419446cb3f7daaf9e3661bb0c534
              • Opcode Fuzzy Hash: 9b32c49de9b73c7b3d663e4f9156d7bad4c61fbe09268e105b62204f8c52682a
              • Instruction Fuzzy Hash: 7290022125545102D550715C4404616C005F7E1201F55C035A2814594DC655C9696321
              Function 012E3D10 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4e2494edffcea4d5675d568f9d2ce6502a45477887ad5b8334ed2e1e94307f90
              • Instruction ID: a5dceed809d059b94700e836d13f440e404125589e19949e95d39656bbff3610
              • Opcode Fuzzy Hash: 4e2494edffcea4d5675d568f9d2ce6502a45477887ad5b8334ed2e1e94307f90
              • Instruction Fuzzy Hash: 8C90023121240142994072585804A4EC105D7E2302F95D429A2015554CCA14C9755321
              Function 012E3D70 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3eec13ad915f2e18696e833e1e52696e41189f91a6c1254616769e8cef2db6c7
              • Instruction ID: 0877f7edb873cd1bc3ea5324a1ad59437b5a32397171b1ab90912ce6da5c0d92
              • Opcode Fuzzy Hash: 3eec13ad915f2e18696e833e1e52696e41189f91a6c1254616769e8cef2db6c7
              • Instruction Fuzzy Hash: 0890023521140402D910715858046468046D7D1301F55D425A2424558DC754C9B5A221
              Function 012E2C00 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
              • Instruction ID: 8f5d19bb350a86a451e7a8bee718e3a36a70be2f60efc23d6a66b3930f5f9659
              • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
              • Instruction Fuzzy Hash:
              Function 012E2890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
              Download Yara Rule
              APIs
              Strings
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID: ___swprintf_l
              • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
              • API String ID: 48624451-2108815105
              • Opcode ID: 9e22667f117e6fba2d81074240f3c76b2f06bc4b3eb7e06f16d8f05c073a31a6
              • Instruction ID: ee242c3f1ad432d0c2b3a55cb651f580d30b9c5f308c690c0513e2cc11ac3a5a
              • Opcode Fuzzy Hash: 9e22667f117e6fba2d81074240f3c76b2f06bc4b3eb7e06f16d8f05c073a31a6
              • Instruction Fuzzy Hash: E65107B6A24157FFCB15DBAC889497EFBFCBB08241B508129E59AD3641D374DE00C7A0
              Function 01352410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
              Download Yara Rule
              APIs
              Strings
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID: ___swprintf_l
              • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
              • API String ID: 48624451-2108815105
              • Opcode ID: f8fc6760348b463fab082070bb06eebfd6dcea330ccd86aba1e28e6516aa83e9
              • Instruction ID: c695d77d5f1140e464643f93737d1e6467b323b45bb90a1ec9ee5e0af85612ac
              • Opcode Fuzzy Hash: f8fc6760348b463fab082070bb06eebfd6dcea330ccd86aba1e28e6516aa83e9
              • Instruction Fuzzy Hash: 9B5117B1A00645EEDF74DF6CC890C7FFBF9EB44608B048869E9D6D7642D6B4EA008760
              Function 012D7630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
              Download Yara Rule
              Strings
              • Execute=1, xrefs: 01314713
              • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 01314725
              • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 01314655
              • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 013146FC
              • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 01314742
              • CLIENT(ntdll): Processing section info %ws..., xrefs: 01314787
              • ExecuteOptions, xrefs: 013146A0
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
              • API String ID: 0-484625025
              • Opcode ID: 7937e950abe5c9d86ea959b524c4a9835a92282829127666c52e4b44a8a8dcea
              • Instruction ID: cb475a6a4039c5c2d90dd7faf896ade641e40260fb652534e6b96ce2a4779c3f
              • Opcode Fuzzy Hash: 7937e950abe5c9d86ea959b524c4a9835a92282829127666c52e4b44a8a8dcea
              • Instruction Fuzzy Hash: E151483162021ABEEF24ABA8DC89FBD77BCEF14308F140499E605A71C0E7749A418F90
              Function 012EB5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
              Download Yara Rule
              APIs
              Strings
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID: __aulldvrm
              • String ID: +$-$0$0
              • API String ID: 1302938615-699404926
              • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
              • Instruction ID: be0d711f68c60a374d89dd18ff8646da46627971be59af9c9d5378301038db9f
              • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
              • Instruction Fuzzy Hash: 0481E471E6524A8EEF29CF6CC8997FEBBF1AF45310F98411ADA51A7791C7308840CB61
              Function 013520E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
              Download Yara Rule
              APIs
              Strings
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID: ___swprintf_l
              • String ID: %%%u$[$]:%u
              • API String ID: 48624451-2819853543
              • Opcode ID: 14c94b76cbcf1efd2cbebfcefe1040b671055cf9787ecb542bcc146328fa2a6a
              • Instruction ID: 7bacea98510de94b0dcc50cb99135b1088c6b9f702dd9304cfb8e9da8f25775b
              • Opcode Fuzzy Hash: 14c94b76cbcf1efd2cbebfcefe1040b671055cf9787ecb542bcc146328fa2a6a
              • Instruction Fuzzy Hash: 24215E7AA10119ABDB50DE79DC44EFFBBF9AF54A44F44012AEE05E3201E7309A018BA5
              Function 012CF5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
              Download Yara Rule
              Strings
              • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 013102E7
              • RTL: Re-Waiting, xrefs: 0131031E
              • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 013102BD
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
              • API String ID: 0-2474120054
              • Opcode ID: 889c662738c0a4d708c070e0805c105b48065668fb8a0b8365ce2e18c1b18237
              • Instruction ID: 56c8d5a0929173accf8ab708d4e120cad9f7ad86ed2d67fa281cff7b63383c00
              • Opcode Fuzzy Hash: 889c662738c0a4d708c070e0805c105b48065668fb8a0b8365ce2e18c1b18237
              • Instruction Fuzzy Hash: 23E1CF306247429FD729CF28C985B6ABBE1BB84718F240B2DF6A5CB2D1D774D845CB42
              Function 012DBED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
              Download Yara Rule
              Strings
              • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 01317B7F
              • RTL: Re-Waiting, xrefs: 01317BAC
              • RTL: Resource at %p, xrefs: 01317B8E
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
              • API String ID: 0-871070163
              • Opcode ID: b0135b3dde3a0a1a5d9e1b8fefd002da26534e3deb60dd2e0c4dc2bac246a2c6
              • Instruction ID: 66010895f81a04b090c2bae75af1d68ae44bc64d64902f358e86aee65d5158e5
              • Opcode Fuzzy Hash: b0135b3dde3a0a1a5d9e1b8fefd002da26534e3deb60dd2e0c4dc2bac246a2c6
              • Instruction Fuzzy Hash: 904114353107038FDB24DE29C851B6AB7E5FF8A714F100A2DFA96D7280DB71E4058B91
              Function 012DB4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
              Download Yara Rule
              APIs
              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0131728C
              Strings
              • RTL: Re-Waiting, xrefs: 013172C1
              • RTL: Resource at %p, xrefs: 013172A3
              • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 01317294
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
              • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
              • API String ID: 885266447-605551621
              • Opcode ID: 1035bf24abef857f18b6b7f16abc295d16437300100f8cb223f58adc342fee5c
              • Instruction ID: 64219ff3ef8527f66f409224a699964b9f853a96133feaa4fb225c6c81ec5441
              • Opcode Fuzzy Hash: 1035bf24abef857f18b6b7f16abc295d16437300100f8cb223f58adc342fee5c
              • Instruction Fuzzy Hash: F7412335710203ABD725DE29CC41FA6B7A5FF99718F240619F955EB280DB30E80387D1
              Function 01352300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
              Download Yara Rule
              APIs
              Strings
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID: ___swprintf_l
              • String ID: %%%u$]:%u
              • API String ID: 48624451-3050659472
              • Opcode ID: fc58e02a3b8cce13921b3189860f46df7346d2bb31d26814c0530e968bc03816
              • Instruction ID: da3b79ca172b7486aaf8d05af2a83eebbfd8c85fa4a210bae7a1d58921d90654
              • Opcode Fuzzy Hash: fc58e02a3b8cce13921b3189860f46df7346d2bb31d26814c0530e968bc03816
              • Instruction Fuzzy Hash: EF314572A10119DFDB60DE2DDC40FAFB7F8BB54614F444559ED49E3241EB309A498BA0
              Function 012E7D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
              Download Yara Rule
              APIs
              Strings
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID: __aulldvrm
              • String ID: +$-
              • API String ID: 1302938615-2137968064
              • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
              • Instruction ID: 77a1e674fa0943d14e9422c9bc2371c5dc01d83dc98f6e90bb844e6383376f8e
              • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
              • Instruction Fuzzy Hash: 3B91C671E202079BEF24DF6DC8996BEBBE5FF44320F98451AEA55E72C0E77089408791
              Function 012A9126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID: $$@
              • API String ID: 0-1194432280
              • Opcode ID: 876c969385bc9f51c435170f5342c2e4af17e3f7354496c9c903b4b320ae3986
              • Instruction ID: 472adfab9f9d37f238018908318fb0a1f6bb8891e8992644768de455e4f431b3
              • Opcode Fuzzy Hash: 876c969385bc9f51c435170f5342c2e4af17e3f7354496c9c903b4b320ae3986
              • Instruction Fuzzy Hash: 9C812C71D10269DBDB32CB54CC55BEEB7B8AB08754F0041EAEA09B7280D7705E84CFA4
              Function 0132CEA0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 134COMMON
              Download Yara Rule
              APIs
              • @_EH4_CallFilterFunc@8.LIBCMT ref: 0132CFBD
              Strings
              Memory Dump Source
              • Source File: 00000005.00000002.2630988544.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_5_2_1270000_RegSvcs.jbxd
              Similarity
              • API ID: CallFilterFunc@8
              • String ID: @$@4Cw@4Cw
              • API String ID: 4062629308-3101775584
              • Opcode ID: 5f8ccd6bebe513de477d2f99660a1bed7858d2e5167fd8288791d48d7377827a
              • Instruction ID: d6f33699c70636c2f69ccc87e408c13bdc06b7687dfa9a562ae54bf6bd9116a9
              • Opcode Fuzzy Hash: 5f8ccd6bebe513de477d2f99660a1bed7858d2e5167fd8288791d48d7377827a
              • Instruction Fuzzy Hash: 114182B1900229DFDB21EFA9C840ABDBBF8FF54744F00402AE915EB264D735D905CB61