Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
INQUIRY 2024-SP000422-B(01) INQ24-_1.exe

Overview

General Information

Sample name:INQUIRY 2024-SP000422-B(01) INQ24-_1.exe
Analysis ID:1467273
MD5:32b02b00cf70b41be019e7e456ad02ff
SHA1:01bf3a8b8237af4a24c9a801f28c7ddb3c0c0eea
SHA256:1414599021af8f143148a590ed56e6a1d0fa3eee7fa0c2eb78c32866b84a4954
Tags:exe
Infos:

Detection

FormBook
Score:84
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected FormBook
AI detected suspicious sample
Found potential dummy code loops (likely to delay analysis)
Machine Learning detection for sample
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Detected potential crypto function
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
May sleep (evasive loops) to hinder dynamic analysis
PE file does not import any functions
Program does not show much activity (idle)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.2856776796.00000000014E0000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000000.00000002.2856776796.00000000014E0000.00000004.00001000.00020000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x2b9c0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0x1442f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    00000000.00000002.2856642535.0000000000E31000.00000040.00000001.01000000.00000003.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000000.00000002.2856642535.0000000000E31000.00000040.00000001.01000000.00000003.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
      • 0x2df33:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
      • 0x169a2:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      0.2.INQUIRY 2024-SP000422-B(01) INQ24-_1.exe.e30000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        0.2.INQUIRY 2024-SP000422-B(01) INQ24-_1.exe.e30000.0.unpackWindows_Trojan_Formbook_1112e116unknownunknown
        • 0x2e133:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
        • 0x16ba2:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01

        Sigma Signatures

        No Sigma rule has matched

        Snort Signatures

        No Snort rule has matched

        Joe Sandbox Signatures

        Click to jump to signature section

        Show All Signature Results

        AV Detection

        barindex
        Antivirus / Scanner detection for submitted sample
        Source: INQUIRY 2024-SP000422-B(01) INQ24-_1.exeAvira: detected
        Multi AV Scanner detection for submitted file
        Source: INQUIRY 2024-SP000422-B(01) INQ24-_1.exeReversingLabs: Detection: 68%
        Yara detected FormBook
        Source: Yara matchFile source: 0.2.INQUIRY 2024-SP000422-B(01) INQ24-_1.exe.e30000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 00000000.00000002.2856776796.00000000014E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000000.00000002.2856642535.0000000000E31000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
        AI detected suspicious sample
        Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
        Machine Learning detection for sample
        Source: INQUIRY 2024-SP000422-B(01) INQ24-_1.exeJoe Sandbox ML: detected
        Source: INQUIRY 2024-SP000422-B(01) INQ24-_1.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
        Source: INQUIRY 2024-SP000422-B(01) INQ24-_1.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
        Source: Binary string: wntdll.pdbUGP source: INQUIRY 2024-SP000422-B(01) INQ24-_1.exe, 00000000.00000003.2363076840.0000000001881000.00000004.00000020.00020000.00000000.sdmp, INQUIRY 2024-SP000422-B(01) INQ24-_1.exe, 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, INQUIRY 2024-SP000422-B(01) INQ24-_1.exe, 00000000.00000002.2856922715.0000000001BCE000.00000040.00001000.00020000.00000000.sdmp, INQUIRY 2024-SP000422-B(01) INQ24-_1.exe, 00000000.00000003.2354866122.00000000016DE000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: wntdll.pdb source: INQUIRY 2024-SP000422-B(01) INQ24-_1.exe, INQUIRY 2024-SP000422-B(01) INQ24-_1.exe, 00000000.00000003.2363076840.0000000001881000.00000004.00000020.00020000.00000000.sdmp, INQUIRY 2024-SP000422-B(01) INQ24-_1.exe, 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, INQUIRY 2024-SP000422-B(01) INQ24-_1.exe, 00000000.00000002.2856922715.0000000001BCE000.00000040.00001000.00020000.00000000.sdmp, INQUIRY 2024-SP000422-B(01) INQ24-_1.exe, 00000000.00000003.2354866122.00000000016DE000.00000004.00000020.00020000.00000000.sdmp

        E-Banking Fraud

        barindex
        Yara detected FormBook
        Source: Yara matchFile source: 0.2.INQUIRY 2024-SP000422-B(01) INQ24-_1.exe.e30000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 00000000.00000002.2856776796.00000000014E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000000.00000002.2856642535.0000000000E31000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY

        System Summary

        barindex
        Malicious sample detected (through community Yara rule)
        Source: 0.2.INQUIRY 2024-SP000422-B(01) INQ24-_1.exe.e30000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 00000000.00000002.2856776796.00000000014E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 00000000.00000002.2856642535.0000000000E31000.00000040.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_00E5C223 NtClose,0_2_00E5C223
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AA2B60 NtClose,LdrInitializeThunk,0_2_01AA2B60
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AA2DF0 NtQuerySystemInformation,LdrInitializeThunk,0_2_01AA2DF0
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AA2C70 NtFreeVirtualMemory,LdrInitializeThunk,0_2_01AA2C70
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AA35C0 NtCreateMutant,LdrInitializeThunk,0_2_01AA35C0
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AA4340 NtSetContextThread,0_2_01AA4340
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AA4650 NtSuspendThread,0_2_01AA4650
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AA2BA0 NtEnumerateValueKey,0_2_01AA2BA0
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AA2B80 NtQueryInformationFile,0_2_01AA2B80
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AA2BE0 NtQueryValueKey,0_2_01AA2BE0
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AA2BF0 NtAllocateVirtualMemory,0_2_01AA2BF0
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AA2AB0 NtWaitForSingleObject,0_2_01AA2AB0
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AA2AF0 NtWriteFile,0_2_01AA2AF0
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AA2AD0 NtReadFile,0_2_01AA2AD0
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AA2DB0 NtEnumerateKey,0_2_01AA2DB0
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AA2DD0 NtDelayExecution,0_2_01AA2DD0
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AA2D30 NtUnmapViewOfSection,0_2_01AA2D30
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AA2D00 NtSetInformationFile,0_2_01AA2D00
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AA2D10 NtMapViewOfSection,0_2_01AA2D10
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AA2CA0 NtQueryInformationToken,0_2_01AA2CA0
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AA2CF0 NtOpenProcess,0_2_01AA2CF0
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AA2CC0 NtQueryVirtualMemory,0_2_01AA2CC0
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AA2C00 NtQueryInformationProcess,0_2_01AA2C00
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AA2C60 NtCreateKey,0_2_01AA2C60
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AA2FA0 NtQuerySection,0_2_01AA2FA0
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AA2FB0 NtResumeThread,0_2_01AA2FB0
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AA2F90 NtProtectVirtualMemory,0_2_01AA2F90
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AA2FE0 NtCreateFile,0_2_01AA2FE0
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AA2F30 NtCreateSection,0_2_01AA2F30
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AA2F60 NtCreateProcessEx,0_2_01AA2F60
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AA2EA0 NtAdjustPrivilegesToken,0_2_01AA2EA0
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AA2E80 NtReadVirtualMemory,0_2_01AA2E80
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AA2EE0 NtQueueApcThread,0_2_01AA2EE0
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AA2E30 NtWriteVirtualMemory,0_2_01AA2E30
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AA3090 NtSetValueKey,0_2_01AA3090
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AA3010 NtOpenDirectoryObject,0_2_01AA3010
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AA39B0 NtGetContextThread,0_2_01AA39B0
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AA3D10 NtOpenProcessToken,0_2_01AA3D10
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AA3D70 NtOpenThread,0_2_01AA3D70
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_00E328500_2_00E32850
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_00E5E8230_2_00E5E823
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_00E400030_2_00E40003
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_00E3E2A30_2_00E3E2A3
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_00E3E29C0_2_00E3E29C
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_00E312500_2_00E31250
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_00E402230_2_00E40223
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_00E333000_2_00E33300
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_00E324400_2_00E32440
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_00E325F10_2_00E325F1
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_00E46D0E0_2_00E46D0E
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_00E46D130_2_00E46D13
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_00E326000_2_00E32600
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B241A20_2_01B241A2
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B301AA0_2_01B301AA
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B281CC0_2_01B281CC
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A601000_2_01A60100
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B0A1180_2_01B0A118
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AF81580_2_01AF8158
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B020000_2_01B02000
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B303E60_2_01B303E6
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A7E3F00_2_01A7E3F0
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B2A3520_2_01B2A352
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AF02C00_2_01AF02C0
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B102740_2_01B10274
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B305910_2_01B30591
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A705350_2_01A70535
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B1E4F60_2_01B1E4F6
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B144200_2_01B14420
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B224460_2_01B22446
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A6C7C00_2_01A6C7C0
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A707700_2_01A70770
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A947500_2_01A94750
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A8C6E00_2_01A8C6E0
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A729A00_2_01A729A0
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B3A9A60_2_01B3A9A6
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A869620_2_01A86962
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A568B80_2_01A568B8
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A9E8F00_2_01A9E8F0
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A728400_2_01A72840
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A7A8400_2_01A7A840
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B26BD70_2_01B26BD7
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B2AB400_2_01B2AB40
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A6EA800_2_01A6EA80
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A88DBF0_2_01A88DBF
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A6ADE00_2_01A6ADE0
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A7AD000_2_01A7AD00
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B0CD1F0_2_01B0CD1F
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B10CB50_2_01B10CB5
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A60CF20_2_01A60CF2
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A70C000_2_01A70C00
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AEEFA00_2_01AEEFA0
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A7CFE00_2_01A7CFE0
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A62FC80_2_01A62FC8
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B12F300_2_01B12F30
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AB2F280_2_01AB2F28
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A90F300_2_01A90F30
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AE4F400_2_01AE4F40
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B2CE930_2_01B2CE93
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A82E900_2_01A82E90
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B2EEDB0_2_01B2EEDB
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B2EE260_2_01B2EE26
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A70E590_2_01A70E59
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A7B1B00_2_01A7B1B0
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AA516C0_2_01AA516C
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A5F1720_2_01A5F172
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B3B16B0_2_01B3B16B
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B2F0E00_2_01B2F0E0
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B270E90_2_01B270E9
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A770C00_2_01A770C0
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B1F0CC0_2_01B1F0CC
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AB739A0_2_01AB739A
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B2132D0_2_01B2132D
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A5D34C0_2_01A5D34C
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A752A00_2_01A752A0
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B112ED0_2_01B112ED
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A8B2C00_2_01A8B2C0
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B0D5B00_2_01B0D5B0
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B395C30_2_01B395C3
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B275710_2_01B27571
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B2F43F0_2_01B2F43F
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A614600_2_01A61460
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B2F7B00_2_01B2F7B0
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B216CC0_2_01B216CC
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AB56300_2_01AB5630
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B059100_2_01B05910
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A799500_2_01A79950
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A8B9500_2_01A8B950
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A738E00_2_01A738E0
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01ADD8000_2_01ADD800
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A8FB800_2_01A8FB80
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AADBF90_2_01AADBF9
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AE5BF00_2_01AE5BF0
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B2FB760_2_01B2FB76
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AB5AA00_2_01AB5AA0
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B11AA30_2_01B11AA3
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B0DAAC0_2_01B0DAAC
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B1DAC60_2_01B1DAC6
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AE3A6C0_2_01AE3A6C
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B27A460_2_01B27A46
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B2FA490_2_01B2FA49
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A8FDC00_2_01A8FDC0
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B27D730_2_01B27D73
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A73D400_2_01A73D40
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B21D5A0_2_01B21D5A
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B2FCF20_2_01B2FCF2
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AE9C320_2_01AE9C32
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B2FFB10_2_01B2FFB1
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A71F920_2_01A71F92
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A33FD20_2_01A33FD2
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A33FD50_2_01A33FD5
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B2FF090_2_01B2FF09
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A79EB00_2_01A79EB0
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: String function: 01AEF290 appears 105 times
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: String function: 01A5B970 appears 280 times
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: String function: 01AB7E54 appears 111 times
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: String function: 01ADEA12 appears 86 times
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: String function: 01AA5130 appears 58 times
        Source: INQUIRY 2024-SP000422-B(01) INQ24-_1.exeStatic PE information: No import functions for PE file found
        Source: INQUIRY 2024-SP000422-B(01) INQ24-_1.exe, 00000000.00000002.2856922715.0000000001B5D000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs INQUIRY 2024-SP000422-B(01) INQ24-_1.exe
        Source: INQUIRY 2024-SP000422-B(01) INQ24-_1.exe, 00000000.00000003.2363076840.00000000019AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs INQUIRY 2024-SP000422-B(01) INQ24-_1.exe
        Source: INQUIRY 2024-SP000422-B(01) INQ24-_1.exe, 00000000.00000003.2354866122.0000000001801000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs INQUIRY 2024-SP000422-B(01) INQ24-_1.exe
        Source: INQUIRY 2024-SP000422-B(01) INQ24-_1.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
        Source: 0.2.INQUIRY 2024-SP000422-B(01) INQ24-_1.exe.e30000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 00000000.00000002.2856776796.00000000014E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 00000000.00000002.2856642535.0000000000E31000.00000040.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: INQUIRY 2024-SP000422-B(01) INQ24-_1.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
        Source: INQUIRY 2024-SP000422-B(01) INQ24-_1.exeStatic PE information: Section .text
        Source: classification engineClassification label: mal84.troj.evad.winEXE@1/0@0/0
        Source: INQUIRY 2024-SP000422-B(01) INQ24-_1.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
        Source: INQUIRY 2024-SP000422-B(01) INQ24-_1.exeReversingLabs: Detection: 68%
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeSection loaded: apphelp.dllJump to behavior
        Source: INQUIRY 2024-SP000422-B(01) INQ24-_1.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
        Source: Binary string: wntdll.pdbUGP source: INQUIRY 2024-SP000422-B(01) INQ24-_1.exe, 00000000.00000003.2363076840.0000000001881000.00000004.00000020.00020000.00000000.sdmp, INQUIRY 2024-SP000422-B(01) INQ24-_1.exe, 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, INQUIRY 2024-SP000422-B(01) INQ24-_1.exe, 00000000.00000002.2856922715.0000000001BCE000.00000040.00001000.00020000.00000000.sdmp, INQUIRY 2024-SP000422-B(01) INQ24-_1.exe, 00000000.00000003.2354866122.00000000016DE000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: wntdll.pdb source: INQUIRY 2024-SP000422-B(01) INQ24-_1.exe, INQUIRY 2024-SP000422-B(01) INQ24-_1.exe, 00000000.00000003.2363076840.0000000001881000.00000004.00000020.00020000.00000000.sdmp, INQUIRY 2024-SP000422-B(01) INQ24-_1.exe, 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, INQUIRY 2024-SP000422-B(01) INQ24-_1.exe, 00000000.00000002.2856922715.0000000001BCE000.00000040.00001000.00020000.00000000.sdmp, INQUIRY 2024-SP000422-B(01) INQ24-_1.exe, 00000000.00000003.2354866122.00000000016DE000.00000004.00000020.00020000.00000000.sdmp
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_00E490A0 push esp; ret 0_2_00E490B5
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_00E3D99B pushad ; ret 0_2_00E3D99C
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_00E38926 push ebx; iretd 0_2_00E3892A
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_00E41CAC pushfd ; retf 0_2_00E41CB8
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_00E41CBF push 3E557F42h; ret 0_2_00E41CC4
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_00E375A7 push 67C9EEB0h; retf 0_2_00E375B1
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_00E33570 push eax; ret 0_2_00E33572
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A3225F pushad ; ret 0_2_01A327F9
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A327FA pushad ; ret 0_2_01A327F9
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A609AD push ecx; mov dword ptr [esp], ecx0_2_01A609B6
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A3283D push eax; iretd 0_2_01A32858
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A31366 push eax; iretd 0_2_01A31369
        Source: INQUIRY 2024-SP000422-B(01) INQ24-_1.exeStatic PE information: section name: .text entropy: 7.99517005757836
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AA096E rdtsc 0_2_01AA096E
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeAPI coverage: 0.6 %
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exe TID: 4164Thread sleep time: -30000s >= -30000sJump to behavior
        Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeProcess information queried: ProcessInformationJump to behavior

        Anti Debugging

        barindex
        Found potential dummy code loops (likely to delay analysis)
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeProcess Stats: CPU usage > 42% for more than 60s
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeProcess queried: DebugPortJump to behavior
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AA096E rdtsc 0_2_01AA096E
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_00E47CC3 LdrLoadDll,0_2_00E47CC3
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AA0185 mov eax, dword ptr fs:[00000030h]0_2_01AA0185
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B04180 mov eax, dword ptr fs:[00000030h]0_2_01B04180
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B04180 mov eax, dword ptr fs:[00000030h]0_2_01B04180
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AE019F mov eax, dword ptr fs:[00000030h]0_2_01AE019F
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AE019F mov eax, dword ptr fs:[00000030h]0_2_01AE019F
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AE019F mov eax, dword ptr fs:[00000030h]0_2_01AE019F
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AE019F mov eax, dword ptr fs:[00000030h]0_2_01AE019F
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A5A197 mov eax, dword ptr fs:[00000030h]0_2_01A5A197
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A5A197 mov eax, dword ptr fs:[00000030h]0_2_01A5A197
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A5A197 mov eax, dword ptr fs:[00000030h]0_2_01A5A197
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B1C188 mov eax, dword ptr fs:[00000030h]0_2_01B1C188
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B1C188 mov eax, dword ptr fs:[00000030h]0_2_01B1C188
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A901F8 mov eax, dword ptr fs:[00000030h]0_2_01A901F8
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B361E5 mov eax, dword ptr fs:[00000030h]0_2_01B361E5
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B261C3 mov eax, dword ptr fs:[00000030h]0_2_01B261C3
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B261C3 mov eax, dword ptr fs:[00000030h]0_2_01B261C3
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01ADE1D0 mov eax, dword ptr fs:[00000030h]0_2_01ADE1D0
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01ADE1D0 mov eax, dword ptr fs:[00000030h]0_2_01ADE1D0
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01ADE1D0 mov ecx, dword ptr fs:[00000030h]0_2_01ADE1D0
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01ADE1D0 mov eax, dword ptr fs:[00000030h]0_2_01ADE1D0
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01ADE1D0 mov eax, dword ptr fs:[00000030h]0_2_01ADE1D0
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A90124 mov eax, dword ptr fs:[00000030h]0_2_01A90124
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B20115 mov eax, dword ptr fs:[00000030h]0_2_01B20115
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B0A118 mov ecx, dword ptr fs:[00000030h]0_2_01B0A118
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B0A118 mov eax, dword ptr fs:[00000030h]0_2_01B0A118
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B0A118 mov eax, dword ptr fs:[00000030h]0_2_01B0A118
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B0A118 mov eax, dword ptr fs:[00000030h]0_2_01B0A118
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B0E10E mov eax, dword ptr fs:[00000030h]0_2_01B0E10E
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B0E10E mov ecx, dword ptr fs:[00000030h]0_2_01B0E10E
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B0E10E mov eax, dword ptr fs:[00000030h]0_2_01B0E10E
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B0E10E mov eax, dword ptr fs:[00000030h]0_2_01B0E10E
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B0E10E mov ecx, dword ptr fs:[00000030h]0_2_01B0E10E
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B0E10E mov eax, dword ptr fs:[00000030h]0_2_01B0E10E
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B0E10E mov eax, dword ptr fs:[00000030h]0_2_01B0E10E
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B0E10E mov ecx, dword ptr fs:[00000030h]0_2_01B0E10E
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B0E10E mov eax, dword ptr fs:[00000030h]0_2_01B0E10E
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B0E10E mov ecx, dword ptr fs:[00000030h]0_2_01B0E10E
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B34164 mov eax, dword ptr fs:[00000030h]0_2_01B34164
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B34164 mov eax, dword ptr fs:[00000030h]0_2_01B34164
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AF4144 mov eax, dword ptr fs:[00000030h]0_2_01AF4144
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AF4144 mov eax, dword ptr fs:[00000030h]0_2_01AF4144
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AF4144 mov ecx, dword ptr fs:[00000030h]0_2_01AF4144
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AF4144 mov eax, dword ptr fs:[00000030h]0_2_01AF4144
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AF4144 mov eax, dword ptr fs:[00000030h]0_2_01AF4144
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A66154 mov eax, dword ptr fs:[00000030h]0_2_01A66154
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A66154 mov eax, dword ptr fs:[00000030h]0_2_01A66154
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A5C156 mov eax, dword ptr fs:[00000030h]0_2_01A5C156
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AF8158 mov eax, dword ptr fs:[00000030h]0_2_01AF8158
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A580A0 mov eax, dword ptr fs:[00000030h]0_2_01A580A0
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AF80A8 mov eax, dword ptr fs:[00000030h]0_2_01AF80A8
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B260B8 mov eax, dword ptr fs:[00000030h]0_2_01B260B8
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B260B8 mov ecx, dword ptr fs:[00000030h]0_2_01B260B8
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A6208A mov eax, dword ptr fs:[00000030h]0_2_01A6208A
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A5A0E3 mov ecx, dword ptr fs:[00000030h]0_2_01A5A0E3
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AE60E0 mov eax, dword ptr fs:[00000030h]0_2_01AE60E0
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A680E9 mov eax, dword ptr fs:[00000030h]0_2_01A680E9
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A5C0F0 mov eax, dword ptr fs:[00000030h]0_2_01A5C0F0
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AA20F0 mov ecx, dword ptr fs:[00000030h]0_2_01AA20F0
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AE20DE mov eax, dword ptr fs:[00000030h]0_2_01AE20DE
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A5A020 mov eax, dword ptr fs:[00000030h]0_2_01A5A020
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A5C020 mov eax, dword ptr fs:[00000030h]0_2_01A5C020
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AF6030 mov eax, dword ptr fs:[00000030h]0_2_01AF6030
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AE4000 mov ecx, dword ptr fs:[00000030h]0_2_01AE4000
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B02000 mov eax, dword ptr fs:[00000030h]0_2_01B02000
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B02000 mov eax, dword ptr fs:[00000030h]0_2_01B02000
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B02000 mov eax, dword ptr fs:[00000030h]0_2_01B02000
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B02000 mov eax, dword ptr fs:[00000030h]0_2_01B02000
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B02000 mov eax, dword ptr fs:[00000030h]0_2_01B02000
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B02000 mov eax, dword ptr fs:[00000030h]0_2_01B02000
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B02000 mov eax, dword ptr fs:[00000030h]0_2_01B02000
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B02000 mov eax, dword ptr fs:[00000030h]0_2_01B02000
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A7E016 mov eax, dword ptr fs:[00000030h]0_2_01A7E016
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A7E016 mov eax, dword ptr fs:[00000030h]0_2_01A7E016
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A7E016 mov eax, dword ptr fs:[00000030h]0_2_01A7E016
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A7E016 mov eax, dword ptr fs:[00000030h]0_2_01A7E016
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A8C073 mov eax, dword ptr fs:[00000030h]0_2_01A8C073
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A62050 mov eax, dword ptr fs:[00000030h]0_2_01A62050
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AE6050 mov eax, dword ptr fs:[00000030h]0_2_01AE6050
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A8438F mov eax, dword ptr fs:[00000030h]0_2_01A8438F
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A8438F mov eax, dword ptr fs:[00000030h]0_2_01A8438F
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A5E388 mov eax, dword ptr fs:[00000030h]0_2_01A5E388
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A5E388 mov eax, dword ptr fs:[00000030h]0_2_01A5E388
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A5E388 mov eax, dword ptr fs:[00000030h]0_2_01A5E388
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A58397 mov eax, dword ptr fs:[00000030h]0_2_01A58397
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A58397 mov eax, dword ptr fs:[00000030h]0_2_01A58397
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A58397 mov eax, dword ptr fs:[00000030h]0_2_01A58397
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A703E9 mov eax, dword ptr fs:[00000030h]0_2_01A703E9
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A703E9 mov eax, dword ptr fs:[00000030h]0_2_01A703E9
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A703E9 mov eax, dword ptr fs:[00000030h]0_2_01A703E9
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A703E9 mov eax, dword ptr fs:[00000030h]0_2_01A703E9
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A703E9 mov eax, dword ptr fs:[00000030h]0_2_01A703E9
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A703E9 mov eax, dword ptr fs:[00000030h]0_2_01A703E9
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A703E9 mov eax, dword ptr fs:[00000030h]0_2_01A703E9
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A703E9 mov eax, dword ptr fs:[00000030h]0_2_01A703E9
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A963FF mov eax, dword ptr fs:[00000030h]0_2_01A963FF
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A7E3F0 mov eax, dword ptr fs:[00000030h]0_2_01A7E3F0
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A7E3F0 mov eax, dword ptr fs:[00000030h]0_2_01A7E3F0
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A7E3F0 mov eax, dword ptr fs:[00000030h]0_2_01A7E3F0
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B043D4 mov eax, dword ptr fs:[00000030h]0_2_01B043D4
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B043D4 mov eax, dword ptr fs:[00000030h]0_2_01B043D4
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A683C0 mov eax, dword ptr fs:[00000030h]0_2_01A683C0
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A683C0 mov eax, dword ptr fs:[00000030h]0_2_01A683C0
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A683C0 mov eax, dword ptr fs:[00000030h]0_2_01A683C0
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A683C0 mov eax, dword ptr fs:[00000030h]0_2_01A683C0
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A6A3C0 mov eax, dword ptr fs:[00000030h]0_2_01A6A3C0
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A6A3C0 mov eax, dword ptr fs:[00000030h]0_2_01A6A3C0
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A6A3C0 mov eax, dword ptr fs:[00000030h]0_2_01A6A3C0
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A6A3C0 mov eax, dword ptr fs:[00000030h]0_2_01A6A3C0
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A6A3C0 mov eax, dword ptr fs:[00000030h]0_2_01A6A3C0
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A6A3C0 mov eax, dword ptr fs:[00000030h]0_2_01A6A3C0
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B0E3DB mov eax, dword ptr fs:[00000030h]0_2_01B0E3DB
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B0E3DB mov eax, dword ptr fs:[00000030h]0_2_01B0E3DB
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B0E3DB mov ecx, dword ptr fs:[00000030h]0_2_01B0E3DB
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B0E3DB mov eax, dword ptr fs:[00000030h]0_2_01B0E3DB
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AE63C0 mov eax, dword ptr fs:[00000030h]0_2_01AE63C0
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B1C3CD mov eax, dword ptr fs:[00000030h]0_2_01B1C3CD
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B38324 mov eax, dword ptr fs:[00000030h]0_2_01B38324
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B38324 mov ecx, dword ptr fs:[00000030h]0_2_01B38324
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B38324 mov eax, dword ptr fs:[00000030h]0_2_01B38324
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B38324 mov eax, dword ptr fs:[00000030h]0_2_01B38324
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A9A30B mov eax, dword ptr fs:[00000030h]0_2_01A9A30B
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A9A30B mov eax, dword ptr fs:[00000030h]0_2_01A9A30B
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A9A30B mov eax, dword ptr fs:[00000030h]0_2_01A9A30B
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A5C310 mov ecx, dword ptr fs:[00000030h]0_2_01A5C310
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A80310 mov ecx, dword ptr fs:[00000030h]0_2_01A80310
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B0437C mov eax, dword ptr fs:[00000030h]0_2_01B0437C
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B2A352 mov eax, dword ptr fs:[00000030h]0_2_01B2A352
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B08350 mov ecx, dword ptr fs:[00000030h]0_2_01B08350
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AE2349 mov eax, dword ptr fs:[00000030h]0_2_01AE2349
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AE2349 mov eax, dword ptr fs:[00000030h]0_2_01AE2349
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AE2349 mov eax, dword ptr fs:[00000030h]0_2_01AE2349
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AE2349 mov eax, dword ptr fs:[00000030h]0_2_01AE2349
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AE2349 mov eax, dword ptr fs:[00000030h]0_2_01AE2349
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AE2349 mov eax, dword ptr fs:[00000030h]0_2_01AE2349
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AE2349 mov eax, dword ptr fs:[00000030h]0_2_01AE2349
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AE2349 mov eax, dword ptr fs:[00000030h]0_2_01AE2349
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AE2349 mov eax, dword ptr fs:[00000030h]0_2_01AE2349
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AE2349 mov eax, dword ptr fs:[00000030h]0_2_01AE2349
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AE2349 mov eax, dword ptr fs:[00000030h]0_2_01AE2349
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AE2349 mov eax, dword ptr fs:[00000030h]0_2_01AE2349
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AE2349 mov eax, dword ptr fs:[00000030h]0_2_01AE2349
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AE2349 mov eax, dword ptr fs:[00000030h]0_2_01AE2349
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AE2349 mov eax, dword ptr fs:[00000030h]0_2_01AE2349
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AE035C mov eax, dword ptr fs:[00000030h]0_2_01AE035C
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AE035C mov eax, dword ptr fs:[00000030h]0_2_01AE035C
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AE035C mov eax, dword ptr fs:[00000030h]0_2_01AE035C
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AE035C mov ecx, dword ptr fs:[00000030h]0_2_01AE035C
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AE035C mov eax, dword ptr fs:[00000030h]0_2_01AE035C
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AE035C mov eax, dword ptr fs:[00000030h]0_2_01AE035C
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B3634F mov eax, dword ptr fs:[00000030h]0_2_01B3634F
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A702A0 mov eax, dword ptr fs:[00000030h]0_2_01A702A0
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A702A0 mov eax, dword ptr fs:[00000030h]0_2_01A702A0
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AF62A0 mov eax, dword ptr fs:[00000030h]0_2_01AF62A0
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AF62A0 mov ecx, dword ptr fs:[00000030h]0_2_01AF62A0
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AF62A0 mov eax, dword ptr fs:[00000030h]0_2_01AF62A0
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AF62A0 mov eax, dword ptr fs:[00000030h]0_2_01AF62A0
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AF62A0 mov eax, dword ptr fs:[00000030h]0_2_01AF62A0
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AF62A0 mov eax, dword ptr fs:[00000030h]0_2_01AF62A0
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AE0283 mov eax, dword ptr fs:[00000030h]0_2_01AE0283
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AE0283 mov eax, dword ptr fs:[00000030h]0_2_01AE0283
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AE0283 mov eax, dword ptr fs:[00000030h]0_2_01AE0283
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A9E284 mov eax, dword ptr fs:[00000030h]0_2_01A9E284
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A9E284 mov eax, dword ptr fs:[00000030h]0_2_01A9E284
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A702E1 mov eax, dword ptr fs:[00000030h]0_2_01A702E1
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A702E1 mov eax, dword ptr fs:[00000030h]0_2_01A702E1
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A702E1 mov eax, dword ptr fs:[00000030h]0_2_01A702E1
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A6A2C3 mov eax, dword ptr fs:[00000030h]0_2_01A6A2C3
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A6A2C3 mov eax, dword ptr fs:[00000030h]0_2_01A6A2C3
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A6A2C3 mov eax, dword ptr fs:[00000030h]0_2_01A6A2C3
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A6A2C3 mov eax, dword ptr fs:[00000030h]0_2_01A6A2C3
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A6A2C3 mov eax, dword ptr fs:[00000030h]0_2_01A6A2C3
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B362D6 mov eax, dword ptr fs:[00000030h]0_2_01B362D6
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A5823B mov eax, dword ptr fs:[00000030h]0_2_01A5823B
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B10274 mov eax, dword ptr fs:[00000030h]0_2_01B10274
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B10274 mov eax, dword ptr fs:[00000030h]0_2_01B10274
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B10274 mov eax, dword ptr fs:[00000030h]0_2_01B10274
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B10274 mov eax, dword ptr fs:[00000030h]0_2_01B10274
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B10274 mov eax, dword ptr fs:[00000030h]0_2_01B10274
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B10274 mov eax, dword ptr fs:[00000030h]0_2_01B10274
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B10274 mov eax, dword ptr fs:[00000030h]0_2_01B10274
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B10274 mov eax, dword ptr fs:[00000030h]0_2_01B10274
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B10274 mov eax, dword ptr fs:[00000030h]0_2_01B10274
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B10274 mov eax, dword ptr fs:[00000030h]0_2_01B10274
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B10274 mov eax, dword ptr fs:[00000030h]0_2_01B10274
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B10274 mov eax, dword ptr fs:[00000030h]0_2_01B10274
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A64260 mov eax, dword ptr fs:[00000030h]0_2_01A64260
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A64260 mov eax, dword ptr fs:[00000030h]0_2_01A64260
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A64260 mov eax, dword ptr fs:[00000030h]0_2_01A64260
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A5826B mov eax, dword ptr fs:[00000030h]0_2_01A5826B
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B1A250 mov eax, dword ptr fs:[00000030h]0_2_01B1A250
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B1A250 mov eax, dword ptr fs:[00000030h]0_2_01B1A250
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AE8243 mov eax, dword ptr fs:[00000030h]0_2_01AE8243
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AE8243 mov ecx, dword ptr fs:[00000030h]0_2_01AE8243
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B3625D mov eax, dword ptr fs:[00000030h]0_2_01B3625D
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A5A250 mov eax, dword ptr fs:[00000030h]0_2_01A5A250
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A66259 mov eax, dword ptr fs:[00000030h]0_2_01A66259
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AE05A7 mov eax, dword ptr fs:[00000030h]0_2_01AE05A7
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AE05A7 mov eax, dword ptr fs:[00000030h]0_2_01AE05A7
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AE05A7 mov eax, dword ptr fs:[00000030h]0_2_01AE05A7
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A845B1 mov eax, dword ptr fs:[00000030h]0_2_01A845B1
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A845B1 mov eax, dword ptr fs:[00000030h]0_2_01A845B1
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A94588 mov eax, dword ptr fs:[00000030h]0_2_01A94588
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A62582 mov eax, dword ptr fs:[00000030h]0_2_01A62582
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A62582 mov ecx, dword ptr fs:[00000030h]0_2_01A62582
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A9E59C mov eax, dword ptr fs:[00000030h]0_2_01A9E59C
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A9C5ED mov eax, dword ptr fs:[00000030h]0_2_01A9C5ED
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A9C5ED mov eax, dword ptr fs:[00000030h]0_2_01A9C5ED
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A625E0 mov eax, dword ptr fs:[00000030h]0_2_01A625E0
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A8E5E7 mov eax, dword ptr fs:[00000030h]0_2_01A8E5E7
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A8E5E7 mov eax, dword ptr fs:[00000030h]0_2_01A8E5E7
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A8E5E7 mov eax, dword ptr fs:[00000030h]0_2_01A8E5E7
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A8E5E7 mov eax, dword ptr fs:[00000030h]0_2_01A8E5E7
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A8E5E7 mov eax, dword ptr fs:[00000030h]0_2_01A8E5E7
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A8E5E7 mov eax, dword ptr fs:[00000030h]0_2_01A8E5E7
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A8E5E7 mov eax, dword ptr fs:[00000030h]0_2_01A8E5E7
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A8E5E7 mov eax, dword ptr fs:[00000030h]0_2_01A8E5E7
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A9E5CF mov eax, dword ptr fs:[00000030h]0_2_01A9E5CF
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A9E5CF mov eax, dword ptr fs:[00000030h]0_2_01A9E5CF
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A665D0 mov eax, dword ptr fs:[00000030h]0_2_01A665D0
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A9A5D0 mov eax, dword ptr fs:[00000030h]0_2_01A9A5D0
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A9A5D0 mov eax, dword ptr fs:[00000030h]0_2_01A9A5D0
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A70535 mov eax, dword ptr fs:[00000030h]0_2_01A70535
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A70535 mov eax, dword ptr fs:[00000030h]0_2_01A70535
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A70535 mov eax, dword ptr fs:[00000030h]0_2_01A70535
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A70535 mov eax, dword ptr fs:[00000030h]0_2_01A70535
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A70535 mov eax, dword ptr fs:[00000030h]0_2_01A70535
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A70535 mov eax, dword ptr fs:[00000030h]0_2_01A70535
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A8E53E mov eax, dword ptr fs:[00000030h]0_2_01A8E53E
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A8E53E mov eax, dword ptr fs:[00000030h]0_2_01A8E53E
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A8E53E mov eax, dword ptr fs:[00000030h]0_2_01A8E53E
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A8E53E mov eax, dword ptr fs:[00000030h]0_2_01A8E53E
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A8E53E mov eax, dword ptr fs:[00000030h]0_2_01A8E53E
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AF6500 mov eax, dword ptr fs:[00000030h]0_2_01AF6500
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B34500 mov eax, dword ptr fs:[00000030h]0_2_01B34500
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B34500 mov eax, dword ptr fs:[00000030h]0_2_01B34500
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B34500 mov eax, dword ptr fs:[00000030h]0_2_01B34500
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B34500 mov eax, dword ptr fs:[00000030h]0_2_01B34500
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B34500 mov eax, dword ptr fs:[00000030h]0_2_01B34500
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B34500 mov eax, dword ptr fs:[00000030h]0_2_01B34500
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B34500 mov eax, dword ptr fs:[00000030h]0_2_01B34500
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A9656A mov eax, dword ptr fs:[00000030h]0_2_01A9656A
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A9656A mov eax, dword ptr fs:[00000030h]0_2_01A9656A
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A9656A mov eax, dword ptr fs:[00000030h]0_2_01A9656A
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A68550 mov eax, dword ptr fs:[00000030h]0_2_01A68550
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A68550 mov eax, dword ptr fs:[00000030h]0_2_01A68550
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A664AB mov eax, dword ptr fs:[00000030h]0_2_01A664AB
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A944B0 mov ecx, dword ptr fs:[00000030h]0_2_01A944B0
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AEA4B0 mov eax, dword ptr fs:[00000030h]0_2_01AEA4B0
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B1A49A mov eax, dword ptr fs:[00000030h]0_2_01B1A49A
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A604E5 mov ecx, dword ptr fs:[00000030h]0_2_01A604E5
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A5C427 mov eax, dword ptr fs:[00000030h]0_2_01A5C427
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A5E420 mov eax, dword ptr fs:[00000030h]0_2_01A5E420
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A5E420 mov eax, dword ptr fs:[00000030h]0_2_01A5E420
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A5E420 mov eax, dword ptr fs:[00000030h]0_2_01A5E420
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AE6420 mov eax, dword ptr fs:[00000030h]0_2_01AE6420
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AE6420 mov eax, dword ptr fs:[00000030h]0_2_01AE6420
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AE6420 mov eax, dword ptr fs:[00000030h]0_2_01AE6420
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AE6420 mov eax, dword ptr fs:[00000030h]0_2_01AE6420
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AE6420 mov eax, dword ptr fs:[00000030h]0_2_01AE6420
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AE6420 mov eax, dword ptr fs:[00000030h]0_2_01AE6420
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AE6420 mov eax, dword ptr fs:[00000030h]0_2_01AE6420
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A9A430 mov eax, dword ptr fs:[00000030h]0_2_01A9A430
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A98402 mov eax, dword ptr fs:[00000030h]0_2_01A98402
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A98402 mov eax, dword ptr fs:[00000030h]0_2_01A98402
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A98402 mov eax, dword ptr fs:[00000030h]0_2_01A98402
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AEC460 mov ecx, dword ptr fs:[00000030h]0_2_01AEC460
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A8A470 mov eax, dword ptr fs:[00000030h]0_2_01A8A470
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A8A470 mov eax, dword ptr fs:[00000030h]0_2_01A8A470
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A8A470 mov eax, dword ptr fs:[00000030h]0_2_01A8A470
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B1A456 mov eax, dword ptr fs:[00000030h]0_2_01B1A456
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A9E443 mov eax, dword ptr fs:[00000030h]0_2_01A9E443
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A9E443 mov eax, dword ptr fs:[00000030h]0_2_01A9E443
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A9E443 mov eax, dword ptr fs:[00000030h]0_2_01A9E443
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A9E443 mov eax, dword ptr fs:[00000030h]0_2_01A9E443
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A9E443 mov eax, dword ptr fs:[00000030h]0_2_01A9E443
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A9E443 mov eax, dword ptr fs:[00000030h]0_2_01A9E443
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A9E443 mov eax, dword ptr fs:[00000030h]0_2_01A9E443
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A9E443 mov eax, dword ptr fs:[00000030h]0_2_01A9E443
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A8245A mov eax, dword ptr fs:[00000030h]0_2_01A8245A
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A5645D mov eax, dword ptr fs:[00000030h]0_2_01A5645D
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A607AF mov eax, dword ptr fs:[00000030h]0_2_01A607AF
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B147A0 mov eax, dword ptr fs:[00000030h]0_2_01B147A0
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B0678E mov eax, dword ptr fs:[00000030h]0_2_01B0678E
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A827ED mov eax, dword ptr fs:[00000030h]0_2_01A827ED
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A827ED mov eax, dword ptr fs:[00000030h]0_2_01A827ED
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A827ED mov eax, dword ptr fs:[00000030h]0_2_01A827ED
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AEE7E1 mov eax, dword ptr fs:[00000030h]0_2_01AEE7E1
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A647FB mov eax, dword ptr fs:[00000030h]0_2_01A647FB
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A647FB mov eax, dword ptr fs:[00000030h]0_2_01A647FB
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A6C7C0 mov eax, dword ptr fs:[00000030h]0_2_01A6C7C0
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AE07C3 mov eax, dword ptr fs:[00000030h]0_2_01AE07C3
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A9C720 mov eax, dword ptr fs:[00000030h]0_2_01A9C720
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A9C720 mov eax, dword ptr fs:[00000030h]0_2_01A9C720
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A9273C mov eax, dword ptr fs:[00000030h]0_2_01A9273C
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A9273C mov ecx, dword ptr fs:[00000030h]0_2_01A9273C
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A9273C mov eax, dword ptr fs:[00000030h]0_2_01A9273C
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01ADC730 mov eax, dword ptr fs:[00000030h]0_2_01ADC730
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A9C700 mov eax, dword ptr fs:[00000030h]0_2_01A9C700
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A60710 mov eax, dword ptr fs:[00000030h]0_2_01A60710
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A90710 mov eax, dword ptr fs:[00000030h]0_2_01A90710
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A68770 mov eax, dword ptr fs:[00000030h]0_2_01A68770
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A70770 mov eax, dword ptr fs:[00000030h]0_2_01A70770
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A70770 mov eax, dword ptr fs:[00000030h]0_2_01A70770
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A70770 mov eax, dword ptr fs:[00000030h]0_2_01A70770
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A70770 mov eax, dword ptr fs:[00000030h]0_2_01A70770
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A70770 mov eax, dword ptr fs:[00000030h]0_2_01A70770
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A70770 mov eax, dword ptr fs:[00000030h]0_2_01A70770
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A70770 mov eax, dword ptr fs:[00000030h]0_2_01A70770
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A70770 mov eax, dword ptr fs:[00000030h]0_2_01A70770
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A70770 mov eax, dword ptr fs:[00000030h]0_2_01A70770
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A70770 mov eax, dword ptr fs:[00000030h]0_2_01A70770
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A70770 mov eax, dword ptr fs:[00000030h]0_2_01A70770
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A70770 mov eax, dword ptr fs:[00000030h]0_2_01A70770
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A9674D mov esi, dword ptr fs:[00000030h]0_2_01A9674D
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A9674D mov eax, dword ptr fs:[00000030h]0_2_01A9674D
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A9674D mov eax, dword ptr fs:[00000030h]0_2_01A9674D
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AEE75D mov eax, dword ptr fs:[00000030h]0_2_01AEE75D
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A60750 mov eax, dword ptr fs:[00000030h]0_2_01A60750
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AA2750 mov eax, dword ptr fs:[00000030h]0_2_01AA2750
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AA2750 mov eax, dword ptr fs:[00000030h]0_2_01AA2750
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AE4755 mov eax, dword ptr fs:[00000030h]0_2_01AE4755
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A9C6A6 mov eax, dword ptr fs:[00000030h]0_2_01A9C6A6
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A966B0 mov eax, dword ptr fs:[00000030h]0_2_01A966B0
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A64690 mov eax, dword ptr fs:[00000030h]0_2_01A64690
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A64690 mov eax, dword ptr fs:[00000030h]0_2_01A64690
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01ADE6F2 mov eax, dword ptr fs:[00000030h]0_2_01ADE6F2
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01ADE6F2 mov eax, dword ptr fs:[00000030h]0_2_01ADE6F2
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01ADE6F2 mov eax, dword ptr fs:[00000030h]0_2_01ADE6F2
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01ADE6F2 mov eax, dword ptr fs:[00000030h]0_2_01ADE6F2
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AE06F1 mov eax, dword ptr fs:[00000030h]0_2_01AE06F1
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AE06F1 mov eax, dword ptr fs:[00000030h]0_2_01AE06F1
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A9A6C7 mov ebx, dword ptr fs:[00000030h]0_2_01A9A6C7
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A9A6C7 mov eax, dword ptr fs:[00000030h]0_2_01A9A6C7
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A7E627 mov eax, dword ptr fs:[00000030h]0_2_01A7E627
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A96620 mov eax, dword ptr fs:[00000030h]0_2_01A96620
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A98620 mov eax, dword ptr fs:[00000030h]0_2_01A98620
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A6262C mov eax, dword ptr fs:[00000030h]0_2_01A6262C
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01ADE609 mov eax, dword ptr fs:[00000030h]0_2_01ADE609
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A7260B mov eax, dword ptr fs:[00000030h]0_2_01A7260B
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A7260B mov eax, dword ptr fs:[00000030h]0_2_01A7260B
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A7260B mov eax, dword ptr fs:[00000030h]0_2_01A7260B
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A7260B mov eax, dword ptr fs:[00000030h]0_2_01A7260B
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A7260B mov eax, dword ptr fs:[00000030h]0_2_01A7260B
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A7260B mov eax, dword ptr fs:[00000030h]0_2_01A7260B
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A7260B mov eax, dword ptr fs:[00000030h]0_2_01A7260B
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AA2619 mov eax, dword ptr fs:[00000030h]0_2_01AA2619
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A9A660 mov eax, dword ptr fs:[00000030h]0_2_01A9A660
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A9A660 mov eax, dword ptr fs:[00000030h]0_2_01A9A660
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B2866E mov eax, dword ptr fs:[00000030h]0_2_01B2866E
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B2866E mov eax, dword ptr fs:[00000030h]0_2_01B2866E
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A92674 mov eax, dword ptr fs:[00000030h]0_2_01A92674
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A7C640 mov eax, dword ptr fs:[00000030h]0_2_01A7C640
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A729A0 mov eax, dword ptr fs:[00000030h]0_2_01A729A0
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A729A0 mov eax, dword ptr fs:[00000030h]0_2_01A729A0
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A729A0 mov eax, dword ptr fs:[00000030h]0_2_01A729A0
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A729A0 mov eax, dword ptr fs:[00000030h]0_2_01A729A0
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A729A0 mov eax, dword ptr fs:[00000030h]0_2_01A729A0
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A729A0 mov eax, dword ptr fs:[00000030h]0_2_01A729A0
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A729A0 mov eax, dword ptr fs:[00000030h]0_2_01A729A0
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A729A0 mov eax, dword ptr fs:[00000030h]0_2_01A729A0
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A729A0 mov eax, dword ptr fs:[00000030h]0_2_01A729A0
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A729A0 mov eax, dword ptr fs:[00000030h]0_2_01A729A0
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A729A0 mov eax, dword ptr fs:[00000030h]0_2_01A729A0
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A729A0 mov eax, dword ptr fs:[00000030h]0_2_01A729A0
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A729A0 mov eax, dword ptr fs:[00000030h]0_2_01A729A0
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A609AD mov eax, dword ptr fs:[00000030h]0_2_01A609AD
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A609AD mov eax, dword ptr fs:[00000030h]0_2_01A609AD
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AE89B3 mov esi, dword ptr fs:[00000030h]0_2_01AE89B3
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AE89B3 mov eax, dword ptr fs:[00000030h]0_2_01AE89B3
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AE89B3 mov eax, dword ptr fs:[00000030h]0_2_01AE89B3
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AEE9E0 mov eax, dword ptr fs:[00000030h]0_2_01AEE9E0
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A929F9 mov eax, dword ptr fs:[00000030h]0_2_01A929F9
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A929F9 mov eax, dword ptr fs:[00000030h]0_2_01A929F9
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B2A9D3 mov eax, dword ptr fs:[00000030h]0_2_01B2A9D3
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AF69C0 mov eax, dword ptr fs:[00000030h]0_2_01AF69C0
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A6A9D0 mov eax, dword ptr fs:[00000030h]0_2_01A6A9D0
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A6A9D0 mov eax, dword ptr fs:[00000030h]0_2_01A6A9D0
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A6A9D0 mov eax, dword ptr fs:[00000030h]0_2_01A6A9D0
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A6A9D0 mov eax, dword ptr fs:[00000030h]0_2_01A6A9D0
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A6A9D0 mov eax, dword ptr fs:[00000030h]0_2_01A6A9D0
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A6A9D0 mov eax, dword ptr fs:[00000030h]0_2_01A6A9D0
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A949D0 mov eax, dword ptr fs:[00000030h]0_2_01A949D0
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AE892A mov eax, dword ptr fs:[00000030h]0_2_01AE892A
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AF892B mov eax, dword ptr fs:[00000030h]0_2_01AF892B
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01ADE908 mov eax, dword ptr fs:[00000030h]0_2_01ADE908
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01ADE908 mov eax, dword ptr fs:[00000030h]0_2_01ADE908
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AEC912 mov eax, dword ptr fs:[00000030h]0_2_01AEC912
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A58918 mov eax, dword ptr fs:[00000030h]0_2_01A58918
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A58918 mov eax, dword ptr fs:[00000030h]0_2_01A58918
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AA096E mov eax, dword ptr fs:[00000030h]0_2_01AA096E
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AA096E mov edx, dword ptr fs:[00000030h]0_2_01AA096E
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AA096E mov eax, dword ptr fs:[00000030h]0_2_01AA096E
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B04978 mov eax, dword ptr fs:[00000030h]0_2_01B04978
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B04978 mov eax, dword ptr fs:[00000030h]0_2_01B04978
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A86962 mov eax, dword ptr fs:[00000030h]0_2_01A86962
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A86962 mov eax, dword ptr fs:[00000030h]0_2_01A86962
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A86962 mov eax, dword ptr fs:[00000030h]0_2_01A86962
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AEC97C mov eax, dword ptr fs:[00000030h]0_2_01AEC97C
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AE0946 mov eax, dword ptr fs:[00000030h]0_2_01AE0946
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B34940 mov eax, dword ptr fs:[00000030h]0_2_01B34940
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A60887 mov eax, dword ptr fs:[00000030h]0_2_01A60887
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AEC89D mov eax, dword ptr fs:[00000030h]0_2_01AEC89D
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A9C8F9 mov eax, dword ptr fs:[00000030h]0_2_01A9C8F9
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A9C8F9 mov eax, dword ptr fs:[00000030h]0_2_01A9C8F9
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B2A8E4 mov eax, dword ptr fs:[00000030h]0_2_01B2A8E4
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A8E8C0 mov eax, dword ptr fs:[00000030h]0_2_01A8E8C0
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B308C0 mov eax, dword ptr fs:[00000030h]0_2_01B308C0
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B0483A mov eax, dword ptr fs:[00000030h]0_2_01B0483A
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B0483A mov eax, dword ptr fs:[00000030h]0_2_01B0483A
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A9A830 mov eax, dword ptr fs:[00000030h]0_2_01A9A830
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A82835 mov eax, dword ptr fs:[00000030h]0_2_01A82835
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A82835 mov eax, dword ptr fs:[00000030h]0_2_01A82835
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A82835 mov eax, dword ptr fs:[00000030h]0_2_01A82835
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A82835 mov ecx, dword ptr fs:[00000030h]0_2_01A82835
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A82835 mov eax, dword ptr fs:[00000030h]0_2_01A82835
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A82835 mov eax, dword ptr fs:[00000030h]0_2_01A82835
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AEC810 mov eax, dword ptr fs:[00000030h]0_2_01AEC810
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AEE872 mov eax, dword ptr fs:[00000030h]0_2_01AEE872
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AEE872 mov eax, dword ptr fs:[00000030h]0_2_01AEE872
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AF6870 mov eax, dword ptr fs:[00000030h]0_2_01AF6870
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AF6870 mov eax, dword ptr fs:[00000030h]0_2_01AF6870
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A72840 mov ecx, dword ptr fs:[00000030h]0_2_01A72840
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A90854 mov eax, dword ptr fs:[00000030h]0_2_01A90854
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A64859 mov eax, dword ptr fs:[00000030h]0_2_01A64859
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A64859 mov eax, dword ptr fs:[00000030h]0_2_01A64859
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B14BB0 mov eax, dword ptr fs:[00000030h]0_2_01B14BB0
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B14BB0 mov eax, dword ptr fs:[00000030h]0_2_01B14BB0
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A70BBE mov eax, dword ptr fs:[00000030h]0_2_01A70BBE
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A70BBE mov eax, dword ptr fs:[00000030h]0_2_01A70BBE
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A8EBFC mov eax, dword ptr fs:[00000030h]0_2_01A8EBFC
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A68BF0 mov eax, dword ptr fs:[00000030h]0_2_01A68BF0
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A68BF0 mov eax, dword ptr fs:[00000030h]0_2_01A68BF0
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A68BF0 mov eax, dword ptr fs:[00000030h]0_2_01A68BF0
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AECBF0 mov eax, dword ptr fs:[00000030h]0_2_01AECBF0
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B0EBD0 mov eax, dword ptr fs:[00000030h]0_2_01B0EBD0
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A80BCB mov eax, dword ptr fs:[00000030h]0_2_01A80BCB
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A80BCB mov eax, dword ptr fs:[00000030h]0_2_01A80BCB
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A80BCB mov eax, dword ptr fs:[00000030h]0_2_01A80BCB
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A60BCD mov eax, dword ptr fs:[00000030h]0_2_01A60BCD
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A60BCD mov eax, dword ptr fs:[00000030h]0_2_01A60BCD
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A60BCD mov eax, dword ptr fs:[00000030h]0_2_01A60BCD
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A8EB20 mov eax, dword ptr fs:[00000030h]0_2_01A8EB20
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A8EB20 mov eax, dword ptr fs:[00000030h]0_2_01A8EB20
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B28B28 mov eax, dword ptr fs:[00000030h]0_2_01B28B28
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B28B28 mov eax, dword ptr fs:[00000030h]0_2_01B28B28
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01ADEB1D mov eax, dword ptr fs:[00000030h]0_2_01ADEB1D
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01ADEB1D mov eax, dword ptr fs:[00000030h]0_2_01ADEB1D
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01ADEB1D mov eax, dword ptr fs:[00000030h]0_2_01ADEB1D
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01ADEB1D mov eax, dword ptr fs:[00000030h]0_2_01ADEB1D
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01ADEB1D mov eax, dword ptr fs:[00000030h]0_2_01ADEB1D
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01ADEB1D mov eax, dword ptr fs:[00000030h]0_2_01ADEB1D
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01ADEB1D mov eax, dword ptr fs:[00000030h]0_2_01ADEB1D
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01ADEB1D mov eax, dword ptr fs:[00000030h]0_2_01ADEB1D
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01ADEB1D mov eax, dword ptr fs:[00000030h]0_2_01ADEB1D
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B34B00 mov eax, dword ptr fs:[00000030h]0_2_01B34B00
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A5CB7E mov eax, dword ptr fs:[00000030h]0_2_01A5CB7E
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B0EB50 mov eax, dword ptr fs:[00000030h]0_2_01B0EB50
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B32B57 mov eax, dword ptr fs:[00000030h]0_2_01B32B57
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B32B57 mov eax, dword ptr fs:[00000030h]0_2_01B32B57
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B32B57 mov eax, dword ptr fs:[00000030h]0_2_01B32B57
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B32B57 mov eax, dword ptr fs:[00000030h]0_2_01B32B57
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AF6B40 mov eax, dword ptr fs:[00000030h]0_2_01AF6B40
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AF6B40 mov eax, dword ptr fs:[00000030h]0_2_01AF6B40
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B2AB40 mov eax, dword ptr fs:[00000030h]0_2_01B2AB40
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B08B42 mov eax, dword ptr fs:[00000030h]0_2_01B08B42
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A58B50 mov eax, dword ptr fs:[00000030h]0_2_01A58B50
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B14B4B mov eax, dword ptr fs:[00000030h]0_2_01B14B4B
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B14B4B mov eax, dword ptr fs:[00000030h]0_2_01B14B4B
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A68AA0 mov eax, dword ptr fs:[00000030h]0_2_01A68AA0
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A68AA0 mov eax, dword ptr fs:[00000030h]0_2_01A68AA0
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AB6AA4 mov eax, dword ptr fs:[00000030h]0_2_01AB6AA4
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A6EA80 mov eax, dword ptr fs:[00000030h]0_2_01A6EA80
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A6EA80 mov eax, dword ptr fs:[00000030h]0_2_01A6EA80
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A6EA80 mov eax, dword ptr fs:[00000030h]0_2_01A6EA80
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A6EA80 mov eax, dword ptr fs:[00000030h]0_2_01A6EA80
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A6EA80 mov eax, dword ptr fs:[00000030h]0_2_01A6EA80
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A6EA80 mov eax, dword ptr fs:[00000030h]0_2_01A6EA80
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A6EA80 mov eax, dword ptr fs:[00000030h]0_2_01A6EA80
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A6EA80 mov eax, dword ptr fs:[00000030h]0_2_01A6EA80
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A6EA80 mov eax, dword ptr fs:[00000030h]0_2_01A6EA80
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B34A80 mov eax, dword ptr fs:[00000030h]0_2_01B34A80
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A98A90 mov edx, dword ptr fs:[00000030h]0_2_01A98A90
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A9AAEE mov eax, dword ptr fs:[00000030h]0_2_01A9AAEE
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A9AAEE mov eax, dword ptr fs:[00000030h]0_2_01A9AAEE
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AB6ACC mov eax, dword ptr fs:[00000030h]0_2_01AB6ACC
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AB6ACC mov eax, dword ptr fs:[00000030h]0_2_01AB6ACC
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AB6ACC mov eax, dword ptr fs:[00000030h]0_2_01AB6ACC
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A60AD0 mov eax, dword ptr fs:[00000030h]0_2_01A60AD0
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A94AD0 mov eax, dword ptr fs:[00000030h]0_2_01A94AD0
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A94AD0 mov eax, dword ptr fs:[00000030h]0_2_01A94AD0
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A8EA2E mov eax, dword ptr fs:[00000030h]0_2_01A8EA2E
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A9CA24 mov eax, dword ptr fs:[00000030h]0_2_01A9CA24
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A9CA38 mov eax, dword ptr fs:[00000030h]0_2_01A9CA38
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A84A35 mov eax, dword ptr fs:[00000030h]0_2_01A84A35
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A84A35 mov eax, dword ptr fs:[00000030h]0_2_01A84A35
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01AECA11 mov eax, dword ptr fs:[00000030h]0_2_01AECA11
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A9CA6F mov eax, dword ptr fs:[00000030h]0_2_01A9CA6F
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A9CA6F mov eax, dword ptr fs:[00000030h]0_2_01A9CA6F
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01A9CA6F mov eax, dword ptr fs:[00000030h]0_2_01A9CA6F
        Source: C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exeCode function: 0_2_01B0EA60 mov eax, dword ptr fs:[00000030h]0_2_01B0EA60
        Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected

        Stealing of Sensitive Information

        barindex
        Yara detected FormBook
        Source: Yara matchFile source: 0.2.INQUIRY 2024-SP000422-B(01) INQ24-_1.exe.e30000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 00000000.00000002.2856776796.00000000014E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000000.00000002.2856642535.0000000000E31000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY

        Remote Access Functionality

        barindex
        Yara detected FormBook
        Source: Yara matchFile source: 0.2.INQUIRY 2024-SP000422-B(01) INQ24-_1.exe.e30000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 00000000.00000002.2856776796.00000000014E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000000.00000002.2856642535.0000000000E31000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY

        Mitre Att&ck Matrix

        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
        Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
        DLL Side-Loading        		1
        DLL Side-Loading        		121
        Virtualization/Sandbox Evasion        		OS Credential Dumping12
        Security Software Discovery        		Remote Services1
        Archive Collected Data        		1
        Encrypted Channel        		Exfiltration Over Other Network MediumAbuse Accessibility Features
        CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts2
        Software Packing        		LSASS Memory121
        Virtualization/Sandbox Evasion        		Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
        Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
        Deobfuscate/Decode Files or Information        		Security Account Manager1
        Process Discovery        		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
        Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
        DLL Side-Loading        		NTDS1
        System Information Discovery        		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
        Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script3
        Obfuscated Files or Information        		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Is Windows Process
        • Number of created Registry Values
        • Number of created Files
        • Visual Basic
        • Delphi
        • Java
        • .Net C# or VB.NET
        • C, C++ or other language
        • Is malicious
        • Internet

        Screenshots

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


        windows-stand

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        SourceDetectionScannerLabelLink
        INQUIRY 2024-SP000422-B(01) INQ24-_1.exe68%ReversingLabsWin32.Trojan.FormBook
        INQUIRY 2024-SP000422-B(01) INQ24-_1.exe100%AviraTR/Crypt.ZPACK.Gen
        INQUIRY 2024-SP000422-B(01) INQ24-_1.exe100%Joe Sandbox ML

        Dropped Files

        No Antivirus matches

        Unpacked PE Files

        No Antivirus matches

        Domains

        No Antivirus matches

        URLs

        No Antivirus matches

        Domains and IPs

        Contacted Domains

        No contacted domains info

        World Map of Contacted IPs

        No contacted IP infos

        General Information

        Joe Sandbox version:40.0.0 Tourmaline
        Analysis ID:1467273
        Start date and time:2024-07-04 00:08:44 +02:00
        Joe Sandbox product:CloudBasic
        Overall analysis duration:0h 5m 59s
        Hypervisor based Inspection enabled:false
        Report type:full
        Cookbook file name:default.jbs
        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
        Run name:Run with higher sleep bypass
        Number of analysed new started processes analysed:5
        Number of new started drivers analysed:0
        Number of existing processes analysed:0
        Number of existing drivers analysed:0
        Number of injected processes analysed:0
        Technologies:
        • HCA enabled
        • EGA enabled
        • AMSI enabled
        Analysis Mode:default
        Analysis stop reason:Timeout
        Sample name:INQUIRY 2024-SP000422-B(01) INQ24-_1.exe
        Detection:MAL
        Classification:mal84.troj.evad.winEXE@1/0@0/0
        EGA Information:
        • Successful, ratio: 100%
        HCA Information:
        • Successful, ratio: 90%
        • Number of executed functions: 10
        • Number of non-executed functions: 335
        Cookbook Comments:
        • Found application associated with file extension: .exe
        • Sleeps bigger than 100000000ms are automatically reduced to 1000ms

        Warnings

        • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
        • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
        • Report size exceeded maximum capacity and may have missing disassembly code.
        • VT rate limit hit for: INQUIRY 2024-SP000422-B(01) INQ24-_1.exe

        Simulations

        Behavior and APIs

        No simulations

        Joe Sandbox View / Context

        IPs

        No context

        Domains

        No context

        ASNs

        No context

        JA3 Fingerprints

        No context

        Dropped Files

        No context

        Created / dropped Files

        No created / dropped files found

        Static File Info

        General

        File type:PE32 executable (GUI) Intel 80386, for MS Windows
        Entropy (8bit):7.964808273687653
        TrID:
        • Win32 Executable (generic) a (10002005/4) 99.98%
        • DOS Executable Generic (2002/1) 0.02%
        File name:INQUIRY 2024-SP000422-B(01) INQ24-_1.exe
        File size:286'208 bytes
        MD5:32b02b00cf70b41be019e7e456ad02ff
        SHA1:01bf3a8b8237af4a24c9a801f28c7ddb3c0c0eea
        SHA256:1414599021af8f143148a590ed56e6a1d0fa3eee7fa0c2eb78c32866b84a4954
        SHA512:45e36e823ae598613549fcc86f17302942131f7a9e0286c2ed47c670e8e4a9fa7c36e9c8fa180745cbefa32cb1715496461c95f3f57aa938188ee444a4ed67af
        SSDEEP:6144:6fSmCbKXus0+oiEWOl0OQgGv6EBgbYB21xc3GUnpD:66zKes0+x+l0OZGv6EBgbYB2A3Hp
        TLSH:85542383E80DC53AE60982392A6F5B4FF4C5353BA39117F454AA60D6D65C6E8B33870F
        File Content Preview:MZER.....X.......<......(...............................................!..L.!This program cannot be run in DOS mode....$.......y...=`g.=`g.=`g.....:`g.....<`g.....<`g.Rich=`g.........PE..L...2z.X.................L...................`....@................

        File Icon

        Icon Hash:00928e8e8686b000

        Static PE Info

        General

        Entrypoint:0x4015b0
        Entrypoint Section:.text
        Digitally signed:false
        Imagebase:0x400000
        Subsystem:windows gui
        Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
        DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
        Time Stamp:0x58007A32 [Fri Oct 14 06:24:50 2016 UTC]
        TLS Callbacks:
        CLR (.Net) Version:
        OS Version Major:6
        OS Version Minor:0
        File Version Major:6
        File Version Minor:0
        Subsystem Version Major:6
        Subsystem Version Minor:0
        Import Hash:

        Entrypoint Preview

        Instruction
        push ebp
        mov ebp, esp
        sub esp, 00000464h
        push ebx
        push esi
        push edi
        push 00000444h
        lea eax, dword ptr [ebp-00000460h]
        push 00000000h
        push eax
        mov dword ptr [ebp-00000464h], 00000000h
        call 00007F5600E8FD8Ch
        add esp, 0Ch
        xor esi, esi
        mov eax, 0000008Ah
        mov ecx, 00000C5Dh
        mov dword ptr [ebp-14h], esi
        mov dword ptr [ebp-18h], esi
        mov dword ptr [ebp-1Ch], 00000283h
        mov dword ptr [ebp-08h], 00005C9Dh
        mov dword ptr [ebp-0Ch], 00002ABAh
        mov dword ptr [ebp-10h], 000029C3h
        mov edx, 00002FE2h
        mov dword ptr [ebp-04h], 0000006Eh
        cmp eax, 6Eh
        cmovnle eax, dword ptr [ebp-04h]
        dec edx
        jne 00007F5600E8E098h
        mov eax, F2B9D649h
        imul ecx
        add edx, ecx
        sar edx, 07h
        mov ecx, edx
        shr ecx, 1Fh
        add ecx, edx
        jne 00007F5600E8E08Dh
        call 00007F5600E8FFDBh
        mov dword ptr [ebp-000001B8h], eax
        mov ebx, 0000145Bh
        mov eax, 22B63CBFh
        imul ebx
        sar edx, 03h
        mov ebx, edx
        shr ebx, 1Fh
        add ebx, edx
        jne 00007F5600E8E08Fh
        mov ebx, 00000135h
        xor esi, esi
        nop
        inc esi
        mov eax, 92492493h
        imul esi
        add edx, esi
        sar edx, 02h
        mov eax, edx
        shr eax, 1Fh
        add eax, edx
        lea ecx, dword ptr [00000000h+eax*8]

        Rich Headers

        Programming Language:
        • [C++] VS2012 build 50727
        • [ASM] VS2012 build 50727
        • [LNK] VS2012 build 50727

        Data Directories

        NameVirtual AddressVirtual Size Is in Section
        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
        IMAGE_DIRECTORY_ENTRY_IMPORT0x00x0
        IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
        IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
        IMAGE_DIRECTORY_ENTRY_IAT0x00x0
        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

        Sections

        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
        .text0x10000x44b740x44c001ce86ae09470073b75d5d606baaa947cFalse0.9881356534090909data7.99517005757836IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

        Network Behavior

        No network behavior found

        Statistics

        CPU Usage

        Click to jump to process

        Memory Usage

        Click to jump to process

        System Behavior

        General

        Target ID:0
        Start time:18:09:32
        Start date:03/07/2024
        Path:C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exe
        Wow64 process (32bit):true
        Commandline:"C:\Users\user\Desktop\INQUIRY 2024-SP000422-B(01) INQ24-_1.exe"
        Imagebase:0xe30000
        File size:286'208 bytes
        MD5 hash:32B02B00CF70B41BE019E7E456AD02FF
        Has elevated privileges:true
        Has administrator privileges:true
        Programmed in:C, C++ or other language
        Yara matches:
        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000000.00000002.2856776796.00000000014E0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000000.00000002.2856776796.00000000014E0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000000.00000002.2856642535.0000000000E31000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security
        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000000.00000002.2856642535.0000000000E31000.00000040.00000001.01000000.00000003.sdmp, Author: unknown
        Reputation:low
        Has exited:true

        Disassembly

        Reset < >

          Execution Graph

          Execution Coverage:0.7%
          Dynamic/Decrypted Code Coverage:6.3%
          Signature Coverage:10.5%
          Total number of Nodes:95
          Total number of Limit Nodes:8
          execution_graph 93925 e31c57 93926 e31c71 93925->93926 93926->93926 93929 e5f873 93926->93929 93932 e5de83 93929->93932 93933 e5dea9 93932->93933 93942 e37753 93933->93942 93935 e5debf 93941 e31d3a 93935->93941 93945 e4b243 93935->93945 93937 e5dede 93938 e5def3 93937->93938 93939 e5c5e3 ExitProcess 93937->93939 93956 e5c5e3 93938->93956 93939->93938 93944 e37760 93942->93944 93959 e46983 93942->93959 93944->93935 93946 e4b26f 93945->93946 93977 e4b133 93946->93977 93949 e4b29c 93954 e4b2a7 93949->93954 93983 e5c223 93949->93983 93950 e4b2d0 93950->93937 93951 e4b2b4 93951->93950 93953 e5c223 NtClose 93951->93953 93955 e4b2c6 93953->93955 93954->93937 93955->93937 93957 e5c5fd 93956->93957 93958 e5c60b ExitProcess 93957->93958 93958->93941 93960 e4699d 93959->93960 93962 e469b6 93960->93962 93963 e5cc73 93960->93963 93962->93944 93965 e5cc8d 93963->93965 93964 e5ccbc 93964->93962 93965->93964 93970 e5b843 93965->93970 93968 e5e2c3 RtlFreeHeap 93969 e5cd32 93968->93969 93969->93962 93971 e5b860 93970->93971 93974 1aa2c0a 93971->93974 93972 e5b88c 93972->93968 93975 1aa2c1f LdrInitializeThunk 93974->93975 93976 1aa2c11 93974->93976 93975->93972 93976->93972 93978 e4b14d 93977->93978 93982 e4b229 93977->93982 93986 e5b8e3 93978->93986 93981 e5c223 NtClose 93981->93982 93982->93949 93982->93951 93984 e5c23d 93983->93984 93985 e5c24e NtClose 93984->93985 93985->93954 93987 e5b900 93986->93987 93990 1aa35c0 LdrInitializeThunk 93987->93990 93988 e4b21d 93988->93981 93990->93988 93886 e5f3a3 93887 e5f3b3 93886->93887 93888 e5f3b9 93886->93888 93891 e5e3a3 93888->93891 93890 e5f3df 93894 e5c543 93891->93894 93893 e5e3be 93893->93890 93895 e5c55d 93894->93895 93896 e5c56e RtlAllocateHeap 93895->93896 93896->93893 93897 e54e83 93902 e54e9c 93897->93902 93898 e54f2f 93899 e54ee7 93905 e5e2c3 93899->93905 93902->93898 93902->93899 93903 e54f2a 93902->93903 93904 e5e2c3 RtlFreeHeap 93903->93904 93904->93898 93908 e5c593 93905->93908 93907 e54ef7 93909 e5c5ad 93908->93909 93910 e5c5be RtlFreeHeap 93909->93910 93910->93907 93911 e5f403 93912 e5e2c3 RtlFreeHeap 93911->93912 93913 e5f418 93912->93913 93991 e54af3 93992 e54b0f 93991->93992 93993 e54b37 93992->93993 93994 e54b4b 93992->93994 93995 e5c223 NtClose 93993->93995 93996 e5c223 NtClose 93994->93996 93997 e54b40 93995->93997 93998 e54b54 93996->93998 94001 e5e3e3 RtlAllocateHeap 93998->94001 94000 e54b5f 94001->94000 94002 e5b7f3 94003 e5b80d 94002->94003 94006 1aa2df0 LdrInitializeThunk 94003->94006 94004 e5b835 94006->94004 93914 e43de3 93918 e43e03 93914->93918 93916 e43e6c 93917 e43e62 93918->93916 93919 e4b513 RtlFreeHeap LdrInitializeThunk 93918->93919 93919->93917 93920 e47cc3 93921 e47ce7 93920->93921 93922 e47d23 LdrLoadDll 93921->93922 93923 e47cee 93921->93923 93922->93923 93924 1aa2b60 LdrInitializeThunk

          Executed Functions

          Function 00E47CC3 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
          Download Yara Rule

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 14 e47cc3-e47cec call e5efc3 17 e47cf2-e47d00 call e5f4e3 14->17 18 e47cee-e47cf1 14->18 21 e47d10-e47d21 call e5d973 17->21 22 e47d02-e47d0d call e5f783 17->22 27 e47d23-e47d37 LdrLoadDll 21->27 28 e47d3a-e47d3d 21->28 22->21 27->28
          APIs
          • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00E47D35
          Memory Dump Source
          • Source File: 00000000.00000002.2856642535.0000000000E31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
          • Associated: 00000000.00000002.2856621281.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_e30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Yara matches
          Similarity
          • API ID: Load
          • String ID:
          • API String ID: 2234796835-0
          • Opcode ID: 18bceb7fcea2ff5a3d12662b36e0f20e686c3979bbdccc32aaa1e93ede2e62f3
          • Instruction ID: 9becfaaf5ddb9299dc84bb50428c17cb8f28a4350f4a8cff033bf1caa8cd0286
          • Opcode Fuzzy Hash: 18bceb7fcea2ff5a3d12662b36e0f20e686c3979bbdccc32aaa1e93ede2e62f3
          • Instruction Fuzzy Hash: CA011EB5E4420DABDB10DAA4DC42FEEB7B89B54308F1045A5ED18A7241F671EB188BA1
          Function 00E5C223 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
          Download Yara Rule

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 34 e5c223-e5c25c call e34a13 call e5d463 NtClose
          APIs
          • NtClose.NTDLL(?,?,00000000,00000000,0000001F,?,FA0A1F00), ref: 00E5C257
          Memory Dump Source
          • Source File: 00000000.00000002.2856642535.0000000000E31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
          • Associated: 00000000.00000002.2856621281.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_e30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Yara matches
          Similarity
          • API ID: Close
          • String ID:
          • API String ID: 3535843008-0
          • Opcode ID: 88f8e969be0a740724533901f171c420176f7c6b4beef853372c7e4dc44edbfe
          • Instruction ID: 3aa558e2b87ca24c8346152f4052cd31127ff71b9acb8e12bcd654ccff1947fe
          • Opcode Fuzzy Hash: 88f8e969be0a740724533901f171c420176f7c6b4beef853372c7e4dc44edbfe
          • Instruction Fuzzy Hash: F0E086752446047BE220FA59DC45F9777ACDFC5710F008415FA09B7142D6717915C7F4
          Function 01AA2B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
          Download Yara Rule

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 48 1aa2b60-1aa2b6c LdrInitializeThunk
          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID: InitializeThunk
          • String ID:
          • API String ID: 2994545307-0
          • Opcode ID: 51199d5364d9a30384770360544c4f22e27e601116126535c349ed389caf5696
          • Instruction ID: 516fad8f8973b5e08ded22bff2f05de49959c11b1069cfc503c5b8a53ee85686
          • Opcode Fuzzy Hash: 51199d5364d9a30384770360544c4f22e27e601116126535c349ed389caf5696
          • Instruction Fuzzy Hash: A9900261202440034105715C4854656400E97E0201F56C025E1015590EC52989916625
          Function 01AA2DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
          Download Yara Rule

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 50 1aa2df0-1aa2dfc LdrInitializeThunk
          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID: InitializeThunk
          • String ID:
          • API String ID: 2994545307-0
          • Opcode ID: 92a63e4e03e30a82005f24c892bf558fd772491fddafe6658095c17382d765c6
          • Instruction ID: d6b5dab79b8193b45f683b19a756e2906322dd07e9826d3e919b054f7ee7c573
          • Opcode Fuzzy Hash: 92a63e4e03e30a82005f24c892bf558fd772491fddafe6658095c17382d765c6
          • Instruction Fuzzy Hash: AC90023120144413D111715C4944747000D97D0241F96C416A0425558ED65A8A52A621
          Function 01AA2C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
          Download Yara Rule

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 49 1aa2c70-1aa2c7c LdrInitializeThunk
          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID: InitializeThunk
          • String ID:
          • API String ID: 2994545307-0
          • Opcode ID: 2578d83fc4c8f08547e1d9a24a7c442777b456b1deb658a0c31ec05914670713
          • Instruction ID: b11570d50262cc22ecf404229f83eef9ae5790234841e5726e58075479727710
          • Opcode Fuzzy Hash: 2578d83fc4c8f08547e1d9a24a7c442777b456b1deb658a0c31ec05914670713
          • Instruction Fuzzy Hash: 989002312014C802D110715C884478A000D97D0301F5AC415A4425658EC69989917621
          Function 01AA35C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
          Download Yara Rule

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 51 1aa35c0-1aa35cc LdrInitializeThunk
          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID: InitializeThunk
          • String ID:
          • API String ID: 2994545307-0
          • Opcode ID: 49e1e400a5e76c1ae5a173aefa72c44ca7e9fcc1996549fdd10d553b4d450767
          • Instruction ID: b93589c0df8f3c3ae03cb57799661316a0061c4450e7c4e6cb6a8caa9f10eec2
          • Opcode Fuzzy Hash: 49e1e400a5e76c1ae5a173aefa72c44ca7e9fcc1996549fdd10d553b4d450767
          • Instruction Fuzzy Hash: 4390023160554402D100715C4954746100D97D0201F66C415A0425568EC7998A516AA2
          Function 00E5C593 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 29memoryCOMMON
          Download Yara Rule

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 9 e5c593-e5c5d4 call e34a13 call e5d463 RtlFreeHeap
          APIs
          • RtlFreeHeap.NTDLL(00000000,00000004,00000000,F08BFF8B,00000007,00000000,00000004,00000000,00E47541,000000F4), ref: 00E5C5CF
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2856642535.0000000000E31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
          • Associated: 00000000.00000002.2856621281.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_e30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Yara matches
          Similarity
          • API ID: FreeHeap
          • String ID: Au
          • API String ID: 3298025750-2338536593
          • Opcode ID: 6e75c12ba05ba5d92cf646aaa4e3418c379a6945ddf84ebed5b32d66f5cf4077
          • Instruction ID: 6a9e57958fe8e2c61a8381d3ddee6ea8d355a961d86d6a4738758be948d4d767
          • Opcode Fuzzy Hash: 6e75c12ba05ba5d92cf646aaa4e3418c379a6945ddf84ebed5b32d66f5cf4077
          • Instruction Fuzzy Hash: 5AE06DB22042047BD610EE58DC45F9B7BECDF84710F004409FA09A7241D670B914C7B4
          Function 00E5C543 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
          Download Yara Rule

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 29 e5c543-e5c584 call e34a13 call e5d463 RtlAllocateHeap
          APIs
          • RtlAllocateHeap.NTDLL(?,00E4E6BE,?,?,00000000,?,00E4E6BE,?,?,?), ref: 00E5C57F
          Memory Dump Source
          • Source File: 00000000.00000002.2856642535.0000000000E31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
          • Associated: 00000000.00000002.2856621281.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_e30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Yara matches
          Similarity
          • API ID: AllocateHeap
          • String ID:
          • API String ID: 1279760036-0
          • Opcode ID: 1ac87302f398523e53a98886c5e2109ef933be91286e9a28aac5c936b029078d
          • Instruction ID: 8a6fb245d1c161cb4279409137fbf4fd2bb88283f7778e35b7bfb3b18e6ed799
          • Opcode Fuzzy Hash: 1ac87302f398523e53a98886c5e2109ef933be91286e9a28aac5c936b029078d
          • Instruction Fuzzy Hash: ACE06DB12142447BD610EE58DC45FDB77ACEF88710F404418F918B7281D670B914C7B4
          Function 00E5C5E3 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
          Download Yara Rule

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 39 e5c5e3-e5c619 call e34a13 call e5d463 ExitProcess
          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.2856642535.0000000000E31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
          • Associated: 00000000.00000002.2856621281.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_e30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Yara matches
          Similarity
          • API ID: ExitProcess
          • String ID:
          • API String ID: 621844428-0
          • Opcode ID: b0780d5cf3901fc2830cf11b6808de9bf9c1d8c93a60c6f488dc01339e3acd59
          • Instruction ID: a36179b6761524e92306bb3069f6980f5fd31dd23db52c30005a0841d10225fd
          • Opcode Fuzzy Hash: b0780d5cf3901fc2830cf11b6808de9bf9c1d8c93a60c6f488dc01339e3acd59
          • Instruction Fuzzy Hash: B9E046762042047BD220EA5AEC41F9BB7ACDBC5B10F004415FA08BB282CA70B90587F4
          Function 01AA2C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
          Download Yara Rule

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 44 1aa2c0a-1aa2c0f 45 1aa2c1f-1aa2c26 LdrInitializeThunk 44->45 46 1aa2c11-1aa2c18 44->46
          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID: InitializeThunk
          • String ID:
          • API String ID: 2994545307-0
          • Opcode ID: e3e04a06e83998eaa04d132c90ab992e991e3d7d7474bb3d85c1986ff357a2b1
          • Instruction ID: d4ffcd19d5c45a532a700841eb0aa43a0fe07300d5744c6dcf5f0e090cb72b69
          • Opcode Fuzzy Hash: e3e04a06e83998eaa04d132c90ab992e991e3d7d7474bb3d85c1986ff357a2b1
          • Instruction Fuzzy Hash: 7EB09B719015C5C5DA11E7644A08717790477D0701F56C076D2030741F473CC5D1E675

          Non-executed Functions

          Function 01AE2349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
          • API String ID: 0-2160512332
          • Opcode ID: 7af523a3e6d1666c0c9a1a45316b5dc24bcab8299ab64f18521b8e4ce3184288
          • Instruction ID: b5fe8a7a7ee7681a8acfa80da38072b0a77acae25c773856942a2656193126dd
          • Opcode Fuzzy Hash: 7af523a3e6d1666c0c9a1a45316b5dc24bcab8299ab64f18521b8e4ce3184288
          • Instruction Fuzzy Hash: AD927E71604342AFE725DF28C888B6BBBE8BF84754F04492EFA95D7251D770E844CB92
          Function 01A568B8 Relevance: 19.0, Strings: 15, Instructions: 249COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID: ApphelpCheckModule$Could not locate procedure "%s" in the shim engine DLL$LdrpGetShimEngineInterface$SE_DllLoaded$SE_DllUnloaded$SE_GetProcAddressForCaller$SE_InitializeEngine$SE_InstallAfterInit$SE_InstallBeforeInit$SE_LdrEntryRemoved$SE_LdrResolveDllName$SE_ProcessDying$SE_ShimDllLoaded$apphelp.dll$minkernel\ntdll\ldrinit.c
          • API String ID: 0-3089669407
          • Opcode ID: af61712b028098a547f36f70f45650d6453de5dbf04141ab1457b78ae02ccc2f
          • Instruction ID: 9d3dbc89584aee6a525e926b1d4a4c2d268d9e902a3c80973175f91c79ff44d7
          • Opcode Fuzzy Hash: af61712b028098a547f36f70f45650d6453de5dbf04141ab1457b78ae02ccc2f
          • Instruction Fuzzy Hash: CB810CB2D41219BF9B22EBA4DEC0EEE77BDAB18654B454422FA01F7114E730DD058BA0
          Function 01B05910 Relevance: 18.5, Strings: 14, Instructions: 963COMMON
          Download Yara Rule
          Strings
          • PreferredUILanguagesPending, xrefs: 01B061D2
          • Control Panel\Desktop, xrefs: 01B0615E
          • PreferredUILanguages, xrefs: 01B063D1
          • InstallLanguageFallback, xrefs: 01B06050
          • *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlpSetPreferredUILanguages is not a valid multi-string!, xrefs: 01B05A84
          • @, xrefs: 01B0647A
          • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 01B0635D
          • \Registry\Machine\System\CurrentControlSet\Control\NLS\Language, xrefs: 01B05FE1
          • @, xrefs: 01B06277
          • LanguageConfigurationPending, xrefs: 01B06221
          • @, xrefs: 01B061B0
          • @, xrefs: 01B06027
          • LanguageConfiguration, xrefs: 01B06420
          • @, xrefs: 01B063A0
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID: *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlpSetPreferredUILanguages is not a valid multi-string!$@$@$@$@$@$Control Panel\Desktop$InstallLanguageFallback$LanguageConfiguration$LanguageConfigurationPending$PreferredUILanguages$PreferredUILanguagesPending$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings$\Registry\Machine\System\CurrentControlSet\Control\NLS\Language
          • API String ID: 0-1325123933
          • Opcode ID: fec3794fecb62b80ae24df05e46c4fa316ce19bca57761323f8648b47d741585
          • Instruction ID: e9555c92755d6fbfc66a8d1ba22d6f94482d1407bf18bd70902fe82900b73706
          • Opcode Fuzzy Hash: fec3794fecb62b80ae24df05e46c4fa316ce19bca57761323f8648b47d741585
          • Instruction Fuzzy Hash: BA7269715083419FD72ADF28C890B6BBBE9FB88710F44496EFA85D7290E734D845CB92
          Function 01A98620 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
          Download Yara Rule
          Strings
          • double initialized or corrupted critical section, xrefs: 01AD5508
          • Invalid debug info address of this critical section, xrefs: 01AD54B6
          • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 01AD540A, 01AD5496, 01AD5519
          • corrupted critical section, xrefs: 01AD54C2
          • Critical section address., xrefs: 01AD5502
          • Address of the debug info found in the active list., xrefs: 01AD54AE, 01AD54FA
          • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 01AD54CE
          • Thread is in a state in which it cannot own a critical section, xrefs: 01AD5543
          • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 01AD54E2
          • Critical section debug info address, xrefs: 01AD541F, 01AD552E
          • Thread identifier, xrefs: 01AD553A
          • Critical section address, xrefs: 01AD5425, 01AD54BC, 01AD5534
          • undeleted critical section in freed memory, xrefs: 01AD542B
          • 8, xrefs: 01AD52E3
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
          • API String ID: 0-2368682639
          • Opcode ID: ca6e0d9efc446b1607634c4dd872d2093bac1747a2b582fb733b350baf7248cc
          • Instruction ID: abbd360a00bb93e103f26254a84686937aa6b687b1dd29b008802c21cff2b631
          • Opcode Fuzzy Hash: ca6e0d9efc446b1607634c4dd872d2093bac1747a2b582fb733b350baf7248cc
          • Instruction Fuzzy Hash: 73818AB1E40748BFDB20CF99C944BAEBBF5BB48B14F144119F606BB241D779A940CB90
          Function 01A929F9 Relevance: 14.2, Strings: 11, Instructions: 411COMMON
          Download Yara Rule
          Strings
          • @, xrefs: 01AD259B
          • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 01AD2506
          • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 01AD2412
          • RtlpResolveAssemblyStorageMapEntry, xrefs: 01AD261F
          • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 01AD2624
          • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 01AD25EB
          • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 01AD22E4
          • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 01AD2409
          • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 01AD2602
          • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 01AD24C0
          • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 01AD2498
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
          • API String ID: 0-4009184096
          • Opcode ID: 5e9e64f9aeca1a4b0940105dde84cc5284bbf4b057eab5a8d012faa0028bd740
          • Instruction ID: c7f7931401e26aacf3c2d5fd552d9cdf5ac27310bea460a5373ddd4ea16925c2
          • Opcode Fuzzy Hash: 5e9e64f9aeca1a4b0940105dde84cc5284bbf4b057eab5a8d012faa0028bd740
          • Instruction Fuzzy Hash: 85025EF1D00669ABDF21DB54CD80BEAB7B8AF54304F4441EAE609A7241EB709EC4CF59
          Function 01A90F30 Relevance: 13.3, Strings: 10, Instructions: 764COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID: $!$%$%%%u$%%%u!%s!$0$9$h$l$w
          • API String ID: 0-360209818
          • Opcode ID: f194a54c8b699ca0d7ac821eb5591a3b25f1281c7c3f3f2302391e1533379e98
          • Instruction ID: 2f8fef44a70e925fbbb4bd53ab9935e80baec31d2e5c4b071be3a3f898637547
          • Opcode Fuzzy Hash: f194a54c8b699ca0d7ac821eb5591a3b25f1281c7c3f3f2302391e1533379e98
          • Instruction Fuzzy Hash: FF62A1B5E006299FEB24CF18C8417A9B7B6FF95320F5982DAD54AAB240D7325ED1CF40
          Function 01B08B42 Relevance: 12.6, Strings: 10, Instructions: 146COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
          • API String ID: 0-2515994595
          • Opcode ID: 8f5cdee2cca9f0e979939582b8c4f99aa7a8532c519657bf6232cf5dc4130c32
          • Instruction ID: 3f08fd247755bd18ee4f2d9d4b2c13aa188552d7afd6a2721db0ce785712de65
          • Opcode Fuzzy Hash: 8f5cdee2cca9f0e979939582b8c4f99aa7a8532c519657bf6232cf5dc4130c32
          • Instruction Fuzzy Hash: EA51ACB1904305ABC72BCF588944BABBBE8EF94350F144A5EF99983290E770D644CB92
          Function 01B112ED Relevance: 11.8, Strings: 9, Instructions: 515COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID: Free Heap block %p modified at %p after it was freed$HEAP: $HEAP[%wZ]: $Heap Segment at %p contains invalid NumberOfUnCommittedPages (%x != %x)$Heap Segment at %p contains invalid NumberOfUnCommittedRanges (%x != %x)$Heap block at %p has corrupted PreviousSize (%lx)$Heap block at %p has incorrect segment offset (%x)$Heap block at %p is not last block in segment (%p)$Heap entry %p has incorrect PreviousSize field (%04x instead of %04x)
          • API String ID: 0-3591852110
          • Opcode ID: fdf620e6d0d4aee390d5ec6c4cd5bbaac3020b983e0121bf76e606c0ef3c2c21
          • Instruction ID: 75c1cca28d6b58c5700f173b1f9be4616d84b583d665f0047636b38cbb1908f8
          • Opcode Fuzzy Hash: fdf620e6d0d4aee390d5ec6c4cd5bbaac3020b983e0121bf76e606c0ef3c2c21
          • Instruction Fuzzy Hash: 0F12B070604642EFD7298F7DC441BBABBF1FF09714F5A8499EA868B649D734E880CB50
          Function 01A7AD00 Relevance: 11.8, Strings: 9, Instructions: 509COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID: DLL name: %wZ$DLL search path passed in externally: %ws$LdrGetDllHandleEx$LdrpFindLoadedDllInternal$LdrpInitializeDllPath$Status: 0x%08lx$minkernel\ntdll\ldrapi.c$minkernel\ntdll\ldrfind.c$minkernel\ntdll\ldrutil.c
          • API String ID: 0-3197712848
          • Opcode ID: 64d0b46027f9287c262e2c07f8bd8968122b67f774f64e6e4faa844b543d7cb5
          • Instruction ID: 57a14cc656d079b098ec0c75099fd0dfe0cd763f50aaba17db95d8694cc759e9
          • Opcode Fuzzy Hash: 64d0b46027f9287c262e2c07f8bd8968122b67f774f64e6e4faa844b543d7cb5
          • Instruction Fuzzy Hash: 9112F2B16083429FD725DF28C940BAEB7E5BF84B14F08491DF9898B291E734DA45CB62
          Function 01A5D34C Relevance: 11.6, Strings: 9, Instructions: 312COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID: @$@$@$Control Panel\Desktop$Control Panel\Desktop\MuiCached$MachinePreferredUILanguages$PreferredUILanguages$PreferredUILanguagesPending$\Registry\Machine\Software\Policies\Microsoft\MUI\Settings
          • API String ID: 0-3532704233
          • Opcode ID: 38cc9e231b6c96961975e18cb68d6b037181536476083b3252e15b569b705f2b
          • Instruction ID: 908cdd026ae597131746bd0ed2808f4701d04d093d432ad5743e3df9d81b1f21
          • Opcode Fuzzy Hash: 38cc9e231b6c96961975e18cb68d6b037181536476083b3252e15b569b705f2b
          • Instruction Fuzzy Hash: 75B1AC7250C3429FD762DFA8C480B6BBBE8BB88754F05492EF989D7201D730D9458B92
          Function 01B10CB5 Relevance: 10.4, Strings: 8, Instructions: 402COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID: HEAP: $HEAP[%wZ]: $Non-Dedicated free list element %p is out of order$Number of free blocks in arena (%ld) does not match number in the free lists (%ld)$Pseudo Tag %04x size incorrect (%Ix != %Ix) %p$Tag %04x (%ws) size incorrect (%Ix != %Ix) %p$Total size of free blocks in arena (%Id) does not match number total in heap header (%Id)$dedicated (%04Ix) free list element %p is marked busy
          • API String ID: 0-1357697941
          • Opcode ID: ff0b9f1c7e4edaaa84eda7a9e0fc5f93c13ff0072eb58d85c58fa7d4a326b023
          • Instruction ID: f78eafc71fc738cff7681527fa52459ae551f8f661988e9bcd91d0f0a0085380
          • Opcode Fuzzy Hash: ff0b9f1c7e4edaaa84eda7a9e0fc5f93c13ff0072eb58d85c58fa7d4a326b023
          • Instruction Fuzzy Hash: 93F11631A04646EFDB29EF6DC041BBABBF5FF09704F868099FA8197245C730A985CB50
          Function 01B10274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
          • API String ID: 0-1700792311
          • Opcode ID: 18740c963c0f3f59991f199f359dc226f59bfb757ead9563ed528318b09d7f30
          • Instruction ID: e9d1253565ed16ad4c3e0ca33bd5824103d0e5651370cc3b23032b00f1ff79f2
          • Opcode Fuzzy Hash: 18740c963c0f3f59991f199f359dc226f59bfb757ead9563ed528318b09d7f30
          • Instruction Fuzzy Hash: 46D1E331504785EFDB2AEFA8C441AADBBF1FF5A700F8A8099F8459B256D73499C0CB50
          Function 01AE89B3 Relevance: 9.0, Strings: 7, Instructions: 259COMMON
          Download Yara Rule
          Strings
          • VerifierDlls, xrefs: 01AE8CBD
          • AVRF: -*- final list of providers -*- , xrefs: 01AE8B8F
          • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 01AE8A67
          • HandleTraces, xrefs: 01AE8C8F
          • VerifierDebug, xrefs: 01AE8CA5
          • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 01AE8A3D
          • VerifierFlags, xrefs: 01AE8C50
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
          • API String ID: 0-3223716464
          • Opcode ID: 98f88915a0de81f930f0b80e900c17146cf609f7cf346648bc8c41969bb819b6
          • Instruction ID: 1de3a93fc61798b0fba4fdff930ad245314088f399ae9782bd700b2df1af8239
          • Opcode Fuzzy Hash: 98f88915a0de81f930f0b80e900c17146cf609f7cf346648bc8c41969bb819b6
          • Instruction Fuzzy Hash: 09914672645702EFDB31EF28C988B6BB7E8EB94714F050458FA456B250C779EC04C792
          Function 01A6EA80 Relevance: 8.6, Strings: 6, Instructions: 1073COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T${
          • API String ID: 0-1109411897
          • Opcode ID: 5288c644befd53dea0d9fc6eabd3e029938a074b4d55d3bdd2605f2553455c10
          • Instruction ID: fda486111d0e4a4496f7e8624a6af60ef402c01d4a5f9286a4cb788c05e36da1
          • Opcode Fuzzy Hash: 5288c644befd53dea0d9fc6eabd3e029938a074b4d55d3bdd2605f2553455c10
          • Instruction Fuzzy Hash: 65A25A74A0562ACFDF64CF28CDA87A9BBB5AF49704F1442E9D90DA7251DB309E84CF04
          Function 01A5F172 Relevance: 8.2, Strings: 6, Instructions: 684COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID: (!TrailingUCR)$((LONG)FreeEntry->Size > 1)$(LONG)FreeEntry->Size > 1$(UCRBlock != NULL)$HEAP: $HEAP[%wZ]:
          • API String ID: 0-523794902
          • Opcode ID: 2d62d42d35be9b648189644f5ea1658d04c8c0d5271802e968ec724da056468b
          • Instruction ID: 48707c980f06d33853d939199ca543e73d180228558d53eb3f42311ce13484d3
          • Opcode Fuzzy Hash: 2d62d42d35be9b648189644f5ea1658d04c8c0d5271802e968ec724da056468b
          • Instruction Fuzzy Hash: 1242EC712083829FD755DF28C984BAABBE9FF88204F18496DF896CB352D730D945CB52
          Function 01A6ADE0 Relevance: 8.1, Strings: 6, Instructions: 573COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID: #$H$J$LdrpResSearchResourceMappedFile Enter$LdrpResSearchResourceMappedFile Exit$MUI
          • API String ID: 0-4098886588
          • Opcode ID: 81065d1420cdb23e5018ec205a5cce7d22e0466ee6c421d471bdb0c56fd519a5
          • Instruction ID: 352b9a88fe704345be193ef691d10833193e57543cea367b998e58bc4e5c6a2f
          • Opcode Fuzzy Hash: 81065d1420cdb23e5018ec205a5cce7d22e0466ee6c421d471bdb0c56fd519a5
          • Instruction Fuzzy Hash: 6F32A071A00269DBDF22CF18CC98BEEBBB9BF44740F1440EAE949A7251D7319E818F50
          Function 01A7B1B0 Relevance: 7.8, Strings: 6, Instructions: 350COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID: API set$DLL %wZ was redirected to %wZ by %s$LdrpPreprocessDllName$LdrpPreprocessDllName for DLL %wZ failed with status 0x%08lx$SxS$minkernel\ntdll\ldrutil.c
          • API String ID: 0-122214566
          • Opcode ID: dcd3ce430dbc86fc40fd8d53e34cb1d2e474358fd09fe11e201c29fb04870dc8
          • Instruction ID: 512f41f85ef26a391f153c515e671d00f27e4754bfc2fc8eeee919a6549492cb
          • Opcode Fuzzy Hash: dcd3ce430dbc86fc40fd8d53e34cb1d2e474358fd09fe11e201c29fb04870dc8
          • Instruction Fuzzy Hash: 1CC13EB1A00216ABDB259F68CC81B7FBBB5BF45710F18406DED019B692D774DE84C3A1
          Function 01A963FF Relevance: 7.8, Strings: 6, Instructions: 261COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
          • API String ID: 0-792281065
          • Opcode ID: 9d324750a16ee6fcdcb44bd9612ac633a9346c364a2bcd23c88e0e5abe4a294a
          • Instruction ID: 5fa6601742b4691de56a6c59bebae1a47c0a917e9170c13b877c2f5d40a6896c
          • Opcode Fuzzy Hash: 9d324750a16ee6fcdcb44bd9612ac633a9346c364a2bcd23c88e0e5abe4a294a
          • Instruction Fuzzy Hash: BC916931B007169BEF35DF68DA44BAE7BF1BF84B24F040129E9066B682D7749841CBD0
          Function 01A5645D Relevance: 7.6, Strings: 6, Instructions: 150COMMON
          Download Yara Rule
          Strings
          • minkernel\ntdll\ldrinit.c, xrefs: 01AB9A11, 01AB9A3A
          • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 01AB9A2A
          • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 01AB99ED
          • Getting the shim engine exports failed with status 0x%08lx, xrefs: 01AB9A01
          • apphelp.dll, xrefs: 01A56496
          • LdrpInitShimEngine, xrefs: 01AB99F4, 01AB9A07, 01AB9A30
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
          • API String ID: 0-204845295
          • Opcode ID: ad521609c45686c05a990c7e397b3eb5312111b1a42fc57ed4803af4fdba1e68
          • Instruction ID: 8e3945e7d4b361db540d26c4c03943965ec6a8b852194b717fa26c52e3839e53
          • Opcode Fuzzy Hash: ad521609c45686c05a990c7e397b3eb5312111b1a42fc57ed4803af4fdba1e68
          • Instruction Fuzzy Hash: 5251C3B1248345AFE721DF24D981FAB7BE8FB84748F44051EFA8997261D730E905CB92
          Function 01A9C6A6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
          Download Yara Rule
          Strings
          • minkernel\ntdll\ldrredirect.c, xrefs: 01AD8181, 01AD81F5
          • Loading import redirection DLL: '%wZ', xrefs: 01AD8170
          • Unable to build import redirection Table, Status = 0x%x, xrefs: 01AD81E5
          • minkernel\ntdll\ldrinit.c, xrefs: 01A9C6C3
          • LdrpInitializeProcess, xrefs: 01A9C6C4
          • LdrpInitializeImportRedirection, xrefs: 01AD8177, 01AD81EB
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
          • API String ID: 0-475462383
          • Opcode ID: 73056537fbf072b5784d3c5bbaf4a05dc1d6b239e178d16ed32d16ecb5ddd78e
          • Instruction ID: 193b00a42bc007070c28ef811009f2fee72e9a414c14f6b3eaed31064d83c907
          • Opcode Fuzzy Hash: 73056537fbf072b5784d3c5bbaf4a05dc1d6b239e178d16ed32d16ecb5ddd78e
          • Instruction Fuzzy Hash: EA31E471644706AFC724EF29DE46E2AB7E4BFD4B20F040558F945AB291E760EC04CBE2
          Function 01A92674 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
          Download Yara Rule
          Strings
          • RtlGetAssemblyStorageRoot, xrefs: 01AD2160, 01AD219A, 01AD21BA
          • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 01AD2178
          • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 01AD21BF
          • SXS: %s() passed the empty activation context, xrefs: 01AD2165
          • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 01AD2180
          • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 01AD219F
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
          • API String ID: 0-861424205
          • Opcode ID: a55a242c3381316094ccc45969af7b86442841610ff73dc13bd36e3e08b37f00
          • Instruction ID: 81066a035b9212d649199857c19d3c346548a53ff81ecc15b5a230e73078b8dc
          • Opcode Fuzzy Hash: a55a242c3381316094ccc45969af7b86442841610ff73dc13bd36e3e08b37f00
          • Instruction Fuzzy Hash: EF31E736B403157BFB218AAA8C45F5E7AB8EB95A50F09405AFB05BB140D7709A40C6A1
          Function 01A79950 Relevance: 6.7, Strings: 5, Instructions: 462COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID: $ $Internal error check failed$Status != STATUS_SXS_SECTION_NOT_FOUND$minkernel\ntdll\sxsisol.cpp
          • API String ID: 0-3393094623
          • Opcode ID: c995cbff54c996020c9bda9c9b03fb75c6efd7b3a477a6bd2a26f2493f239ce2
          • Instruction ID: 0878b2f5baad86edb0c78c9b964268a518879b731f6f2cac3829efb47284b65a
          • Opcode Fuzzy Hash: c995cbff54c996020c9bda9c9b03fb75c6efd7b3a477a6bd2a26f2493f239ce2
          • Instruction Fuzzy Hash: 63026C71508341CFD721CF68C980B6BBBF5BF88B68F44891EE99987251E770DA44CB92
          Function 01AA096E Relevance: 6.6, APIs: 4, Instructions: 606COMMON
          Download Yara Rule
          APIs
            • Part of subcall function 01AA2DF0: LdrInitializeThunk.NTDLL ref: 01AA2DFA
          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01AA0BA3
          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01AA0BB6
          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01AA0D60
          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01AA0D74
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
          • String ID:
          • API String ID: 1404860816-0
          • Opcode ID: b0a7204af374cfe5d82a8612799508317fc98334169772840c467723652ba166
          • Instruction ID: bf393f32e5113c997fac506d089204b1697f0eeb3cf096f3f6339b02eeb6d584
          • Opcode Fuzzy Hash: b0a7204af374cfe5d82a8612799508317fc98334169772840c467723652ba166
          • Instruction Fuzzy Hash: 52426C71900715DFDB21CF28C980BAAB7F4BF04314F5445AAE99AEB241E770EA85CF61
          Function 01AE4F40 Relevance: 6.5, Strings: 5, Instructions: 246COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID: .DLL$.Local$/$\$\microsoft.system.package.metadata\Application
          • API String ID: 0-2518169356
          • Opcode ID: 6aa26a42df1888a383d05cbe5e318be238ed871c99df33aab530fd51caa5435c
          • Instruction ID: 794d3ce26320b816c6c7064438a9be1888a92b5c0573de3c77e8879a31c2cd61
          • Opcode Fuzzy Hash: 6aa26a42df1888a383d05cbe5e318be238ed871c99df33aab530fd51caa5435c
          • Instruction Fuzzy Hash: 4091DF76D0061A8FCB21CF9CC884AAEBBF4EF48714F594169E911E7350D735DA01CB90
          Function 01A770C0 Relevance: 6.0, Strings: 3, Instructions: 2248COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
          • API String ID: 0-3178619729
          • Opcode ID: 267e8ac305faa08ee62fcfa40c1af7f377e3d803fd604d398fbf739d24510767
          • Instruction ID: e9f4354ecde7a7e96386263bef07ce3adfb7fe586d9898e3748dd0a7d72a671a
          • Opcode Fuzzy Hash: 267e8ac305faa08ee62fcfa40c1af7f377e3d803fd604d398fbf739d24510767
          • Instruction Fuzzy Hash: 7C13C170A00255DFDB25CF68C8887A9FBF1FF49304F1881A9D959AB386D734AA45CF90
          Function 01A7A840 Relevance: 5.4, Strings: 4, Instructions: 358COMMON
          Download Yara Rule
          Strings
          • SsHd, xrefs: 01A7A885
          • SXS: String hash table entry at %p has invalid key offset (= %ld) Header = %p; Index = %lu; Bucket = %p; Chain = %p, xrefs: 01AC7D39
          • SXS: String hash collision chain offset at %p (= %ld) out of bounds, xrefs: 01AC7D56
          • RtlpFindUnicodeStringInSection: Unsupported hash algorithm %lu found in string section., xrefs: 01AC7D03
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID: RtlpFindUnicodeStringInSection: Unsupported hash algorithm %lu found in string section.$SXS: String hash collision chain offset at %p (= %ld) out of bounds$SXS: String hash table entry at %p has invalid key offset (= %ld) Header = %p; Index = %lu; Bucket = %p; Chain = %p$SsHd
          • API String ID: 0-2905229100
          • Opcode ID: d5168f9fc0186e0fe9aa550140e6fbeae7fde03bedac04865a498f9cf48a8097
          • Instruction ID: e2074c3217aa68919438ee404a92678d79241f5a3a51281b5ece41996d9e4805
          • Opcode Fuzzy Hash: d5168f9fc0186e0fe9aa550140e6fbeae7fde03bedac04865a498f9cf48a8097
          • Instruction Fuzzy Hash: 7FD1A236A00215EFDF25DFA8C9C06ADBBB1FF48710F19406AE945AB341D3319A51CFA0
          Function 01A6A3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
          • API String ID: 0-379654539
          • Opcode ID: 455b4e5d05e0632db2849c20f0413719609d1a7573a3ecb68b7891f1cb7b11b2
          • Instruction ID: db89ebc49e0e9e63393796017f44faee1e119cd94cea2ede11689f5eccec38f7
          • Opcode Fuzzy Hash: 455b4e5d05e0632db2849c20f0413719609d1a7573a3ecb68b7891f1cb7b11b2
          • Instruction Fuzzy Hash: F8C17974108382CFD711CF68C544B6AB7F8BF84704F08896EF996AB252E734DA49CB56
          Function 01A98402 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
          Download Yara Rule
          Strings
          • LdrpInitializeProcess, xrefs: 01A98422
          • minkernel\ntdll\ldrinit.c, xrefs: 01A98421
          • @, xrefs: 01A98591
          • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 01A9855E
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
          • API String ID: 0-1918872054
          • Opcode ID: b7a77c1305cf52476b849b419184044c3cd999414db2b7388a7bc4a0c3972ab1
          • Instruction ID: 5f767e4e9d87e8a918126360807dce034b0f2e565ec78e58c2252e8fc341e6e7
          • Opcode Fuzzy Hash: b7a77c1305cf52476b849b419184044c3cd999414db2b7388a7bc4a0c3972ab1
          • Instruction Fuzzy Hash: C6918A71508349AFEB21EF65CD40FABBBE8BF85744F40492EFA8592151E334D948CB62
          Function 01A70C00 Relevance: 5.3, Strings: 4, Instructions: 260COMMON
          Download Yara Rule
          Strings
          • HEAP[%wZ]: , xrefs: 01AC54D1, 01AC5592
          • HEAP: , xrefs: 01AC54E0, 01AC55A1
          • ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock)), xrefs: 01AC54ED
          • ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock, xrefs: 01AC55AE
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID: ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock))$HEAP: $HEAP[%wZ]: $ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock
          • API String ID: 0-1657114761
          • Opcode ID: 1b9e73c7a40e9677cae6b28ec8ed283abd00bcd46d60218bc50cdd0b3337ea16
          • Instruction ID: 86f34ab2de73d7f1aaab0e062fe8eb0dbf037c8548ba8a6a5e2777c6bd4dee7c
          • Opcode Fuzzy Hash: 1b9e73c7a40e9677cae6b28ec8ed283abd00bcd46d60218bc50cdd0b3337ea16
          • Instruction Fuzzy Hash: E8A1D170A043069FDB25CF28CA40BBABBF1BF56700F18856DF496CB682D734AA44C791
          Function 01A9273C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
          Download Yara Rule
          Strings
          • .Local, xrefs: 01A928D8
          • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 01AD22B6
          • SXS: %s() passed the empty activation context, xrefs: 01AD21DE
          • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 01AD21D9, 01AD22B1
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
          • API String ID: 0-1239276146
          • Opcode ID: e22f659671e21d3b43de34e2df01b91cf3e35e1903b8d8ab06859d87ce754d41
          • Instruction ID: 885f187259165f44da3b253714fedce987344a490cb31deb9d0c8b9481d6d94a
          • Opcode Fuzzy Hash: e22f659671e21d3b43de34e2df01b91cf3e35e1903b8d8ab06859d87ce754d41
          • Instruction Fuzzy Hash: 4EA18D31940229ABDF25CF68DC84BA9B7B1BF58354F1545EAE909EB251D7309EC0CF90
          Function 01A94AD0 Relevance: 5.2, Strings: 4, Instructions: 228COMMON
          Download Yara Rule
          Strings
          • SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix, xrefs: 01AD3456
          • SXS: %s() called with invalid flags 0x%08lx, xrefs: 01AD342A
          • SXS: %s() called with invalid cookie type 0x%08Ix, xrefs: 01AD3437
          • RtlDeactivateActivationContext, xrefs: 01AD3425, 01AD3432, 01AD3451
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID: RtlDeactivateActivationContext$SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix$SXS: %s() called with invalid cookie type 0x%08Ix$SXS: %s() called with invalid flags 0x%08lx
          • API String ID: 0-1245972979
          • Opcode ID: 6957572b5096df5ff0a9b8a5804303b10a13be243bffc8b62bb780f33e84aef2
          • Instruction ID: 267e217db01974a5f0470b04b7585a07604be6adb7ecf54a0498196cde1c25b3
          • Opcode Fuzzy Hash: 6957572b5096df5ff0a9b8a5804303b10a13be243bffc8b62bb780f33e84aef2
          • Instruction Fuzzy Hash: 2D6136B6600B129FDB22CF1DC941B3AB7E5FF84B51F18851DE8569B241D738E842CB92
          Function 01A664AB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
          Download Yara Rule
          Strings
          • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 01AC106B
          • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 01AC10AE
          • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 01AC0FE5
          • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 01AC1028
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
          • API String ID: 0-1468400865
          • Opcode ID: 33a5ea51b5683b620d0a03eb604c7a7601039a49661720814ae5e0a9757edfc9
          • Instruction ID: b7644626e370909a39066b84f4fdb9046630c83e05d60ed87d9ae812b6e15125
          • Opcode Fuzzy Hash: 33a5ea51b5683b620d0a03eb604c7a7601039a49661720814ae5e0a9757edfc9
          • Instruction Fuzzy Hash: 8971CEB1904346AFCB21DF28C985B9B7FACEF95764F440468F9488B286D734D588CBD2
          Function 01A8245A Relevance: 5.1, Strings: 4, Instructions: 111COMMON
          Download Yara Rule
          Strings
          • minkernel\ntdll\ldrinit.c, xrefs: 01ACA9A2
          • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 01ACA992
          • LdrpDynamicShimModule, xrefs: 01ACA998
          • apphelp.dll, xrefs: 01A82462
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
          • API String ID: 0-176724104
          • Opcode ID: 20fdd66bb3b2c55344efbf7d2fc814d2ce206fe35a72e71693ea116d2741eadd
          • Instruction ID: a837f3db9d5738b9de851b45d5170b9c248df55f5d84dbee5fafcf5898f58638
          • Opcode Fuzzy Hash: 20fdd66bb3b2c55344efbf7d2fc814d2ce206fe35a72e71693ea116d2741eadd
          • Instruction Fuzzy Hash: EE316872A00305EBDB35AF5DD985FBABBB4FB84B04F15001EE900A7255E7705881CB90
          Function 01A729A0 Relevance: 4.7, Strings: 3, Instructions: 966COMMON
          Download Yara Rule
          Strings
          • HEAP[%wZ]: , xrefs: 01A73255
          • Unable to release memory at %p for %Ix bytes - Status == %x, xrefs: 01A7327D
          • HEAP: , xrefs: 01A73264
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
          • API String ID: 0-617086771
          • Opcode ID: 5013648c21a362961d3bc64148668e81ccee1dd4eb7a5120497ccaf890396c9e
          • Instruction ID: 451a34b985ff9259daf939e9d89bfb7cdc710a81cc15e07f60cad17ecb2be2ba
          • Opcode Fuzzy Hash: 5013648c21a362961d3bc64148668e81ccee1dd4eb7a5120497ccaf890396c9e
          • Instruction Fuzzy Hash: C092CD71A042499FDF25CF68C8407AEBBF1FF48300F19849AE989AB352D735AA45DF50
          Function 01AF02C0 Relevance: 4.4, Strings: 3, Instructions: 611COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID: """"$MitigationAuditOptions$MitigationOptions
          • API String ID: 0-1670051934
          • Opcode ID: 12a20bc6c415f8c5c8baa08b9682e3741e6edbeb8dbf91edcfecad114ce90a5c
          • Instruction ID: c01e0739975f432b071e097c8e01d5b941b235c4088255b3bdb1232f0d061812
          • Opcode Fuzzy Hash: 12a20bc6c415f8c5c8baa08b9682e3741e6edbeb8dbf91edcfecad114ce90a5c
          • Instruction Fuzzy Hash: 87228E726047028FD764CFADCA95626FBE2BBC4310F29892EF2DA87652D771E504CB41
          Function 01A70770 Relevance: 4.2, Strings: 3, Instructions: 414COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
          • API String ID: 0-4253913091
          • Opcode ID: 7a8f5e900b74b363d6dcfe1fcbe4008c8df06deda0d7fd11f1c4b0fb3de66be3
          • Instruction ID: 980e8c87767c0f31270d56669a042031f679255de3fce21de5c439c69f609946
          • Opcode Fuzzy Hash: 7a8f5e900b74b363d6dcfe1fcbe4008c8df06deda0d7fd11f1c4b0fb3de66be3
          • Instruction Fuzzy Hash: D6F18A70B00606DFEB25DF68C984B6AB7F6FF85704F1481A9F4569B391D730AA81CB90
          Function 01A61460 Relevance: 4.1, Strings: 3, Instructions: 385COMMON
          Download Yara Rule
          Strings
          • HEAP[%wZ]: , xrefs: 01A61712
          • HEAP: , xrefs: 01A61596
          • HEAP: Free Heap block %p modified at %p after it was freed, xrefs: 01A61728
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
          • API String ID: 0-3178619729
          • Opcode ID: d16673da9c594bd00be085f9b641da384668c14743025fb0bb59fbc21a050e5f
          • Instruction ID: 63b250a0513f95d3ea37b9e65f4465143309f3933d702b14d7247e9b4b58916e
          • Opcode Fuzzy Hash: d16673da9c594bd00be085f9b641da384668c14743025fb0bb59fbc21a050e5f
          • Instruction Fuzzy Hash: 55E1CF74A042859FDB29CF6CC491BBABFF9EF88300F188459E996CB246D734E940CB50
          Function 00E31250 Relevance: 4.0, Strings: 3, Instructions: 258COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2856642535.0000000000E31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
          • Associated: 00000000.00000002.2856621281.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_e30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID: ".$f$gfff
          • API String ID: 0-171034247
          • Opcode ID: d383bc7024173b9ef91b4b62bef4a38739d7e2f3c36438ca1cbfb6efd0db8b34
          • Instruction ID: ac3088098bf2365ba633710793624814594bc74dacb81049d8e6e352fbc3f643
          • Opcode Fuzzy Hash: d383bc7024173b9ef91b4b62bef4a38739d7e2f3c36438ca1cbfb6efd0db8b34
          • Instruction Fuzzy Hash: B5A17171E1060987CF08CFADD8541EDBBB1EF99308F24925EE415BF251E7719A82CB94
          Function 01A86962 Relevance: 4.0, Strings: 2, Instructions: 1492COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID: $@
          • API String ID: 0-1077428164
          • Opcode ID: 3bcacc72425eeecd60ae0ef1d6590ddba1e35e3e02bf18bf0a8e716af3e37a09
          • Instruction ID: 38717b0e10bd154c19bef4aeaa64a914ba688d1fe8d95ffe3c5d5828cd51fc77
          • Opcode Fuzzy Hash: 3bcacc72425eeecd60ae0ef1d6590ddba1e35e3e02bf18bf0a8e716af3e37a09
          • Instruction Fuzzy Hash: 37C2A071A083419FEB25DF68C880BABBBE5BF88754F18892DF989C7241D734D845CB52
          Function 01A5A197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID: FilterFullPath$UseFilter$\??\
          • API String ID: 0-2779062949
          • Opcode ID: d7c36cd7860483b9933491fe44b98ac31cc9cc8da49aa65792c154e243285b1c
          • Instruction ID: a220c0f7e80e4f89ed0492f90c4c511c69e17e63b91b919edb0f6201e07fc800
          • Opcode Fuzzy Hash: d7c36cd7860483b9933491fe44b98ac31cc9cc8da49aa65792c154e243285b1c
          • Instruction Fuzzy Hash: 83A159719112699BDB31AF68CD88BEAB7B8FF44710F1001EAE909A7251D7359F84CF50
          Function 00E32850 Relevance: 4.0, Strings: 3, Instructions: 235COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2856642535.0000000000E31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
          • Associated: 00000000.00000002.2856621281.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_e30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID: VUUU$gfff$sHM
          • API String ID: 0-1034503316
          • Opcode ID: 05d0e0069c7a6ec466418425fa50f6e9c6b71f3973ad266139128831234420b2
          • Instruction ID: b523b9064faeefcf14f87ec61842d55b14ba19a2a3515de2a50bdce36c36802a
          • Opcode Fuzzy Hash: 05d0e0069c7a6ec466418425fa50f6e9c6b71f3973ad266139128831234420b2
          • Instruction Fuzzy Hash: 14610532B0020A47DB28C95CDC883A9BA92E7D4319F18917EDF89EF391E635AD05D7C0
          Function 01A80BCB Relevance: 4.0, Strings: 3, Instructions: 210COMMON
          Download Yara Rule
          Strings
          • minkernel\ntdll\ldrinit.c, xrefs: 01ACA121
          • Failed to allocated memory for shimmed module list, xrefs: 01ACA10F
          • LdrpCheckModule, xrefs: 01ACA117
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
          • API String ID: 0-161242083
          • Opcode ID: 5731edd9c235f19f35421ee51e1d410622dbf5741a2f31a4eb2c9f329963e624
          • Instruction ID: 1051ec4a178ab2f8d9f875e795356c9c48c36d0f4e689b9cbc138919619891d9
          • Opcode Fuzzy Hash: 5731edd9c235f19f35421ee51e1d410622dbf5741a2f31a4eb2c9f329963e624
          • Instruction Fuzzy Hash: 73719EB1A003099FDB25EF68CA85BBEB7F4FB84704F18446DE906E7251E734A985CB50
          Function 00E32600 Relevance: 4.0, Strings: 3, Instructions: 207COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2856642535.0000000000E31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
          • Associated: 00000000.00000002.2856621281.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_e30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID: VUUU$gfff$gfff
          • API String ID: 0-2692852535
          • Opcode ID: 3b6f5a06188e74f6acdf92bae2df2fbbd83b218ca10eb729c8b7648f911d996e
          • Instruction ID: b268475fed704107e47a7ca734d25c6f7ff52295cff2693f566b74f9bab4ad3d
          • Opcode Fuzzy Hash: 3b6f5a06188e74f6acdf92bae2df2fbbd83b218ca10eb729c8b7648f911d996e
          • Instruction Fuzzy Hash: 0151C332B0010A8BDF1C8D5DDC855697A96EBE4319F19917EEA49EF391EA34DD10C780
          Function 01A9C720 Relevance: 3.9, Strings: 3, Instructions: 141COMMON
          Download Yara Rule
          Strings
          • LdrpInitializePerUserWindowsDirectory, xrefs: 01AD82DE
          • Failed to reallocate the system dirs string !, xrefs: 01AD82D7
          • minkernel\ntdll\ldrinit.c, xrefs: 01AD82E8
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
          • API String ID: 0-1783798831
          • Opcode ID: 3a4f0ae9b8db57ff728f58d9386c31f6482ac95ccac0951e77c5a816d708564f
          • Instruction ID: 319565fc07cc7519682e699c2dc22679f81a3c078b26ee0e24ac30aa2a5964b6
          • Opcode Fuzzy Hash: 3a4f0ae9b8db57ff728f58d9386c31f6482ac95ccac0951e77c5a816d708564f
          • Instruction Fuzzy Hash: 0141F371944701ABCB21EB68DD44B9F77E8FF48760F04492AF949D7254EB74D900CBA1
          Function 01B1C188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
          Download Yara Rule
          Strings
          • PreferredUILanguages, xrefs: 01B1C212
          • @, xrefs: 01B1C1F1
          • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 01B1C1C5
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
          • API String ID: 0-2968386058
          • Opcode ID: 57d5bdd898bdc3e42d6325159b48c7b45545e7b86fbaad77144f1096330ecf6b
          • Instruction ID: 21f2c86c39d01141d0f3554e52731973a6c8dd63f5e95e09d137324204b17224
          • Opcode Fuzzy Hash: 57d5bdd898bdc3e42d6325159b48c7b45545e7b86fbaad77144f1096330ecf6b
          • Instruction Fuzzy Hash: 1A418371E4020AEBDF15DFD8C941FEEBBB8EB14700F4141AAEA09B7244D7749A44CB90
          Function 01AF4144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
          • API String ID: 0-1373925480
          • Opcode ID: 914ed9349e9c8b568e35bcbc4bc63193a2ac93d45b3b7c1555fab920b76686c6
          • Instruction ID: 8cc80d21c5d3916436a5ce56a3817229c10b82c783ec133f2d0e848468d0fa6e
          • Opcode Fuzzy Hash: 914ed9349e9c8b568e35bcbc4bc63193a2ac93d45b3b7c1555fab920b76686c6
          • Instruction Fuzzy Hash: E2411771A047988FEB25DBE8C944BAEBBB8FF59340F14046EEA41EB791D7348901CB15
          Function 01AE4755 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
          Download Yara Rule
          Strings
          • minkernel\ntdll\ldrredirect.c, xrefs: 01AE4899
          • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 01AE4888
          • LdrpCheckRedirection, xrefs: 01AE488F
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
          • API String ID: 0-3154609507
          • Opcode ID: 0571f207d43c6ae116039def9a8c1707a14d9a249aaf6df891c3763b250b2873
          • Instruction ID: 9142ed3b69f4d3937110b4a89d72ead98a03b6ea7a6ee335bf489c7a2842f4b1
          • Opcode Fuzzy Hash: 0571f207d43c6ae116039def9a8c1707a14d9a249aaf6df891c3763b250b2873
          • Instruction Fuzzy Hash: 4C419D32A047519BCB22CF6DD948A267BE9BF8DA50F0A0669ED59DB211D730EC00CBD1
          Function 01A70BBE Relevance: 3.8, Strings: 3, Instructions: 70COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
          • API String ID: 0-2558761708
          • Opcode ID: 45abe95c764ae5a40f7aa1d109a546ae33bca7f1c511edff2c200d00373b1bf7
          • Instruction ID: 452bbc3f63372a0f8c0444a10da08039b2be974d85ff2d8aaa3193038c510fba
          • Opcode Fuzzy Hash: 45abe95c764ae5a40f7aa1d109a546ae33bca7f1c511edff2c200d00373b1bf7
          • Instruction Fuzzy Hash: 24119A31719142DFDB29DB29CA41F7AF3A6AF82A16F18816DF406CB252DB30E940C750
          Function 01AE20DE Relevance: 3.8, Strings: 3, Instructions: 41COMMON
          Download Yara Rule
          Strings
          • minkernel\ntdll\ldrinit.c, xrefs: 01AE2104
          • LdrpInitializationFailure, xrefs: 01AE20FA
          • Process initialization failed with status 0x%08lx, xrefs: 01AE20F3
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
          • API String ID: 0-2986994758
          • Opcode ID: cf6dcc97895cf739efd85cf50d42e228fe207514dccefbb76bf1275597c0b472
          • Instruction ID: c3cd80089ebb0607e71ab6220920c95b38a2120791b1e4dc576a9f0f3bbc8782
          • Opcode Fuzzy Hash: cf6dcc97895cf739efd85cf50d42e228fe207514dccefbb76bf1275597c0b472
          • Instruction Fuzzy Hash: 32F0FC356803087BE724EB4CDD46F993BACFB80B54F14006AF6007B281D3F0E640CA51
          Function 01A703E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON
          Download Yara Rule
          APIs
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID: ___swprintf_l
          • String ID: #%u
          • API String ID: 48624451-232158463
          • Opcode ID: bdcb34b374a9da6bf170f362a0b2cefcf062fc587e346dc3511ccfc7c5766646
          • Instruction ID: 6de84986b1526ad8adae3629147ea6eb900bc8adbfa8e5127dc748f96ee878a5
          • Opcode Fuzzy Hash: bdcb34b374a9da6bf170f362a0b2cefcf062fc587e346dc3511ccfc7c5766646
          • Instruction Fuzzy Hash: 34712C71A0014A9FDB01DFA8CA94FAEBBF8BF18704F154069E905E7251EB34EE05CB65
          Function 01A752A0 Relevance: 3.2, Strings: 2, Instructions: 658COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID: @$@
          • API String ID: 0-149943524
          • Opcode ID: 2d783088e8dde7fd8281e8e63c25800b9f0f3f7eaf7573a68bd8b4782781ff7e
          • Instruction ID: 9bf233bda0d2aacd6c5463a37f08c71c33e7dc02b2d7b88a40fc08ba3c9834c2
          • Opcode Fuzzy Hash: 2d783088e8dde7fd8281e8e63c25800b9f0f3f7eaf7573a68bd8b4782781ff7e
          • Instruction Fuzzy Hash: 15329F709083518BD724CF19C990B7EBBF1EF85B44F18491EFA9997290E734DA44CB92
          Function 01A6A9D0 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
          Download Yara Rule
          Strings
          • LdrResSearchResource Exit, xrefs: 01A6AA25
          • LdrResSearchResource Enter, xrefs: 01A6AA13
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
          • API String ID: 0-4066393604
          • Opcode ID: ef0bdeaa1f1f8eb19891d6ae1808a39de71bc2c5c3a7ee76030537364a08f359
          • Instruction ID: fcc573fa977d1dc25db0094ac37666a510d891a80665959ab24d4d5acfe3ca40
          • Opcode Fuzzy Hash: ef0bdeaa1f1f8eb19891d6ae1808a39de71bc2c5c3a7ee76030537364a08f359
          • Instruction Fuzzy Hash: FDE14B71E00219AFEF22CF99CA80BAEBBB9FF59710F14452AEA01F7251D7749941CB50
          Function 01B2A352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID: `$`
          • API String ID: 0-197956300
          • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
          • Instruction ID: bb15df904c2d99b59f7e13574f609963027a95bd63854543195a05f2ccba35d8
          • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
          • Instruction Fuzzy Hash: 83C1D0312043529BEB29CF28C841B6BBBE5EFD4718F084A6DF69ACB690D774D509CB41
          Function 01A60CF2 Relevance: 2.8, Strings: 2, Instructions: 317COMMON
          Download Yara Rule
          Strings
          • Failed to retrieve service checksum., xrefs: 01ABEE56
          • ResIdCount less than 2., xrefs: 01ABEEC9
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID: Failed to retrieve service checksum.$ResIdCount less than 2.
          • API String ID: 0-863616075
          • Opcode ID: b84572f2e9264203bd74fb90ad49ae4c55ff9e10e46c9e08e9408f6e433814ca
          • Instruction ID: 3b4fdd0d8584c16f35ac4e34d23285742fabbf22455d1620a5f0897303356ffa
          • Opcode Fuzzy Hash: b84572f2e9264203bd74fb90ad49ae4c55ff9e10e46c9e08e9408f6e433814ca
          • Instruction Fuzzy Hash: C4E1E0B1908784DFE364CF15C580BABFBE4BB88314F408A2EE5998B391D7709949CF56
          Function 01ADE6F2 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID: InitializeThunk
          • String ID: Legacy$UEFI
          • API String ID: 2994545307-634100481
          • Opcode ID: 446d2670cd97cb6a80f1bd534a97434f607f8cb3c6377eac28ffe9e7c033894b
          • Instruction ID: 63767cbbc762c2d1ffd692062ce4ca77b49128b5d5ac02e054fc0254a0cf0a06
          • Opcode Fuzzy Hash: 446d2670cd97cb6a80f1bd534a97434f607f8cb3c6377eac28ffe9e7c033894b
          • Instruction Fuzzy Hash: C6615CB1E00B099FDB25DFA8C941BADBBB9FB48700F14406DE65AEB251D731AD40CB50
          Function 01B043D4 Relevance: 2.7, Strings: 2, Instructions: 169COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID: @$MUI
          • API String ID: 0-17815947
          • Opcode ID: 70832b831d7d9d4e7092a1d7d6080776e13739a64ad4c55fd9965294dcb65843
          • Instruction ID: 1f9f897c93dbbc13fd9b830e16f2b258874bebddeb47298e783ccc7b0e48fd89
          • Opcode Fuzzy Hash: 70832b831d7d9d4e7092a1d7d6080776e13739a64ad4c55fd9965294dcb65843
          • Instruction Fuzzy Hash: 8A51F9B1E0021DAFDF15DFA9CD80AEEBBBDEB44654F10056AE611B7290D731AA05CB60
          Function 00E325F1 Relevance: 2.7, Strings: 2, Instructions: 163COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2856642535.0000000000E31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
          • Associated: 00000000.00000002.2856621281.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_e30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID: gfff$gfff
          • API String ID: 0-3084402119
          • Opcode ID: 8c3c9acb85d036183ba847025d29357ab5c510f57807001b76abb553776b0841
          • Instruction ID: e7477773119fac1a11cf120406a92c7d60d8db42e8e3be781bf705a7aee0bebb
          • Opcode Fuzzy Hash: 8c3c9acb85d036183ba847025d29357ab5c510f57807001b76abb553776b0841
          • Instruction Fuzzy Hash: 0551D631B005068BDF188D5DDC856697A92FBE8309F19913EEB59EF391EA34DD10C781
          Function 00E32440 Relevance: 2.7, Strings: 2, Instructions: 159COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2856642535.0000000000E31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
          • Associated: 00000000.00000002.2856621281.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_e30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID: N$gfff
          • API String ID: 0-3440128799
          • Opcode ID: dd917d82f30ccffb3e7b6bdc985deb3c333daf0960b86581374a260572d895a0
          • Instruction ID: 49e84485b89dfede3ae7e3c4a15cdb0d3855ad8a20da5398836d12f9fa9c1fb3
          • Opcode Fuzzy Hash: dd917d82f30ccffb3e7b6bdc985deb3c333daf0960b86581374a260572d895a0
          • Instruction Fuzzy Hash: 4F413B73B0010917DB2C885D9C682B57E83D7E4319F99A13DDAD99F3C5F9249E42C386
          Function 01A604E5 Relevance: 2.7, Strings: 2, Instructions: 153COMMON
          Download Yara Rule
          Strings
          • kLsE, xrefs: 01A60540
          • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 01A6063D
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
          • API String ID: 0-2547482624
          • Opcode ID: 232b47e0da028b61ea3e9ebe6fb946c6775c761ff45c00d10edf9ff2118f1751
          • Instruction ID: b314ca7038b0210226fc2e5402660e570e3c70d37f4137bb2e80d418d6ec6126
          • Opcode Fuzzy Hash: 232b47e0da028b61ea3e9ebe6fb946c6775c761ff45c00d10edf9ff2118f1751
          • Instruction Fuzzy Hash: C151D0755007429FD725EF78C6406A7BBE8AF84704F10883EFADA87241E7B4D985CB92
          Function 01A6A2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
          Download Yara Rule
          Strings
          • RtlpResUltimateFallbackInfo Exit, xrefs: 01A6A309
          • RtlpResUltimateFallbackInfo Enter, xrefs: 01A6A2FB
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
          • API String ID: 0-2876891731
          • Opcode ID: 7aa65f0eb4b5a03e33b50b45608310e8042e0f84a9311aade94ac6be9571e2d2
          • Instruction ID: 6e9d728a52cccf3ef614b5626f94d3b22201e2230067bf381f1cc4e52804f5ea
          • Opcode Fuzzy Hash: 7aa65f0eb4b5a03e33b50b45608310e8042e0f84a9311aade94ac6be9571e2d2
          • Instruction Fuzzy Hash: F441AF35A04645DBEB11CF59C840B6EBBB8FF85700F1880AAEA15EB391E3B5DA40CB51
          Function 01A9A5D0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID: InitializeThunk
          • String ID: Cleanup Group$Threadpool!
          • API String ID: 2994545307-4008356553
          • Opcode ID: 73655811f0df46669af07d9bca2e3c2e70cc0f03f6d71523748d930d8ddee8da
          • Instruction ID: c8ae04cf7218cb7db127c0142c1e3bcdba46b22e6983a37c03ff368d887bc29d
          • Opcode Fuzzy Hash: 73655811f0df46669af07d9bca2e3c2e70cc0f03f6d71523748d930d8ddee8da
          • Instruction Fuzzy Hash: F301D1B2640704AFD711DF18CE45B167BE8E784716F05893AB648C7190E334D844CB86
          Function 01A6C7C0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID: MUI
          • API String ID: 0-1339004836
          • Opcode ID: 053ecd41130792162e82884f4c5924e5d9fd0e1dada9328530c7b4b0702b9316
          • Instruction ID: 6137101cdd2ef293cc9c57a482957e1c843229b3001e66e1a212483e81ddc101
          • Opcode Fuzzy Hash: 053ecd41130792162e82884f4c5924e5d9fd0e1dada9328530c7b4b0702b9316
          • Instruction Fuzzy Hash: 43829B75E002188FEB25CFA9C880BEDBBB9FF48760F148169D999AB355D7309D41CB50
          Function 01AB2F28 Relevance: 2.0, Strings: 1, Instructions: 762COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID: P`vRbv
          • API String ID: 0-2392986850
          • Opcode ID: dd5c2b54e12b8583d6ef8b658ca050ffb3ce1c70a14dce471d307cb82898e74c
          • Instruction ID: 95f2f5d434f16c9fe61730dae4656ae94af0f9f5d8e2d4bf19baedbe77db005e
          • Opcode Fuzzy Hash: dd5c2b54e12b8583d6ef8b658ca050ffb3ce1c70a14dce471d307cb82898e74c
          • Instruction Fuzzy Hash: E842E275D042DAAEEF29CB6CD8D46FEBBB8BF04310F18811AE541AB293D7758981C750
          Function 01B0CD1F Relevance: 1.9, Strings: 1, Instructions: 620COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID: @
          • API String ID: 0-2766056989
          • Opcode ID: a62076708d3ed8f09253c3cd3ba277d89f510b56d554c4357fdc89bf54a91837
          • Instruction ID: 49ace289cbb128c3d0f7415b5a0aca7a485b529232bfca4f08e3244523e8faae
          • Opcode Fuzzy Hash: a62076708d3ed8f09253c3cd3ba277d89f510b56d554c4357fdc89bf54a91837
          • Instruction Fuzzy Hash: BF622770D012188FCB98DF9AD4D4AADB7B2FF8C311F608199E9816BB45C7356A16CF60
          Function 01A82E90 Relevance: 1.7, Strings: 1, Instructions: 438COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID: 0
          • API String ID: 0-4108050209
          • Opcode ID: 6b2b30c8caba80d26060e9b5226f1f0d8ad398b4c0a09cbcf3a8ef455e6241ef
          • Instruction ID: 945edbdf21cb2c78e4ff2adace8955702da69219f0ebeb4601d73468db2f9263
          • Opcode Fuzzy Hash: 6b2b30c8caba80d26060e9b5226f1f0d8ad398b4c0a09cbcf3a8ef455e6241ef
          • Instruction Fuzzy Hash: 8FF17E71608746CFDF26EF28C580B6ABBF1BF88B20F04486DE99987241DB35D945CB52
          Function 00E46D0E Relevance: 1.7, Strings: 1, Instructions: 425COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2856642535.0000000000E31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
          • Associated: 00000000.00000002.2856621281.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_e30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID: (
          • API String ID: 0-3887548279
          • Opcode ID: ea733014510e4349b7b939a0817aaf2b433e909f7f4093a4f7768a235e1ff798
          • Instruction ID: a837ca2f53ed946d54ee999caa13a1616563dd16d0ab6241b8f329863f0949bb
          • Opcode Fuzzy Hash: ea733014510e4349b7b939a0817aaf2b433e909f7f4093a4f7768a235e1ff798
          • Instruction Fuzzy Hash: 40021CB6E006189FDB14CF9AD8805DDFBF2FF88314F1AC1AAD859A7315D6746A418F80
          Function 00E46D13 Relevance: 1.7, Strings: 1, Instructions: 423COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2856642535.0000000000E31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
          • Associated: 00000000.00000002.2856621281.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_e30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID: (
          • API String ID: 0-3887548279
          • Opcode ID: 5b5895f0e51fce406fdbb92f5fe0f57fd39733701dba8a51bdd5afbf1107f5ef
          • Instruction ID: fac80796ac66533ffa637152cbca71cf74c8f135749979bbab54fbf8f4ffaa39
          • Opcode Fuzzy Hash: 5b5895f0e51fce406fdbb92f5fe0f57fd39733701dba8a51bdd5afbf1107f5ef
          • Instruction Fuzzy Hash: 06021DB6E006189FDB14CF9AD8805DDFBF2FF88314F1AC1AAD859A7315D6746A418F80
          Function 01A62FC8 Relevance: 1.7, Strings: 1, Instructions: 410COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID: PATH
          • API String ID: 0-1036084923
          • Opcode ID: 215ac1824f95d0e036b8289d129a43fb073b5391129cef14023f3a6647d47b51
          • Instruction ID: bf8a774287bad72b441dd9b7f55c8712a3abb1e67c2eae8ed71b1be72b958c01
          • Opcode Fuzzy Hash: 215ac1824f95d0e036b8289d129a43fb073b5391129cef14023f3a6647d47b51
          • Instruction Fuzzy Hash: 7AF1B071D00219DFDF25DFA9D981ABEBBB9FF48710F484029E949AB350D7349942CB60
          Function 01AEEFA0 Relevance: 1.6, APIs: 1, Instructions: 121COMMON
          Download Yara Rule
          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID: __aullrem
          • String ID:
          • API String ID: 3758378126-0
          • Opcode ID: d2399a191eb0f5f701a36fcf9f691f845dfe918fa796f31438aa4cbd81ac600a
          • Instruction ID: 73780828f63813ffc0c3302366770c355214f8c44ed4dc5e0c08d484b636a366
          • Opcode Fuzzy Hash: d2399a191eb0f5f701a36fcf9f691f845dfe918fa796f31438aa4cbd81ac600a
          • Instruction Fuzzy Hash: 13417C71F001199FDF18DFB9C8805AEBBF2FF88320B198279D615E7280E635A9508780
          Function 01A60100 Relevance: 1.6, Strings: 1, Instructions: 321COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID: 0-3916222277
          • Opcode ID: 25d16bbe0c62cff91337242f5b686631ca76beb37dd9c06d5939d139e8a4f128
          • Instruction ID: a4f760abccd655413d111fdd6eefdb77327234306cea7abd476bb450ac7c801e
          • Opcode Fuzzy Hash: 25d16bbe0c62cff91337242f5b686631ca76beb37dd9c06d5939d139e8a4f128
          • Instruction Fuzzy Hash: 46A12C31A04369ABDF39CB298B84BFE6BBD5F55314F084099FF46A7283D67489C48B50
          Function 01B14420 Relevance: 1.6, Strings: 1, Instructions: 307COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID: 0-3916222277
          • Opcode ID: 32e399697b93e2b0365f90851acb0a521c9cd5612976a828a3ecb9768dc6ce84
          • Instruction ID: a8a7e651ec01781a428c17a7f11fe3753577876b12e09fdaa179e1a6ad34c1eb
          • Opcode Fuzzy Hash: 32e399697b93e2b0365f90851acb0a521c9cd5612976a828a3ecb9768dc6ce84
          • Instruction Fuzzy Hash: 38A14A30604368AADF3DCA28CD44BFE7BA4DF56728F8A04D8BE455B289CB75C944CB50
          Function 01AE6420 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID: 0-3916222277
          • Opcode ID: a4d1abd159d048bdcd30a5d2c2e1430eab4ab0db49c8af03959e2286319c931f
          • Instruction ID: 217014785321c6a4c5da4b65692ade8ed1d1b1a8f9b910535e3e2f6c47e92cce
          • Opcode Fuzzy Hash: a4d1abd159d048bdcd30a5d2c2e1430eab4ab0db49c8af03959e2286319c931f
          • Instruction Fuzzy Hash: D8915171A40219AFEB21EFA5CD85FAEBBB8EF14B50F140455F604AB191D774ED04CBA0
          Function 01B0E10E Relevance: 1.5, Strings: 1, Instructions: 255COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID: 0-3916222277
          • Opcode ID: f2d86f2ecdd9423d89e73ba8e9b1182be467f924771eaf21249cc0cff45eca26
          • Instruction ID: 99a1ed94c61dfb5b148705dd8b6bba2110621d5ee466df7da3f65bd6e71d834d
          • Opcode Fuzzy Hash: f2d86f2ecdd9423d89e73ba8e9b1182be467f924771eaf21249cc0cff45eca26
          • Instruction Fuzzy Hash: 0991AC7290120AAEDF2BABA5DD84FAFBFB9EF45740F100469F505A7290DB74D901CB90
          Function 01A9A660 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID: GlobalTags
          • API String ID: 0-1106856819
          • Opcode ID: 33385500fab9ee42baf8ace5985552b9ae5d70539d4d6752e67a250d2d6519a4
          • Instruction ID: 77cb93af481d39e796755c35a7a219a65559b9a2533a66eefe6c820dac275edb
          • Opcode Fuzzy Hash: 33385500fab9ee42baf8ace5985552b9ae5d70539d4d6752e67a250d2d6519a4
          • Instruction Fuzzy Hash: F3718FB5E0060ADFDF29CF9CD5916EDBBB1BF98700F14812EE90AA7241E7349941CB60
          Function 01B04978 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID: .mui
          • API String ID: 0-1199573805
          • Opcode ID: 046b10768d0c2cda4c1ead93e06af35e3fe265d8f453dcf9d00a3a732459c063
          • Instruction ID: f598b046967f6363318599bad9bb62f5e153245ad247d070484d9df4ac31d7d6
          • Opcode Fuzzy Hash: 046b10768d0c2cda4c1ead93e06af35e3fe265d8f453dcf9d00a3a732459c063
          • Instruction Fuzzy Hash: C851B472D006299FDF1ADF99D940AAEBFB4EF08700F0541A9EB11B7290D3749901CBA0
          Function 01A7E627 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID: EXT-
          • API String ID: 0-1948896318
          • Opcode ID: 55a0c31612e703be1d5c3d245976a212f003f6198fbcfd77aa18b6fc9dd4519e
          • Instruction ID: 0e522ce2f5d344d255469cee1642eb06df9c12afa58a8da3ca6f6f8ee1760d76
          • Opcode Fuzzy Hash: 55a0c31612e703be1d5c3d245976a212f003f6198fbcfd77aa18b6fc9dd4519e
          • Instruction Fuzzy Hash: A6417F72608342ABD711DB79CD80B6BBBE8AF88B14F44496DFA84D7140E774DA08C796
          Function 01ADC730 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID: BinaryHash
          • API String ID: 0-2202222882
          • Opcode ID: cda5908e31f58a511348a07034b7512d13177abdcaa532ff80ce449b582144f7
          • Instruction ID: 252c987f4b7613a793379bed027d900503ea29e0a9371312999ea5cfe46b979b
          • Opcode Fuzzy Hash: cda5908e31f58a511348a07034b7512d13177abdcaa532ff80ce449b582144f7
          • Instruction Fuzzy Hash: AC4145B1D0052DABDB21DB60CD85FDEB77CAB44724F4045A9E709A7140DB709E89CF94
          Function 01AF6B40 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID: #
          • API String ID: 0-1885708031
          • Opcode ID: ffdb94e485e48b59a8ee9eadb384865852dac1356621622b04e5ad6335025ea8
          • Instruction ID: 03808e1cc6c825d5ce925bb6ebb15270cd09eb3dcc50b94a39966b9c2a404522
          • Opcode Fuzzy Hash: ffdb94e485e48b59a8ee9eadb384865852dac1356621622b04e5ad6335025ea8
          • Instruction Fuzzy Hash: 14310A31A007199BEB22DFA9C850BBE7BB8DF05704F54406CFA89AB282D775DD06CB50
          Function 01AE892A Relevance: 1.3, Strings: 1, Instructions: 47COMMON
          Download Yara Rule
          Strings
          • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 01AE895E
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
          • API String ID: 0-702105204
          • Opcode ID: c1b1230b9d193fe67e0ac1622f7bfa9557369ed003898292b4994d3bb01ec08a
          • Instruction ID: 339830f19a24ebe4add61d5b7f45c4f1555e4e09334a0c8f8abf833844694c8a
          • Opcode Fuzzy Hash: c1b1230b9d193fe67e0ac1622f7bfa9557369ed003898292b4994d3bb01ec08a
          • Instruction Fuzzy Hash: B6012632600305EFE7366B5ADD8CB5A7FE5EF85295B08006CFA4287152CB25B840C793
          Function 01A9E8F0 Relevance: 1.0, Instructions: 985COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 4ce3637b96dfe763767d49c968cf68a39d205ee1dbb6cffe0e660959ea6f104f
          • Instruction ID: dbe245ca7a3f39c7f9d5c6ea4c437c0f599cfa59cc9893826f19b227d1d2fa8a
          • Opcode Fuzzy Hash: 4ce3637b96dfe763767d49c968cf68a39d205ee1dbb6cffe0e660959ea6f104f
          • Instruction Fuzzy Hash: 12823576F102188BCB58CFADDC916DDB7F2EF88314B19802DE416EB349DA34AC568B45
          Function 01AA516C Relevance: .8, Instructions: 785COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: aeb05b3855ea1e3220ee23f5ba40b9c0af7ce1827629ff48cdf83e099a6962e1
          • Instruction ID: bc4218ddaded22c529eaa4b445e5daecc4ba4e4438ac73b041e402baf8b9e034
          • Opcode Fuzzy Hash: aeb05b3855ea1e3220ee23f5ba40b9c0af7ce1827629ff48cdf83e099a6962e1
          • Instruction Fuzzy Hash: 8662AD32D0864AAFCF25CF08E4904AEFB72FE55314B89C65CD99A67605D331BA44CBD8
          Function 01B02000 Relevance: .8, Instructions: 757COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: b02a93f51a978e577ff46bbc19f3e372b0897bf76eeaeb68603ba218b1533430
          • Instruction ID: 564d51f4ce2e5cd234b1155c579b31a762f3a3ef11353d4595b22d983f329671
          • Opcode Fuzzy Hash: b02a93f51a978e577ff46bbc19f3e372b0897bf76eeaeb68603ba218b1533430
          • Instruction Fuzzy Hash: 1342C5356083419FE72ACF68C894A6BBFE5FF84340F0449ADFA8687290D771D949CB52
          Function 01AB739A Relevance: .7, Instructions: 705COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: c4fb6d41ee60a930b4a86f04c2de2a9be271ba794bf54d4fe95b6201a7f19b9f
          • Instruction ID: 21047153cf9cd0d1f8c895ffaee02fbdd2e66890ddf7f0b5f97f4e5c2f8de9bf
          • Opcode Fuzzy Hash: c4fb6d41ee60a930b4a86f04c2de2a9be271ba794bf54d4fe95b6201a7f19b9f
          • Instruction Fuzzy Hash: 5442B171A006968FDB19CF99C490AFEBBB6FF88314B18815DD552AB382D774E841CB90
          Function 01A8B2C0 Relevance: .6, Instructions: 629COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 6796029ee0200986792826e374f1336b2fb946a13dcf6f6d272b7b30790c2d52
          • Instruction ID: 7725f36e2b156bcd3182133bc984513d6db725974b9696d55dc21439bbda1080
          • Opcode Fuzzy Hash: 6796029ee0200986792826e374f1336b2fb946a13dcf6f6d272b7b30790c2d52
          • Instruction Fuzzy Hash: 0832A171E01219DFDF24EFA8C990BAEBBB1FF54714F180129E905AB391E7359911CBA0
          Function 01AF8158 Relevance: .6, Instructions: 617COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 91a9a6a5238c6c4f0b06882236edb44af79979ae04a2b6d2dd1bc00540ac33d1
          • Instruction ID: 020a131bfd4db948e542504deb212da6741456a85930c282b8e572a7e91b1098
          • Opcode Fuzzy Hash: 91a9a6a5238c6c4f0b06882236edb44af79979ae04a2b6d2dd1bc00540ac33d1
          • Instruction Fuzzy Hash: E2424F75E002198FEB25CFA9C841BADBBF5BF48301F14819DEA49EB252D7389985CF50
          Function 01A72840 Relevance: .6, Instructions: 605COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: aed667e8f66b2cfe1e42dc828b1350654ba507146b740539eadd04775157c7d9
          • Instruction ID: e1ae5c7188f2e9efc965594ec02fe79bc118ea3b4776ce15317df4e4ac3dd08e
          • Opcode Fuzzy Hash: aed667e8f66b2cfe1e42dc828b1350654ba507146b740539eadd04775157c7d9
          • Instruction Fuzzy Hash: CC32E270A007598FDB29CF69C9447BEBBF2BF84B04F28411DD58A9B385DB35A942CB50
          Function 01B0A118 Relevance: .6, Instructions: 591COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 55204ec8ea325140cf48424586f80d77378a4cd389075ea8ccf4ea40240f05ed
          • Instruction ID: 10c53e3c6ad083a52b2ae0db4bd5465ac54d4a18005cb1d79122705d1a659608
          • Opcode Fuzzy Hash: 55204ec8ea325140cf48424586f80d77378a4cd389075ea8ccf4ea40240f05ed
          • Instruction Fuzzy Hash: 6D22AC742047618AEB2ACF39C490376BFF1EF45340F088AD9E9868B2C6D775E452CB60
          Function 01B216CC Relevance: .6, Instructions: 571COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 94d3cb55adb944d857ea819c1535a2136d56a82419189e84e62cadb971c49588
          • Instruction ID: 50c652bf7e66956dc4d1426b1b01d595bb48e8ec5335d1e4efe8105fbb5a2c38
          • Opcode Fuzzy Hash: 94d3cb55adb944d857ea819c1535a2136d56a82419189e84e62cadb971c49588
          • Instruction Fuzzy Hash: 2A227F35A002268FDB1DCF5CC490AAAB7B2FF89314B2445ADD959DB345DB30A946CB90
          Function 01A88DBF Relevance: .6, Instructions: 554COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: c44b3a4a93167793d38852d0d9839059000958a1e3656761b7e1f54fde82b231
          • Instruction ID: 0a27bdb50a2fe1495d92ce8a99fdc6872f8c7df78f45bd98392d62dbb0f83936
          • Opcode Fuzzy Hash: c44b3a4a93167793d38852d0d9839059000958a1e3656761b7e1f54fde82b231
          • Instruction Fuzzy Hash: 3A226270E0011ADBDB15DF99C5809BEFBF6FF84714B58806AE945AB242E738DD41CBA0
          Function 01B22446 Relevance: .5, Instructions: 485COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: df5e76ac3b0e435f02707990737f88951ba3dd0433ccb5b49f5efe45815d314c
          • Instruction ID: 4efeefcd8b38dca7292b0a27e52d64272d9bcfb6b3e5a1558db9c864cbe34604
          • Opcode Fuzzy Hash: df5e76ac3b0e435f02707990737f88951ba3dd0433ccb5b49f5efe45815d314c
          • Instruction Fuzzy Hash: 0A02D0756046618BEB2DCF2DC450375BBF1EF85300B1886DAE99ACF282D734D84ADB61
          Function 01AB5630 Relevance: .5, Instructions: 458COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 743c94b24dba1edfdbdbc7f9e1d66971d251120f723e29e2eaeff24ce68898bf
          • Instruction ID: ffb0d5ffaedd461392ff03f0fc5286a20521a18151f0aafea998c91714caa2ef
          • Opcode Fuzzy Hash: 743c94b24dba1edfdbdbc7f9e1d66971d251120f723e29e2eaeff24ce68898bf
          • Instruction Fuzzy Hash: FDD14573B6471C4FC384DE6EDC82381B2D2ABD4528B5D843C9D18CB303F669E91E6688
          Function 01B241A2 Relevance: .5, Instructions: 452COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 82cfda221b319fb1e8354bc8a7135b7bfa4f1a93d23e903bc20688c611792704
          • Instruction ID: a269977a46a977acbe45494661cc6000ca2a9754d5c55856e907334942390fc1
          • Opcode Fuzzy Hash: 82cfda221b319fb1e8354bc8a7135b7bfa4f1a93d23e903bc20688c611792704
          • Instruction Fuzzy Hash: 1302C471E00225CFCF1DCF58C4806ADBBB2FF59304F2986A9D55AABB41D731A94ACB50
          Function 01B3B16B Relevance: .4, Instructions: 450COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: f50281cb1aee8f07f67850ca336ffab5c80dd349ff776eed69e9b7797e9af6a8
          • Instruction ID: fbbfb7d32e491018bd523f17a953f7002914fe7ebf6c142f6b069c8f1eee9a9e
          • Opcode Fuzzy Hash: f50281cb1aee8f07f67850ca336ffab5c80dd349ff776eed69e9b7797e9af6a8
          • Instruction Fuzzy Hash: 2BF1D372E006158BCB1CCF6DCAA067DBFF5EF9821071942ADD856DB285D734EA11CB50
          Function 00E40223 Relevance: .4, Instructions: 435COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856642535.0000000000E31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
          • Associated: 00000000.00000002.2856621281.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_e30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 937a55679482902739b3c28cbd4d4033f685ec815d12dd2f022c6521ee9f93e4
          • Instruction ID: 80ed05fbbda39d28a24b222809e18af36668faa1d9428683a152a50ad585ea77
          • Opcode Fuzzy Hash: 937a55679482902739b3c28cbd4d4033f685ec815d12dd2f022c6521ee9f93e4
          • Instruction Fuzzy Hash: 34026E73E547164FE720DE4ACDC4765B3A3EFC8311F5B81B8CA142B613CA39BA525A90
          Function 01B3A9A6 Relevance: .4, Instructions: 425COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 148c069b131a6296da15d74b7f25b055160b6ec7f39766b2ebea46a89ae385e3
          • Instruction ID: 10d5a94700748cb6d657a2debad99fd51fbda067808288eb61e1579311e42972
          • Opcode Fuzzy Hash: 148c069b131a6296da15d74b7f25b055160b6ec7f39766b2ebea46a89ae385e3
          • Instruction Fuzzy Hash: F4F1B472E005269BCB1CDE68C5A057DFBF5EF9821072942A9D896EB380D734EE51CB90
          Function 01A84A35 Relevance: .4, Instructions: 423COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
          • Instruction ID: 245a8828533e92c07b0a02c760ba5d0a33a41c24f608e421dd4e4681bf527d4a
          • Opcode Fuzzy Hash: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
          • Instruction Fuzzy Hash: 4CF15E71E0021A9FDF19DFA9C980BAEBBF5AF48754F08812DE905AB340E775D841CB60
          Function 01B12F30 Relevance: .4, Instructions: 412COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 69c6b56910ac3b9b32f99d0598b255a748abe8719daea5642c750098dec19409
          • Instruction ID: b0d816305bf21a9d6f8abe35b66e9a4bb00b8f227cf9b15d1607f56cec0cdcaf
          • Opcode Fuzzy Hash: 69c6b56910ac3b9b32f99d0598b255a748abe8719daea5642c750098dec19409
          • Instruction Fuzzy Hash: B0E11431A002859FDB28DFACD4407FEBBF1FF48320F95849AD486AB299E7359985C750
          Function 01AF892B Relevance: .4, Instructions: 386COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 25d4c263934f459b5070e198f4146e771bf735d9128d7430200adc6d7868e2ad
          • Instruction ID: aff4dbd68edf61ab0e3bc310194e5b0d8d34342cc0eb3d758c31b6ed29068fdd
          • Opcode Fuzzy Hash: 25d4c263934f459b5070e198f4146e771bf735d9128d7430200adc6d7868e2ad
          • Instruction Fuzzy Hash: 55D1C271E0060A9BDF15CFA9C841BBEB7F1EF88304F19816DEA55E7241D739E9068B60
          Function 01A665D0 Relevance: .4, Instructions: 383COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 7a49df23a2bea2c73932ab6cb7f1efd3669de8c320d2e9b45975f157f582c22a
          • Instruction ID: fae99f8b9f14cda9e34e099db72a9551ee258f0100154fb00873f29137e00cef
          • Opcode Fuzzy Hash: 7a49df23a2bea2c73932ab6cb7f1efd3669de8c320d2e9b45975f157f582c22a
          • Instruction Fuzzy Hash: FAE1AF71608342CFC715CF28C590A6ABBF4FF89314F058A6DE99987352EB35E905CB92
          Function 01A58397 Relevance: .4, Instructions: 380COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 29fc235dc488139a1f4847e47583f5c89bb7b68b4f20cd8fa18248b71ad20ab5
          • Instruction ID: 9ff033ab6c04f5ad4c15bec932805357d633b1230923c6e163db28680f80c057
          • Opcode Fuzzy Hash: 29fc235dc488139a1f4847e47583f5c89bb7b68b4f20cd8fa18248b71ad20ab5
          • Instruction Fuzzy Hash: 3DD1F271A04206DBDB54DF2AC9D0ABAB7B9FF54304F08462DED16DB281E738E951CB60
          Function 01A8C6E0 Relevance: .4, Instructions: 367COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 98b2c1f5a1459d9299cae76772ec72d2ef82740d4faa4b35ff3838964d904432
          • Instruction ID: f67025e9de3df608992b2f943364431b6c089f5e3c0b7688f3e924765e3cbd91
          • Opcode Fuzzy Hash: 98b2c1f5a1459d9299cae76772ec72d2ef82740d4faa4b35ff3838964d904432
          • Instruction Fuzzy Hash: 32D18C31E042198BEB29EF9CC5853FDBBB2FB44720F18806AD546E7289D7748941CF65
          Function 01A738E0 Relevance: .3, Instructions: 349COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 0988d76e9906cedfc771382270e90109edc0031afc97110d50d0f0d6c6c8657f
          • Instruction ID: 5c212be954c8489575de274d0b4be164a20c5dec3008cb0300ea3cde13f7a03a
          • Opcode Fuzzy Hash: 0988d76e9906cedfc771382270e90109edc0031afc97110d50d0f0d6c6c8657f
          • Instruction Fuzzy Hash: 6EE17E75A00205DFDB18CF59C990BAABBF1FF88310F198159E955EB391D730EA45CBA0
          Function 01A7CFE0 Relevance: .3, Instructions: 345COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: c772b4253ead1bcf59d02938d503a1abdf64eba8d1118eef78ec0a93e537ee8c
          • Instruction ID: 15b6bdd9af1b799515a81a7b20c22b686605f99cc30ac1ebde1eb65952857771
          • Opcode Fuzzy Hash: c772b4253ead1bcf59d02938d503a1abdf64eba8d1118eef78ec0a93e537ee8c
          • Instruction Fuzzy Hash: 16D1B131A003198FEB35DB99CD94BAABBB1BF49314F0440E9D909A7241DB74AF85CF91
          Function 01B395C3 Relevance: .3, Instructions: 326COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 111ccbf3f31c683ad2b1ab120f7a2bda2437a07288d17bb97b58abe6a081437d
          • Instruction ID: ac67957656fc585448d68851bbb1e4ddb197c41650f088f904e4029e5878229d
          • Opcode Fuzzy Hash: 111ccbf3f31c683ad2b1ab120f7a2bda2437a07288d17bb97b58abe6a081437d
          • Instruction Fuzzy Hash: 8DB19BB1910115BFFB298B24CC55FBB76ADEB44754F0443DABA19E71C0DBB0AE908B60
          Function 01AE8243 Relevance: .3, Instructions: 322COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
          • Instruction ID: a02360a00a9f0316eb15c6962c4bee42a75e9811ad1ce1d5901dfd5b81c3029b
          • Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
          • Instruction Fuzzy Hash: 17B17174A00705AFDF24DF99C948AABBBF9FF84304F14446DEA1297794DA38E945CB10
          Function 01A70535 Relevance: .3, Instructions: 300COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
          • Instruction ID: c928290b7b72c497704d5c410a2328f731f76cafb2b1c5a5c220745bdb8cb66f
          • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
          • Instruction Fuzzy Hash: 57B13631704646AFDF25CB68CD50BBEBBF6AF49600F194199E642DB281DB30EE41CB90
          Function 01A683C0 Relevance: .3, Instructions: 281COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 50fb64c95a5872439585c5ca28fd85173f23e75c2150f57d1e34fa2caa862939
          • Instruction ID: 6e36789fed90134a44ad6c3aff033bc423d4bae6c954707dca2ce22047bbd591
          • Opcode Fuzzy Hash: 50fb64c95a5872439585c5ca28fd85173f23e75c2150f57d1e34fa2caa862939
          • Instruction Fuzzy Hash: 69C13774208341CFD764CF29C494BABB7E9BF88704F44496DE98987291D778EA09CF92
          Function 01A5C427 Relevance: .3, Instructions: 280COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: a741dcce68c68157cab77fcb2154ef8c18d4d7552dca5dff85c9021456ad20c7
          • Instruction ID: 6ed42f29ad7ad50e723823110ed503401312678e8d18165f36a53e92172688fc
          • Opcode Fuzzy Hash: a741dcce68c68157cab77fcb2154ef8c18d4d7552dca5dff85c9021456ad20c7
          • Instruction Fuzzy Hash: 31B18370A043658BDB65DF68C980BA9B3F5EF44714F0485E9D90AEB249EB70DE85CB20
          Function 01A8E5E7 Relevance: .3, Instructions: 278COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 9e24af09f4979c4b08a9623a578b1fbceb643e1ab02a5a72a748ed30d67386f2
          • Instruction ID: 97b3d2f008fac3d51c82c7dfe75fd34189b65cf8763d8f2ce94ba6b9de42256c
          • Opcode Fuzzy Hash: 9e24af09f4979c4b08a9623a578b1fbceb643e1ab02a5a72a748ed30d67386f2
          • Instruction Fuzzy Hash: BCA12631E00659EFEB21EB9CC944FAEBBB5BF04B14F054129EA11AB291D7749D40CBD1
          Function 01AA0185 Relevance: .3, Instructions: 276COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 8b54e569dc1b7e0dea7b16006bbccc62a011bdf5df1cc1de792866ea98b8c712
          • Instruction ID: 34ba037e9cf5b6b7d1d268e3587e4736f97ba490a2938bd8a0bd44ca35ef7a6b
          • Opcode Fuzzy Hash: 8b54e569dc1b7e0dea7b16006bbccc62a011bdf5df1cc1de792866ea98b8c712
          • Instruction Fuzzy Hash: 9EA1B270B007169FEB25DF69CA90BAAB7B5FF54314F444029FA46D7282EB34E815CB90
          Function 01B34500 Relevance: .3, Instructions: 275COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: a43a3082c4fb587901a57b6900fae82c25b33d24b9701bd09bc3ae91f9112ee5
          • Instruction ID: 38b8ad0f9b3615c90e8c131dabf1318bfbc0ad97f8d3e8b3fc5b54a728cbf1d6
          • Opcode Fuzzy Hash: a43a3082c4fb587901a57b6900fae82c25b33d24b9701bd09bc3ae91f9112ee5
          • Instruction Fuzzy Hash: CDA1E072A04212EFC71ADF28C980B6ABBE9FF88704F4506A9F545DB651D334ED20CB91
          Function 01B32B57 Relevance: .3, Instructions: 266COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
          • Instruction ID: 5924df047b858d9bc88ab178495d7bf98bfb5b13307f85a5ba7f1a808774555c
          • Opcode Fuzzy Hash: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
          • Instruction Fuzzy Hash: 04B13B71E0061ADFDF19CFADC980AADBBB5FF88310F1481A9E914A7354D730A955CBA0
          Function 01AE60E0 Relevance: .3, Instructions: 264COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: ea40732268ceb40d5a65720a0de765a350603d3a07a0752b199ce95d9e0221bf
          • Instruction ID: 692199184260df22885492eb18d868078ca7393c2fc023e1683cce7417a61b86
          • Opcode Fuzzy Hash: ea40732268ceb40d5a65720a0de765a350603d3a07a0752b199ce95d9e0221bf
          • Instruction Fuzzy Hash: A391A271D00216AFDF15CFA8D888BBEBFF5AF58710F154969E614AB341D734E9009BA0
          Function 01A7E3F0 Relevance: .3, Instructions: 261COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: b0e2c178a7018383accffc68d44da34284dbf7d05c49025733b94db1bbb4b729
          • Instruction ID: 67436dd34aac6cf93d407fcecde709f277c4c1cab77a739c51732d29f36e5379
          • Opcode Fuzzy Hash: b0e2c178a7018383accffc68d44da34284dbf7d05c49025733b94db1bbb4b729
          • Instruction Fuzzy Hash: 5D912432A00616CBEB24DB6DCD44BBABBB1EF94B14F0981A9ED05DB351E734DA01C761
          Function 01A94750 Relevance: .3, Instructions: 251COMMONLIBRARYCODE
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 9a4050b41c6a135279948fe63c017d1f443f312da45434136b065312031d96b8
          • Instruction ID: e1eb6b4195d6772d114dcca52af1a9cbc96ef27c74d4325f5d1c4ad8056eb6b4
          • Opcode Fuzzy Hash: 9a4050b41c6a135279948fe63c017d1f443f312da45434136b065312031d96b8
          • Instruction Fuzzy Hash: 6E812771A047968BEF264EACC9C126DBBB1FF56200B2C867AD5439F341C2749887C792
          Function 01B2F7B0 Relevance: .2, Instructions: 242COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 4a9717643b19d0579b003d1e34c75194912070d860ab033a842e6a41bf4499c2
          • Instruction ID: ce767e899fe8ef7c0a028dc802a4113f7670cedfe5ceef62472dfd63091fe932
          • Opcode Fuzzy Hash: 4a9717643b19d0579b003d1e34c75194912070d860ab033a842e6a41bf4499c2
          • Instruction Fuzzy Hash: 3691E771E002269BEB19CF28C98077ABBF1EF44310F1485BDE959DB291D774E949CB90
          Function 01B2F43F Relevance: .2, Instructions: 241COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 1dd46f8eea18fb4b3e9d358769fbdb35dedfa1d721727bb8b71c2be22c009467
          • Instruction ID: b5a643df330bbdc50ec9aede00a1122cb9310a7f95e506219b453f564366fd94
          • Opcode Fuzzy Hash: 1dd46f8eea18fb4b3e9d358769fbdb35dedfa1d721727bb8b71c2be22c009467
          • Instruction Fuzzy Hash: B391C372A002159BDF19CF79C8906BEBBF1EF88210B1982BDE859DB396D734D905CB50
          Function 01B281CC Relevance: .2, Instructions: 232COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: c72f46a0a7883b090f67c4fe7469205b3b1f2acec039a48a7cf28395c54954e1
          • Instruction ID: d5f831729f6a62fc888ae8c2974c6e4108ae5d47b853f1286fa723a3adbf0f87
          • Opcode Fuzzy Hash: c72f46a0a7883b090f67c4fe7469205b3b1f2acec039a48a7cf28395c54954e1
          • Instruction Fuzzy Hash: 3081A571E005259BCB18CF6DC8C05AEB7F1FF89310B1843AAE929E7294D774E956CB90
          Function 01A70E59 Relevance: .2, Instructions: 231COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 533dafee2b9af8620a49343a5be56408522cc02893ed8435f8d9b4e3c0d7dd8f
          • Instruction ID: 2230df4c4112420d3189ed98787b7f20fac3582b9ed3220cf9f38b9ecf5d85f3
          • Opcode Fuzzy Hash: 533dafee2b9af8620a49343a5be56408522cc02893ed8435f8d9b4e3c0d7dd8f
          • Instruction Fuzzy Hash: EB81BE71A005199FDB15CF6DCD809AFBBB2FFD6210B288299F8549B349D730EA41CB90
          Function 01AB6ACC Relevance: .2, Instructions: 226COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 61b1fa6f28f1a30b903335aa40ecf090dca27cca22623a3deb0d9b4daf38a8fe
          • Instruction ID: aa42f334fdebd28a9216de5755919175c0ec3708a297c4ed642a2c1ff8cb6005
          • Opcode Fuzzy Hash: 61b1fa6f28f1a30b903335aa40ecf090dca27cca22623a3deb0d9b4daf38a8fe
          • Instruction Fuzzy Hash: 3681A471E0065A9BDB14CF69C990AFEBBF9FB48700F04852EE549E7641E334E941CBA4
          Function 01B1E4F6 Relevance: .2, Instructions: 224COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 2402713a16e7e35d2de6853a4bb67162bbc856b806d71aa2c3ef453ac0fa457a
          • Instruction ID: 94604332a740b905ef556ecaaaacdcda5f1de0e1bdfee5d352d96a48c7681d86
          • Opcode Fuzzy Hash: 2402713a16e7e35d2de6853a4bb67162bbc856b806d71aa2c3ef453ac0fa457a
          • Instruction Fuzzy Hash: A281A376E002159BDF19CF98C5906ADFBF1EF88310B5A81A9E816EB389D734DD41CB90
          Function 01B2AB40 Relevance: .2, Instructions: 222COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
          • Instruction ID: 82de6e6aa204a4aa9215b8c1a36e9cdc69f4b888523e6e61e6794963b3759fdc
          • Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
          • Instruction Fuzzy Hash: A1817231A002159FDF1DCFA8C884AAEBBF6FF84310F1485A9D9199B785D774D909CB50
          Function 01A9E284 Relevance: .2, Instructions: 212COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 21015262f7135cce6ce69bf30920120dee15933e6b742b2737bbe5e92b7db9c3
          • Instruction ID: 0a8ff60d269cfab48bb0aa66728d8348510de366f72c1866421397b7f1a50b98
          • Opcode Fuzzy Hash: 21015262f7135cce6ce69bf30920120dee15933e6b742b2737bbe5e92b7db9c3
          • Instruction Fuzzy Hash: B2814B71A00609AFDF25CFA9C980BEFBBF9FB88354F144429E556A7251D730AC85CB60
          Function 01A8B950 Relevance: .2, Instructions: 209COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: b0b45792301e1797c61b52622750399663a2e8121506f0bef192e7d7af2cc923
          • Instruction ID: 5fe19a70f9633d0e6246ce8007b9edf3267ad76217c577f068c122796555395d
          • Opcode Fuzzy Hash: b0b45792301e1797c61b52622750399663a2e8121506f0bef192e7d7af2cc923
          • Instruction Fuzzy Hash: 4F71E430614260CFE724EF2AC980736FBE2AB84B05F58855DE996CB1D5DB35E806CB70
          Function 01A7C640 Relevance: .2, Instructions: 206COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 7bd9674cd9afc0449f518a92bb0c04bed0158d500d8dc96b3bb3a27ce20da041
          • Instruction ID: cecddb9b172017aa23600307aea67d20edf911da60631dccaedc0ae4bec120de
          • Opcode Fuzzy Hash: 7bd9674cd9afc0449f518a92bb0c04bed0158d500d8dc96b3bb3a27ce20da041
          • Instruction Fuzzy Hash: 5271E3B5D00226DBCB26CF59D8907BEBBB1FF58B10F14411EE942AB354E7389904CB90
          Function 01B147A0 Relevance: .2, Instructions: 202COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 416c2edf0a986a1ffcbae2c4aeffdad4753969681059e80b6fb8c759f8369e86
          • Instruction ID: 6f570451ca65e96fce3b20e59212fd4c263da30a366d4e2cd892269741a32e64
          • Opcode Fuzzy Hash: 416c2edf0a986a1ffcbae2c4aeffdad4753969681059e80b6fb8c759f8369e86
          • Instruction Fuzzy Hash: 20719471910305EFDB28DF99DA40B9ABBF9FF85300F92469AE600AB29CD7318940CF54
          Function 01A7260B Relevance: .2, Instructions: 201COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 6e25ba04536b3705266139bf6d16d7393dfb408d644db97420dd3f270707cef3
          • Instruction ID: 896258612f1d00de895dc7e50baaa814d4919ed034013f505aca4365ff7e89e4
          • Opcode Fuzzy Hash: 6e25ba04536b3705266139bf6d16d7393dfb408d644db97420dd3f270707cef3
          • Instruction Fuzzy Hash: A471C2356042428FD715DF2CC980B2AB7F5FF84710F0985AAE899CB356DB34DA45CB91
          Function 01B270E9 Relevance: .2, Instructions: 201COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 0e9a40074d0eb75ee683ee6f8e4176d813eddcab23d6f7e18f21b98d34ad4202
          • Instruction ID: d54aaed24a52748fb23e9efbb0aa75857fdaaf2ae37b27b7e1035712b4a8f3c4
          • Opcode Fuzzy Hash: 0e9a40074d0eb75ee683ee6f8e4176d813eddcab23d6f7e18f21b98d34ad4202
          • Instruction Fuzzy Hash: E1610B71E002379BDF19DEA9C881ABFB779EF75200F1041BAD91997240DF34D9498B94
          Function 01B1F0CC Relevance: .2, Instructions: 199COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: e33210ef2a13dd061706c51a16e0afd52bc67bf204f3b1346955fb830418f947
          • Instruction ID: a4db2f1f92bc03b16a52b68f91f5fe73446076f429ad0d3b98df66c286126637
          • Opcode Fuzzy Hash: e33210ef2a13dd061706c51a16e0afd52bc67bf204f3b1346955fb830418f947
          • Instruction Fuzzy Hash: 9A71B479A00722CBDB28CF5AC0801BAF7F1FF45314BA644AEE94297348D370E959CB90
          Function 01AE035C Relevance: .2, Instructions: 198COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
          • Instruction ID: a528712e350edc9e743a87c34e4be1dad5ba18be4c1876a90bbab451dd70a75f
          • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
          • Instruction Fuzzy Hash: 27716B71A0061AAFDB10DFA9CA84EEEBBF8FF58710F104569E505E7250DB74EA05CB90
          Function 01AF62A0 Relevance: .2, Instructions: 198COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 0c5c4066b6638cd67a6f0501dbcee3e0f057b93afa1ae2f4ced272e319b66db9
          • Instruction ID: 0cf5a30464cc5bb662b1b993ebd0cf5add3a1f65137ac0a43615ab4f15cbb1aa
          • Opcode Fuzzy Hash: 0c5c4066b6638cd67a6f0501dbcee3e0f057b93afa1ae2f4ced272e319b66db9
          • Instruction Fuzzy Hash: A871D132200701AFEB329F98CA44F56BBB6EF40761F15491CF3598B6A1D775E944CB50
          Function 01A68AA0 Relevance: .2, Instructions: 197COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 785b5b68c784f99b5551700148ae7aa075b841388f6eaa70280076d71b9900e1
          • Instruction ID: 326c4b7cdffe0eae0011ea00ab7abd79c85a070d8d4bed21ee49aae6f603c335
          • Opcode Fuzzy Hash: 785b5b68c784f99b5551700148ae7aa075b841388f6eaa70280076d71b9900e1
          • Instruction Fuzzy Hash: C381D272A04306CFDB25CF9CD584BAEB7BABF48714F19412ED904AB281D7789D41CB90
          Function 01B38324 Relevance: .2, Instructions: 192COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: f42d39c699bfbec6b95cf959d4f606a595f71d535abde3b15935a86c8a692165
          • Instruction ID: 54afceb46836c9fc0b7cfbdf7281fc88546e7066551964341bf0906e6ceeeaab
          • Opcode Fuzzy Hash: f42d39c699bfbec6b95cf959d4f606a595f71d535abde3b15935a86c8a692165
          • Instruction Fuzzy Hash: 5D711871E00209AFDF16DF94C981FEEBBB9FB44350F104269F621A7290D774AA15CB91
          Function 01B2132D Relevance: .2, Instructions: 188COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 1c880b01ce1099ca943d280cca1a7b1697f87bc6b154dc543cfad284fbf9aa48
          • Instruction ID: 977bb509c9e03c7f2e403d7f3854d17fc6a59466c59edc4298e02d0e0512b1d3
          • Opcode Fuzzy Hash: 1c880b01ce1099ca943d280cca1a7b1697f87bc6b154dc543cfad284fbf9aa48
          • Instruction Fuzzy Hash: 3F816D75A00255DFCB09CFA8C490AAEBBF1FF88310F1581A9D859EB355D734EA45CBA0
          Function 01B1A250 Relevance: .2, Instructions: 184COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 4de7ef703f4a2eb2a5aa2a6220355bf3e284f352ea2750d4ffe7e7c2596d9f34
          • Instruction ID: 3c3105e0f43272403a5899cfac61964b19341d33d68112686a013b8bf291a21a
          • Opcode Fuzzy Hash: 4de7ef703f4a2eb2a5aa2a6220355bf3e284f352ea2750d4ffe7e7c2596d9f34
          • Instruction Fuzzy Hash: 97510272505742AFD716DE78D894F5BBBE8EBC8710F4209A9BA40DB144D770ED04C7A2
          Function 01B2CE93 Relevance: .2, Instructions: 172COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: adaef8c90542e90ae6fae2448e28977f4ff712f71b9da8e8631f75b3b546fe51
          • Instruction ID: 1626cd21a9e611703463a84a352947866d671768e8be271a55bdc37d34b54814
          • Opcode Fuzzy Hash: adaef8c90542e90ae6fae2448e28977f4ff712f71b9da8e8631f75b3b546fe51
          • Instruction Fuzzy Hash: E35178326046224BDB19EE2C8850B6FBFD6EFD0250F1885EDE95DC7246DB34D90E8791
          Function 00E40003 Relevance: .2, Instructions: 165COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856642535.0000000000E31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
          • Associated: 00000000.00000002.2856621281.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_e30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: baad548f5feed02f012b2fc10accbe050e72558d66b692510d210734a80849a9
          • Instruction ID: 3340315ea587a0eec833bae279968347b26d1cb71999016453b2899a5776780e
          • Opcode Fuzzy Hash: baad548f5feed02f012b2fc10accbe050e72558d66b692510d210734a80849a9
          • Instruction Fuzzy Hash: C45181B3E14A214BD318CE09CC40631B792FFC8312B5F81BADD199B397CA74E9529A90
          Function 01B08350 Relevance: .2, Instructions: 161COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 00a93f4690de82fbed79dbac36b05f0af516ce710e85b6e221264788d76ab550
          • Instruction ID: 3380277d6dd7e483aa0753449174e6f50d127a826ffd9bb995af00155549775f
          • Opcode Fuzzy Hash: 00a93f4690de82fbed79dbac36b05f0af516ce710e85b6e221264788d76ab550
          • Instruction Fuzzy Hash: 92517C70900B05DBDB2ADF5AC880A6AFFF8BF94710F10465EE296576E1C770A645CB90
          Function 01A9E443 Relevance: .2, Instructions: 158COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 0534363eb0dc31a150028939c2f3c84f2220480d25e32f7d54c84f03b4f12987
          • Instruction ID: 5cd2c5f8fd6b292e599077ed3863a8f634b50c646587e2432a40953a63049d6c
          • Opcode Fuzzy Hash: 0534363eb0dc31a150028939c2f3c84f2220480d25e32f7d54c84f03b4f12987
          • Instruction Fuzzy Hash: 60517B71200A05DFDB22EF69CA80FAAB3F9FF54744F41042AE50697662E730EA84CB51
          Function 01B04180 Relevance: .2, Instructions: 156COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 7dc455173090c34a36028c62cf5021fb600e7153dab118284f55f487dd872d99
          • Instruction ID: ecc08e5c60353b5dc5df6dc4eddf0c44423bf9c76e57eb8bb4943391af21bbac
          • Opcode Fuzzy Hash: 7dc455173090c34a36028c62cf5021fb600e7153dab118284f55f487dd872d99
          • Instruction Fuzzy Hash: 3D5145716083029FD759DF29C980A6BBBE5FFC8204F444A7DF689C7290EB30E9058B52
          Function 01A845B1 Relevance: .2, Instructions: 156COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
          • Instruction ID: f86d5c9470f719685ccf324d0ff89b4e3b09a6483d923213d319ccf0d95705c5
          • Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
          • Instruction Fuzzy Hash: EE517171E0021BABDF15EFA4C941BEEBBB5AF49754F04406AEA01AB240D734DD44CBA0
          Function 01ADD800 Relevance: .2, Instructions: 155COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 8bbfba09e4126781498c9ee565a9491865f8e4fd88538dbe6e11b9810fdead8b
          • Instruction ID: 63ae56dd344f5474c5f54dcbd5e503deb57a0c9d9e0999c5403e51899642edc0
          • Opcode Fuzzy Hash: 8bbfba09e4126781498c9ee565a9491865f8e4fd88538dbe6e11b9810fdead8b
          • Instruction Fuzzy Hash: 3D51F074A00A16EBDB15DFA9C480BBEBBF5FF44700B0541A9E946DBAC0E736D950CB90
          Function 01AEE9E0 Relevance: .2, Instructions: 154COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
          • Instruction ID: a8c686ef5ca275a9a87e1d2d5ddac1c6c3d0cdb7349280a85939efc3dee3c0b1
          • Opcode Fuzzy Hash: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
          • Instruction Fuzzy Hash: 8651BB71D0021AEFEF21DF94C998FAEBBF9AF04324F158669D51267190E7709E44C7A0
          Function 01B27571 Relevance: .2, Instructions: 153COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: d4b0584b555cf7bab2eed162c6d992b3a7d89ea41778de2b58f9617e2c2314c9
          • Instruction ID: 074604b4f3c5b1872e55f53032e5dbd210c8b93836b29a9a9f3ba7f90a833d0f
          • Opcode Fuzzy Hash: d4b0584b555cf7bab2eed162c6d992b3a7d89ea41778de2b58f9617e2c2314c9
          • Instruction Fuzzy Hash: 0C512831A001369BCB2ACF68D84476EFBB5FF58350F0441A9E909E7250EF309D09CB84
          Function 01B28B28 Relevance: .2, Instructions: 152COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 657aec6df917bde9530eb489abff69797c2bd92ae62bdc981661088213c1ba78
          • Instruction ID: f51fb620455bf20e96dce96531732da7c39842f2eabdf351dba31a4cc7327b91
          • Opcode Fuzzy Hash: 657aec6df917bde9530eb489abff69797c2bd92ae62bdc981661088213c1ba78
          • Instruction Fuzzy Hash: EB4115707016219BDB2DDB2DC888B7BBBDAEF94220F04869DF91DC7290DB34D849C691
          Function 01AECBF0 Relevance: .1, Instructions: 148COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: afcae0ca0c53f0f99643634180c53cc52cc9e00fbcd1735ad8ece97270c67402
          • Instruction ID: 668adfcc914c6e9fd3393a0a51e4dc1c94c52872991976dc4fde84d640114f82
          • Opcode Fuzzy Hash: afcae0ca0c53f0f99643634180c53cc52cc9e00fbcd1735ad8ece97270c67402
          • Instruction Fuzzy Hash: 59518C71900216DFCB20DFA9C9D4AAEBBF9FF48364B544519E505A3308D732ED45CB90
          Function 01A9A430 Relevance: .1, Instructions: 139COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: f598302ecc7222f1216c47203c3e3744056524c97d31d487c4b5176030608cd6
          • Instruction ID: cef15bbeb213e08048bcefcb2d0e6893d60c9e4794b64741d2acbb8c927322e7
          • Opcode Fuzzy Hash: f598302ecc7222f1216c47203c3e3744056524c97d31d487c4b5176030608cd6
          • Instruction Fuzzy Hash: 87412771740302DBDF29EF6D9980F6A77B5EB54758F45002EED0A9B242EB729840C760
          Function 01B2A9D3 Relevance: .1, Instructions: 139COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
          • Instruction ID: ad79dbf8c5dd152852ae03550c30ce8c27f67bc5a6768d452353cc80bae6ea46
          • Opcode Fuzzy Hash: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
          • Instruction Fuzzy Hash: 1E41EC716007269FDB1DDF78C984A6AB7A9FF81310B05466EE95A87640EB30ED0CC7D1
          Function 01A901F8 Relevance: .1, Instructions: 138COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 7f3516100ed3fe3f9e2e2bb602722ed2515afcb343ada5833425ced52b5a115f
          • Instruction ID: 070898131e265e88595ecfee42f0e8ad043aaaba7f846e1a72dccb53c6828e2f
          • Opcode Fuzzy Hash: 7f3516100ed3fe3f9e2e2bb602722ed2515afcb343ada5833425ced52b5a115f
          • Instruction Fuzzy Hash: 2841CE36900219DBDF14DFA8C640AEEBBB8BF48750F19816AF916F7240D7359D81CBA4
          Function 01A8EBFC Relevance: .1, Instructions: 138COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 4f05b7d95e03f928e8ba68a030aa442b076ff47e029c5c0ba7b37e4e80e9d2aa
          • Instruction ID: 98da5b658281542088632da14ea5fffafa5b07aa033451b452197dcce85e6011
          • Opcode Fuzzy Hash: 4f05b7d95e03f928e8ba68a030aa442b076ff47e029c5c0ba7b37e4e80e9d2aa
          • Instruction Fuzzy Hash: EB41B4B1604302DFD725EF28C984A67BBF6FF88218F14482EE957C7611DB35E8488B91
          Function 01AA2750 Relevance: .1, Instructions: 137COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
          • Instruction ID: f16b6d994e242b49053d3979b65d6622ead9dcf5ed752c15ed30e145b3a70cc3
          • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
          • Instruction Fuzzy Hash: A7514B75E00615CFDB15CF98C580AAEF7B2FF84724F2881A9D916A7351D770AE82CB90
          Function 01A66154 Relevance: .1, Instructions: 133COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: e94a7fd33ad3d790a2eb14fe26f6f5a2d1bbbd80042a2acc60f942df6a5a6d8b
          • Instruction ID: c07a7e007574cd66b32129b4377cc311e064f8acecbf06c1e29b6830dbd57ff7
          • Opcode Fuzzy Hash: e94a7fd33ad3d790a2eb14fe26f6f5a2d1bbbd80042a2acc60f942df6a5a6d8b
          • Instruction Fuzzy Hash: 6851D6B0904256DFDB25DB68CD00BF8BBB9FF15314F1482AAE529976D1E734A981CF40
          Function 01A60BCD Relevance: .1, Instructions: 130COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 72b364aa92d8c166dfa1e8032aa70b48e322af124f45fe813ade1f803fdb6e4a
          • Instruction ID: 1d24257d58e5b0e8a311fb8e19a6b809d97eadf14913f2314ade9de5548b5e1f
          • Opcode Fuzzy Hash: 72b364aa92d8c166dfa1e8032aa70b48e322af124f45fe813ade1f803fdb6e4a
          • Instruction Fuzzy Hash: 19419071A002689FDB21DF68CE80BEE77B8EF45740F4500A5E908AB242D774DE84CB91
          Function 01B2866E Relevance: .1, Instructions: 129COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
          • Instruction ID: 390a46fca2bd97a02d156a41e07f36797b69b30a355ff96bebe6ffeba8f216eb
          • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
          • Instruction Fuzzy Hash: 63418575B00125ABDF19DF99CC84AAFBBFAEF88610F1440A9E90897351DB70DE09C760
          Function 01B2F0E0 Relevance: .1, Instructions: 129COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 69cf06ddf7b8f4bfd9a839b72a5969646989c36a361a1d676a84739ad99d01c8
          • Instruction ID: 291c2e5974804872469052dc42d5d2040b6b3bd98245711caa56b8695eddb62a
          • Opcode Fuzzy Hash: 69cf06ddf7b8f4bfd9a839b72a5969646989c36a361a1d676a84739ad99d01c8
          • Instruction Fuzzy Hash: 2241A2712083528BD708CF29D8A597ABBE1EF99615F04459EF8D98B283CB34D819CB61
          Function 01A60887 Relevance: .1, Instructions: 128COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 82656f3231ecad0f3eec846d6039dd0e442efb9d43b822e700eb456d93db8b04
          • Instruction ID: bb81c8b8e9256987c5f9915c665584cae7fc316b855934f730b91c27d415a31c
          • Opcode Fuzzy Hash: 82656f3231ecad0f3eec846d6039dd0e442efb9d43b822e700eb456d93db8b04
          • Instruction Fuzzy Hash: 524192716007019FE725CF29CA80A66B7FEFF49314B144A6EE557C7A51E730E885CB90
          Function 01B0D5B0 Relevance: .1, Instructions: 128COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: cbdb46d6c9909c0eed85877036121132d0b23777f3f3de02eec0e3ccd4f4558c
          • Instruction ID: f961aecb8e6311a51872615bc9ac11b295aa4543c6497fd290c0bd13db98f01a
          • Opcode Fuzzy Hash: cbdb46d6c9909c0eed85877036121132d0b23777f3f3de02eec0e3ccd4f4558c
          • Instruction Fuzzy Hash: F641F030A082959FCB1ACFA8C8956BAFFF1EF59300F0584C9E5C58B2C6C735A456DB60
          Function 01A8A470 Relevance: .1, Instructions: 127COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: e5c0deac90ea714e3d431c9a6300ad098dd87bfa96a7aa679644af2c3c2cda5e
          • Instruction ID: eadea34fec3740e8aeeb88def54575f80c7ebf97341fdd47a94b0a6e1025562d
          • Opcode Fuzzy Hash: e5c0deac90ea714e3d431c9a6300ad098dd87bfa96a7aa679644af2c3c2cda5e
          • Instruction Fuzzy Hash: 5041CE32940305CFDF29FF6CD9947AE7BB0FB58710F08055AD515AB295EB349990CBA0
          Function 01A68BF0 Relevance: .1, Instructions: 124COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 6dfe40808758facdbaa08bfce17674cb5870cbd54c587630102b1288d7586cb8
          • Instruction ID: ab8d585e64b8ac94928aae25221c99fa66b88950b0593907118aa0f4ee74eddd
          • Opcode Fuzzy Hash: 6dfe40808758facdbaa08bfce17674cb5870cbd54c587630102b1288d7586cb8
          • Instruction Fuzzy Hash: A441F471900302CBD724DF4CD980BAABBBDFF94704F14812ED9059B259D779D942CBA0
          Function 01A58918 Relevance: .1, Instructions: 123COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 45ddb21148ab57b161f987b5a509f75ae6499210b46a2cfe5f627de6f0c2a908
          • Instruction ID: d53811c3045bf7f8dc32c4245db2cd5b52076f4de23454ba28fd90479d5e22ba
          • Opcode Fuzzy Hash: 45ddb21148ab57b161f987b5a509f75ae6499210b46a2cfe5f627de6f0c2a908
          • Instruction Fuzzy Hash: 6F417B31508346DEE312DF69C980A6BB7F9EF88B54F44092AF984D7251E734DE448BA3
          Function 01A5A020 Relevance: .1, Instructions: 122COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
          • Instruction ID: 186b7859353add7421124b5b87759db092b697eb8a0e5a81708be1fdabb74312
          • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
          • Instruction Fuzzy Hash: 9D412731B08251EFDB21DF7984907FABBB5EB50764F19816AED458B242D633CD80CBA0
          Function 01A609AD Relevance: .1, Instructions: 122COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: d6f4f572b01a3a896807edb8fe1f347fff144a1324bc13fba9ea308d4ec229d0
          • Instruction ID: aee16c4d6769a64722e99733393874f9d58fe10b7795a66df69a548df4bdb0ff
          • Opcode Fuzzy Hash: d6f4f572b01a3a896807edb8fe1f347fff144a1324bc13fba9ea308d4ec229d0
          • Instruction Fuzzy Hash: F8418B71A40701EFD721CF28C940B6ABBF9FF54754F248A6AE449CB251E771E982CB90
          Function 01A90710 Relevance: .1, Instructions: 121COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
          • Instruction ID: db5cfd6011a57d00c98b50b16578672e2514bf3ca3f5bcc424348efbf4000b0e
          • Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
          • Instruction Fuzzy Hash: 17414D71A00705EFDB25CFA8CA80AAABBF8FF18750B10496DE556DB650D730EA84CF50
          Function 01A6262C Relevance: .1, Instructions: 119COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: d5e57faaa735558077a75f7a27e60a055a7aee2894744b063f6c809a156fb63e
          • Instruction ID: 2e2fd6efaeaeb511720b649a251085201acdb94b96f22b6bebadcd751155de5e
          • Opcode Fuzzy Hash: d5e57faaa735558077a75f7a27e60a055a7aee2894744b063f6c809a156fb63e
          • Instruction Fuzzy Hash: 6E41E4B5901701CFCB26EF28CA40B69B7F9FF94324F1482ABC5069B6A1EB309941CF51
          Function 01A9C8F9 Relevance: .1, Instructions: 116COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 1baa1d78c03338306988960309f782068931b240726e83cb17edcb8293601445
          • Instruction ID: da458c89173adb94fa874d284abb0d6979dabb3015c703cf2d843fae6ac24f1c
          • Opcode Fuzzy Hash: 1baa1d78c03338306988960309f782068931b240726e83cb17edcb8293601445
          • Instruction Fuzzy Hash: 083188B1A00755DFDB12CFA8C540B99BBF0FB49724F2085AED119EB292D3769942CF90
          Function 01AE07C3 Relevance: .1, Instructions: 114COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 87a2c67daa27ba244ee8589f80757f8d4dc217b01343c12b4d4af97b98329f18
          • Instruction ID: b8812483c13aad451bc3ea29bb79a0a79e8d3c36ff3ed3a56cfda1d383b6836a
          • Opcode Fuzzy Hash: 87a2c67daa27ba244ee8589f80757f8d4dc217b01343c12b4d4af97b98329f18
          • Instruction Fuzzy Hash: 3E41AD72608345AFD720DF29C845B9BFBE8FF88624F004A2EF998D7251D7709904CB92
          Function 01B2EEDB Relevance: .1, Instructions: 113COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 1ff51f3907f6130dcce8a75d8a6c4af3ff8ef58c25260e6c130b29844899dc21
          • Instruction ID: bf8cca8f8cfc2838f4c077196b97a7aacb536b5c9277a8e08fe6c3f34c988013
          • Opcode Fuzzy Hash: 1ff51f3907f6130dcce8a75d8a6c4af3ff8ef58c25260e6c130b29844899dc21
          • Instruction Fuzzy Hash: 5F41A533A1412A8BCF18DF68C491979B7F1FF48304B5642FDD90AAB295DB34AD45C790
          Function 01A580A0 Relevance: .1, Instructions: 111COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 32bd96792979df6ac2a7d6cb9031d418e2d4f8e7aca278e6b4f249570c0b846d
          • Instruction ID: 9ea37e8a4a85da83f8fbb609999f7a9136891f5e65637b605184d6ccac7aa144
          • Opcode Fuzzy Hash: 32bd96792979df6ac2a7d6cb9031d418e2d4f8e7aca278e6b4f249570c0b846d
          • Instruction Fuzzy Hash: BD412371E09716AFDB40DF1ACD806A8BBB5FF44760F248229DC16A7280DB38ED418BD0
          Function 01AE05A7 Relevance: .1, Instructions: 111COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 9389a648974e4adf264c33032aedf29597e983a12e73121f1576cd25ca8ff366
          • Instruction ID: 16b5868d2ea161cd209a03e781db49c91dda3d7616e41d1c3360497feb8e7961
          • Opcode Fuzzy Hash: 9389a648974e4adf264c33032aedf29597e983a12e73121f1576cd25ca8ff366
          • Instruction Fuzzy Hash: 5C41D2726046429FC320DF28CA44B6BB7E5BFC8700F144A19F95497680E7B0E904CBA6
          Function 01A64859 Relevance: .1, Instructions: 111COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 6107089911bae029a47b024d56559b35709ecd8fa7f53997e902a5e289c75bd1
          • Instruction ID: d7d14ad9676e78f089c70e42585659602c02cfb93012ae84dc300804a6e067a3
          • Opcode Fuzzy Hash: 6107089911bae029a47b024d56559b35709ecd8fa7f53997e902a5e289c75bd1
          • Instruction Fuzzy Hash: 9E41E4326403028BD725DF2CD994B2ABBEEFF88754F14442DEA55CB291DB30D941CB91
          Function 01A58B50 Relevance: .1, Instructions: 111COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 30eb12a254bf1164070513efdfcea63fa52f6ffd69ff814066c1dfc28232dd67
          • Instruction ID: a40c3a274218fd79d283128d8c6ff4a06a3a5b86ba51948c44f2250fb332ecb0
          • Opcode Fuzzy Hash: 30eb12a254bf1164070513efdfcea63fa52f6ffd69ff814066c1dfc28232dd67
          • Instruction Fuzzy Hash: 3841D4B1E05605CFCB55CF6AC9809ADBBF5FF88320B15862ED866E7261D7389901CF50
          Function 00E3E29C Relevance: .1, Instructions: 109COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856642535.0000000000E31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
          • Associated: 00000000.00000002.2856621281.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_e30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 09575f96f65ff48229a380fa2b7848dbb48756fddd192c489358498aa3dd56eb
          • Instruction ID: 05535519d870d5416465d5962b3f40d53e3ffb7ceae7dd9a6a7c47501c7c2b7c
          • Opcode Fuzzy Hash: 09575f96f65ff48229a380fa2b7848dbb48756fddd192c489358498aa3dd56eb
          • Instruction Fuzzy Hash: 853193116587F14ED30E836D08BDA75AEC18E9720174EC2FEDADA6F2F3C4888418D3A1
          Function 00E3E2A3 Relevance: .1, Instructions: 108COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856642535.0000000000E31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
          • Associated: 00000000.00000002.2856621281.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_e30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: a4f1a47e469db01a1eef6c7f2d5b49e19d955ffd97c7228385fc8c35807cfa85
          • Instruction ID: 1e0f3440357a7c372f4a171a034501640d02985584f76d7409d631d79ac3a139
          • Opcode Fuzzy Hash: a4f1a47e469db01a1eef6c7f2d5b49e19d955ffd97c7228385fc8c35807cfa85
          • Instruction Fuzzy Hash: 653172116586F14ED31E836D08BDA75AED18E9720174EC2FEDADA6F2F3C4888408D3A5
          Function 01A702E1 Relevance: .1, Instructions: 106COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
          • Instruction ID: f13859af8fdaaed6b742f9af4777368f49f60b70ccee606ca839303ee619d105
          • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
          • Instruction Fuzzy Hash: 55312631A04244AFDB12CB68CD80BABBFF9EF15350F0841AAF815D7352D3749984CBA4
          Function 01B0E3DB Relevance: .1, Instructions: 105COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 6df17a4a9afc22a32e763bc970523f872516dd332f2dc93a6f5645f7d8f74a08
          • Instruction ID: 0005f68e86ef6d22bea34ff7a0b81b7371a72d3e33f67cf7a4233145849d3f1c
          • Opcode Fuzzy Hash: 6df17a4a9afc22a32e763bc970523f872516dd332f2dc93a6f5645f7d8f74a08
          • Instruction Fuzzy Hash: 8131C635B40706ABDB27AF659D81F6F7AB8AF58B50F010468F600AB3D1CBA4DD00C7A0
          Function 01B14B4B Relevance: .1, Instructions: 104COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 88baf445831a7e0d6742f61b3b60ab19139df0c0b6df58631c38de3cdf2166ae
          • Instruction ID: f813417f3484824b661e5e84fd1bf2b3810ce4a22a62af4547f5e3c7ca9b90eb
          • Opcode Fuzzy Hash: 88baf445831a7e0d6742f61b3b60ab19139df0c0b6df58631c38de3cdf2166ae
          • Instruction Fuzzy Hash: C731E2322053019FC329DF1DD880F26B7E5FB84360F9A44AEE9998B259D731E804CF91
          Function 01A64260 Relevance: .1, Instructions: 102COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 01eee154f221cf3df453f99dd043004562eb249bab97eee813580d66c98032a4
          • Instruction ID: 0277bd4dde028d79751deb2f84f5b20c44691df0d4191421fc66569b7c61d16e
          • Opcode Fuzzy Hash: 01eee154f221cf3df453f99dd043004562eb249bab97eee813580d66c98032a4
          • Instruction Fuzzy Hash: A041BD75200B45DFD722DF28CA80BD6BBE9BF49714F05842DF69A8B250D770E804CBA0
          Function 01B14BB0 Relevance: .1, Instructions: 101COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 00fd5ae6a52ad06990faf5a2ddfd084592a2fb3601fc797baea071670dc38663
          • Instruction ID: 80a8baae513585335bcdedf593491e8b0abb7ef4a9c64d56c55afce36030d6c0
          • Opcode Fuzzy Hash: 00fd5ae6a52ad06990faf5a2ddfd084592a2fb3601fc797baea071670dc38663
          • Instruction Fuzzy Hash: 05317E716043029FD728DF28C880F2AB7E5FB84710F5649ADE955DB399D730E905CB91
          Function 01ADEB1D Relevance: .1, Instructions: 100COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 7cd9b3d3537af187b1a90513ad23663d9332dd558ca2f9709116894b943d9910
          • Instruction ID: fd63589f04206a488bf4aad75ab28fe8dde73aa81a8e339acdcaa6c391a23774
          • Opcode Fuzzy Hash: 7cd9b3d3537af187b1a90513ad23663d9332dd558ca2f9709116894b943d9910
          • Instruction Fuzzy Hash: DF31B231701A829BF726576CCE48B257BE8BF40B44F1D84A4AA479F6D2DB68E840C375
          Function 01B261C3 Relevance: .1, Instructions: 97COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: d69e9ed19195ff0dac05c2ed3451db505f0bdaddb1ebbeb8f8f3aeb330d69031
          • Instruction ID: 45d0c5285946ec9886111fd4c264eba797de53a0da81196bec0c9f85391001ae
          • Opcode Fuzzy Hash: d69e9ed19195ff0dac05c2ed3451db505f0bdaddb1ebbeb8f8f3aeb330d69031
          • Instruction Fuzzy Hash: DF31E475A0026AABDB19DF98CD40BAEB7B5FB49740F4541A8E904AB244D7B0ED04CBA0
          Function 01B0483A Relevance: .1, Instructions: 96COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 2afdd63e4c442213f5b26b8e4390be97a798c125826e13984476ceeee29d5529
          • Instruction ID: 790fb1e94df7321c61501ae3d13f3399138fd9d0ded76d7d4dcaf67302ab8e10
          • Opcode Fuzzy Hash: 2afdd63e4c442213f5b26b8e4390be97a798c125826e13984476ceeee29d5529
          • Instruction Fuzzy Hash: 75315376A4012DAFCF22DF54DD84BDEBBB9EB98350F1500E5A608A7250DB30DE918F90
          Function 01B26BD7 Relevance: .1, Instructions: 96COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 1bde089582faa1468e54e445fd73dc7fc02e0e9f5cecf42e15c66367c2285dff
          • Instruction ID: 3e1fd3c98745cfbb18d9b00cb517684fc0bbcc9d335ed9d5bcd3c2d35bd67358
          • Opcode Fuzzy Hash: 1bde089582faa1468e54e445fd73dc7fc02e0e9f5cecf42e15c66367c2285dff
          • Instruction Fuzzy Hash: FE316F716102049FCB64CF29D9C5A5B7BE4FF48350F8184A9E909DF24AE370E949CBA4
          Function 01A8EB20 Relevance: .1, Instructions: 96COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 449f35cedaf34a7c94fa76218ccf3563973f5c7b8571ddb272774c571ab2cd56
          • Instruction ID: c986af314a18d3b46d59dd9b42755d80b31a0af7536fbf30307bf47046bad09c
          • Opcode Fuzzy Hash: 449f35cedaf34a7c94fa76218ccf3563973f5c7b8571ddb272774c571ab2cd56
          • Instruction Fuzzy Hash: 0B31C472E00215EFDB21EFA9CD44BAFBBF9EF44750F018425E516E7250D6709E008BA0
          Function 01B260B8 Relevance: .1, Instructions: 95COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: be5bad6030b8a65825d22df504db8e6b11884976769dbb6bb71e9f0dd346d02c
          • Instruction ID: c07708d5d82912ddc2f9e65461a8dd748bc21c57502ecea70f4571990a63aada
          • Opcode Fuzzy Hash: be5bad6030b8a65825d22df504db8e6b11884976769dbb6bb71e9f0dd346d02c
          • Instruction Fuzzy Hash: B431B871A00626ABDB1A9F6ACC50B6FB7B5EF44754F1040A9E909DB352DB30ED048790
          Function 01A607AF Relevance: .1, Instructions: 95COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 6ee9d863f2d08ac72e8b0d6ad94e2abba35de886d249900d889e833096046fe9
          • Instruction ID: d2dc37cfd48a6f97f3e4f0ad0d7409ed8ec9ec14e96c9cc2eefc0fa0788cc583
          • Opcode Fuzzy Hash: 6ee9d863f2d08ac72e8b0d6ad94e2abba35de886d249900d889e833096046fe9
          • Instruction Fuzzy Hash: A731B172A04752EBC713DF28CA80AABBBA9AF94660F054529FD5597311DA30DC4187E1
          Function 01A68550 Relevance: .1, Instructions: 94COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: bfcb99aed691a4eb86c33b54279606ae744a48cfea03dd92129fdcc1c06565cf
          • Instruction ID: e21066e1ec8baba9441b36616a011e2dcc171480cd344a7f82673a29c41aa1aa
          • Opcode Fuzzy Hash: bfcb99aed691a4eb86c33b54279606ae744a48cfea03dd92129fdcc1c06565cf
          • Instruction Fuzzy Hash: 3A318CB16093019FE720CF29C840B2AFBE9FB98B10F09496EE98997351D774ED44CB91
          Function 00E5E823 Relevance: .1, Instructions: 93COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856642535.0000000000E31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
          • Associated: 00000000.00000002.2856621281.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_e30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: f9974f98558fb741e51893ea4d8f4a6ff33255b800814500ec411d0570207af3
          • Instruction ID: 44af7149ff516f98c8d37ae0f72615c848b885772f6e0b7afe87c3b841085e14
          • Opcode Fuzzy Hash: f9974f98558fb741e51893ea4d8f4a6ff33255b800814500ec411d0570207af3
          • Instruction Fuzzy Hash: 5931C172B106265BD358CE3AD880656F7E2FB88310B588A39D919D3B40E774F965CBD0
          Function 00E33300 Relevance: .1, Instructions: 92COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856642535.0000000000E31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00E30000, based on PE: true
          • Associated: 00000000.00000002.2856621281.0000000000E30000.00000002.00000001.01000000.00000003.sdmpDownload File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_e30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: a08fce53021d38229355fa82a18e6e624625a425cfe19aa2add884556018173e
          • Instruction ID: 954d2c5adaeed9af0f70defca3bdde122c126c1603559f69316236ac4b898d95
          • Opcode Fuzzy Hash: a08fce53021d38229355fa82a18e6e624625a425cfe19aa2add884556018173e
          • Instruction Fuzzy Hash: F131B172A14E148FD378CE6ED945607F7E1EB8C310B45862EE89ED7B40DA74E901CB80
          Function 01A9A6C7 Relevance: .1, Instructions: 92COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
          • Instruction ID: 27674d755c28bafcd9dfd5539c47b173c3e20750fa754d53ad2f11104342acc5
          • Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
          • Instruction Fuzzy Hash: 7E310FB2B00B01AFDB65CF6DDD41B5BBBF8BB08A50F14492EA55AC3651E630E940CB60
          Function 01B0EBD0 Relevance: .1, Instructions: 91COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 005cc47bb59c7131456c8912d05b22cdef592dac6bf7d6e79508cefc6c1b4ed5
          • Instruction ID: 626c4524347cea759436d8fac1999c7abe1ee29851a562bfccb74c9b39e1d8ce
          • Opcode Fuzzy Hash: 005cc47bb59c7131456c8912d05b22cdef592dac6bf7d6e79508cefc6c1b4ed5
          • Instruction Fuzzy Hash: 9E318B716053019FC72ADF19C540A5ABFF1FF89354F4449AEE8889B3A1D332DA44CB92
          Function 01A8438F Relevance: .1, Instructions: 89COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: f4c8abe82b9ff5f6dc32be1a3bb9401ba88e50985f4b52142ebcc087088c3158
          • Instruction ID: 84da27903474f9add9971759f4ad405084e8bd20d06ec33b7a419c0ccaf616d2
          • Opcode Fuzzy Hash: f4c8abe82b9ff5f6dc32be1a3bb9401ba88e50985f4b52142ebcc087088c3158
          • Instruction Fuzzy Hash: 5631F172B002069FE724EFB8C981B6EBBF9AF88704F10842AD115D3251E730E945CBA0
          Function 01A5CB7E Relevance: .1, Instructions: 89COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
          • Instruction ID: 9ada89e00ef555e1da95d4aed60f9f6c7262644cb30775622ee855d6cbf8319a
          • Opcode Fuzzy Hash: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
          • Instruction Fuzzy Hash: CC21E636E4539BAADB11DBB9C841BFFBBB9AF54750F0680359E55E7340E270D90087A0
          Function 01A5C156 Relevance: .1, Instructions: 88COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: ad1242043d0b3c368d78e6a5583937d53c78959b457b9bc0e7d71d5c732da019
          • Instruction ID: 578b0651028354e707d1f8cd1c303bb9e1107a9ee87640b166ab661bf4db887f
          • Opcode Fuzzy Hash: ad1242043d0b3c368d78e6a5583937d53c78959b457b9bc0e7d71d5c732da019
          • Instruction Fuzzy Hash: A33129715003519BDB21AF68CC90BF977B8EF50318F5881A9ED459B343DB34D986CB90
          Function 01B1C3CD Relevance: .1, Instructions: 88COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
          • Instruction ID: bfccfef900379f9f69d6c67a6920630104b6c079a0e0b2c2be039e99d8648fed
          • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
          • Instruction Fuzzy Hash: 78214F3A680652BBCF19ABA58D00FBBFFB5EF40710F81805AFA9587691E734D940C360
          Function 01A5E420 Relevance: .1, Instructions: 88COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: e884b5699325bdebfabda55f1acf0d143daef145f0656370d68258b38c4bb1af
          • Instruction ID: 86abe05ffc876d63c108ae6d32210a9045d17aec9a5ac599af139894860eeda4
          • Opcode Fuzzy Hash: e884b5699325bdebfabda55f1acf0d143daef145f0656370d68258b38c4bb1af
          • Instruction Fuzzy Hash: 2531E531A0412CABDB31DF28CD41FEEBBB9EB15740F0500A1EA45A7291D7B5AF808F91
          Function 01A94588 Relevance: .1, Instructions: 87COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
          • Instruction ID: 8ddc60184333fd546a2a6e01a332d439a6b04d7099e86b357f9b7dbf248a1ee3
          • Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
          • Instruction Fuzzy Hash: E62191B5A00609EBCF15CF58CA80A8EBBF5FF4C314F108169EE259B241D670EE46CB90
          Function 01A944B0 Relevance: .1, Instructions: 87COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 45866fbaac353520d45aa5a6a7e251f1ae1443119379c9f8c6e87d9232a5bcd9
          • Instruction ID: 2075d56ece5853919939b4bce7adc2988d7c7b0f8405d3ed8a762ddc2e9cb94b
          • Opcode Fuzzy Hash: 45866fbaac353520d45aa5a6a7e251f1ae1443119379c9f8c6e87d9232a5bcd9
          • Instruction Fuzzy Hash: DA21E3726047059BCB22DFA8CA80B6B77E4FF8C720F044519FD449B241C730ED418BA2
          Function 01A5E388 Relevance: .1, Instructions: 86COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
          • Instruction ID: 03d826514b0d152877bc71f60dc804151968d9af73b320b13c447e43803706c1
          • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
          • Instruction Fuzzy Hash: A4319A31604644EFDB21CF68C984F6AB7B9FF45354F1449A9E912CB692E730EE01CB50
          Function 01B303E6 Relevance: .1, Instructions: 86COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: cc86314f29bc13099b5cd5cd1caf23d3aad140a058991902b5c46f3e05354a9d
          • Instruction ID: 9723aa1c5479a10a5129194c3b7550a4b4f07829a84c8973333959dee8797456
          • Opcode Fuzzy Hash: cc86314f29bc13099b5cd5cd1caf23d3aad140a058991902b5c46f3e05354a9d
          • Instruction Fuzzy Hash: 00312171A04219BFCF18DBA5D894A9FBBB9FF8C214F414169F906E7241DB306E14CBA0
          Function 01ADE609 Relevance: .1, Instructions: 86COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 73dbcede7ae7bc8d55b127847a3dc84ebac9872d96f0f475691cf92d77429f42
          • Instruction ID: 3b95a8d32cdc681f52807b714fb23d9f7ef52c0d9bfcde4a3586f254ab503457
          • Opcode Fuzzy Hash: 73dbcede7ae7bc8d55b127847a3dc84ebac9872d96f0f475691cf92d77429f42
          • Instruction Fuzzy Hash: 79318E79A00605DFCB18CF1CC884AAEBBB6FF84704B158459F80A9B391E771EA50CB90
          Function 01B30591 Relevance: .1, Instructions: 84COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: cc990b1012c189587f7f85c36d2a88900546eee7a86154e59bff9c746a269435
          • Instruction ID: fd4c8ed135607b54fc3f0ac89774f76315a3f25607ce8509247f94cb8724370e
          • Opcode Fuzzy Hash: cc990b1012c189587f7f85c36d2a88900546eee7a86154e59bff9c746a269435
          • Instruction Fuzzy Hash: 3121B1326142058FD72CDE2DD8806B6B7A2EFD4310F6645B8F905DB296DB70F865C750
          Function 01AE06F1 Relevance: .1, Instructions: 79COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 1701c7aede935d231a6a944b4ba8ccf70d000aba618f72a77987093015f39a2f
          • Instruction ID: 5c5b00454517f379095c9e2049797a028de5e30735cb4e34c8c8fd61e1ea1590
          • Opcode Fuzzy Hash: 1701c7aede935d231a6a944b4ba8ccf70d000aba618f72a77987093015f39a2f
          • Instruction Fuzzy Hash: A6218D71A00629ABCF20DF59C981ABEB7F8FF48740B550069F941BB240D778AD42CBA1
          Function 01AE019F Relevance: .1, Instructions: 78COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 291c6728a7b61a7b6dce92b3bac16404687348ea9bfd1092178ca67c06e7bf3b
          • Instruction ID: 9d191ef3c489f9e8f4b0ada145a7dbe40fa20ed49af7cf5a17dd4654864b28c3
          • Opcode Fuzzy Hash: 291c6728a7b61a7b6dce92b3bac16404687348ea9bfd1092178ca67c06e7bf3b
          • Instruction Fuzzy Hash: 8221AB71600645AFDB15DB68CA44F6AB7E8FF48740F140069F904DB691D774ED40CB68
          Function 01AE0283 Relevance: .1, Instructions: 74COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 62542e8bac10713fd2493de574c3f7c46abaaf70a53d41216fd127a5435b9df7
          • Instruction ID: 35ee7068bd6358fea5e4acdeaf29f410aee09b35794b459429d4054b0f2c2d79
          • Opcode Fuzzy Hash: 62542e8bac10713fd2493de574c3f7c46abaaf70a53d41216fd127a5435b9df7
          • Instruction Fuzzy Hash: D521B072A043469BD711EF69CA48B6BBBECAF90640F094456FE80C7251D774DA08C6A2
          Function 01A82835 Relevance: .1, Instructions: 73COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 0e2c250de16e2576d93850f7fde55ee34046913cecbcabf0947385eb095ecb08
          • Instruction ID: 6087e78c63e4b9bb7e473f567f5f5d0027396c17a1bd1884ca06f219f4975c95
          • Opcode Fuzzy Hash: 0e2c250de16e2576d93850f7fde55ee34046913cecbcabf0947385eb095ecb08
          • Instruction Fuzzy Hash: 58212E317156859BFB23676CCE04B343BE4AF41B74F190365FA209B6E2EB68C845C255
          Function 01B301AA Relevance: .1, Instructions: 71COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: e944cc42773a426f28c3f1e20447b10303a06cfed7a58627bac2cc544ab51b2d
          • Instruction ID: 3a4264118eb595473ecb44e0008549bc370eef81318235184870689220f122d4
          • Opcode Fuzzy Hash: e944cc42773a426f28c3f1e20447b10303a06cfed7a58627bac2cc544ab51b2d
          • Instruction Fuzzy Hash: 6F21E4612042555FE705CF1A88B45B6BFE6EFD612570981EAE8C4CB747C524980AC7B4
          Function 01A9A30B Relevance: .1, Instructions: 70COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 166770d0912fc2f49e0f44ae5ab2c94e464e3bf2c9fe6b71772516e1416e1ca6
          • Instruction ID: 5b3c74d11d25e193d945807fa565d3d24b7eb5d2e5a4a05ee9bebf01218da18d
          • Opcode Fuzzy Hash: 166770d0912fc2f49e0f44ae5ab2c94e464e3bf2c9fe6b71772516e1416e1ca6
          • Instruction Fuzzy Hash: D1218E79200A019FCB25DF29CD01B5677F5FF48704F148469A50ACBB61E371E982CF94
          Function 01B1A49A Relevance: .1, Instructions: 70COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 615a3dbc31625e9ad2c01fbf55f4fb6cb5d50d74907a85a62eb2e6f03825e9b7
          • Instruction ID: d8988125a18a51065a4aa886c435d1cefb4d0f3aeab2450568966bafcc740cd3
          • Opcode Fuzzy Hash: 615a3dbc31625e9ad2c01fbf55f4fb6cb5d50d74907a85a62eb2e6f03825e9b7
          • Instruction Fuzzy Hash: BA117A72385A01BFD72665349C00F27769DDFD4B60F920068B708CB188DB70ED018391
          Function 01AE0946 Relevance: .1, Instructions: 70COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 655f2781c6ab0abfff8fd07532fa712ca38c414b75dea6347fefabdf44459daa
          • Instruction ID: 477bda0cc0dcfd80547c44d44e73c712bbcc2e8f4d52f1cc3e67511f22007d30
          • Opcode Fuzzy Hash: 655f2781c6ab0abfff8fd07532fa712ca38c414b75dea6347fefabdf44459daa
          • Instruction Fuzzy Hash: 2421E9B1E00309ABCB64DFAAD985AAEFBF8FF98710F10016EE405E7251D7B09941CB54
          Function 01AF80A8 Relevance: .1, Instructions: 69COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
          • Instruction ID: d6811601f3d58472c6339827274c19f4255a28eee5514fe744f6f58e7b264680
          • Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
          • Instruction Fuzzy Hash: 0D218E72A00209EFDF229F98CC40BAEBBB9EF48310F214819FA40A7251D738D950DB54
          Function 01B2EE26 Relevance: .1, Instructions: 69COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 1c2136293ea467c690c599b9eba14992800fee6bd6063815e4c3e37dc7492ea0
          • Instruction ID: c8b5c48200eedd6716d563e0c7d52012ab1a7f4c3f11c8dda5d4a464f701f590
          • Opcode Fuzzy Hash: 1c2136293ea467c690c599b9eba14992800fee6bd6063815e4c3e37dc7492ea0
          • Instruction Fuzzy Hash: 0721E133A109219B9B18CF3DC80056AF7E6EFCC31032A42BAD916DB2A5E770F9158784
          Function 01A90124 Relevance: .1, Instructions: 68COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
          • Instruction ID: 3b246f5ac5fb154a76dc07366d191b605f134fa372836ee407f45f86b2312ea5
          • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
          • Instruction Fuzzy Hash: ED11E2B2600715AFDB229B58CE41F9ABBFCEF80794F210429F6008B180D671EE84CB64
          Function 01A68770 Relevance: .1, Instructions: 68COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 79ac0ce44c21290e5fe251011b0326adda32af04a53b0b77bdf7a328c677fe0c
          • Instruction ID: d07a21291228eb390674f3ba4c02f772cf92968eec919839b33658d8df0e9911
          • Opcode Fuzzy Hash: 79ac0ce44c21290e5fe251011b0326adda32af04a53b0b77bdf7a328c677fe0c
          • Instruction Fuzzy Hash: 2D1191757017119BDB15CF4EC5C0A66BBEDEF4AB50B1880ADEE089F205D6BAD901CB90
          Function 01A9AAEE Relevance: .1, Instructions: 68COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
          • Instruction ID: 4c083bf069eb81f102a951c7b9eeee5e6769cc872e3b180fd3ec96f90641e640
          • Opcode Fuzzy Hash: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
          • Instruction Fuzzy Hash: 4F217776640A41DFDB219F49C640A66BBF6EB94B10F15883EE94A8BA10C730ED81CB80
          Function 01A680E9 Relevance: .1, Instructions: 66COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 6f48b005c3807f460abd316e3f5bc3b8d88e977dc8e4354d989a67026a6393e1
          • Instruction ID: d275d7845557821c33ce61c897ae711caa188224a89c2619e009a6f47e91a8cd
          • Opcode Fuzzy Hash: 6f48b005c3807f460abd316e3f5bc3b8d88e977dc8e4354d989a67026a6393e1
          • Instruction Fuzzy Hash: BC216D75A0030ADFCB14CF98C581AAEBBB9FB88718F24416DD105AB351DB75AE06CBD0
          Function 01A9674D Relevance: .1, Instructions: 65COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 0adb8157b645e161110994494abecc846bf67cba0dc3325c4013b2fb23e3ad53
          • Instruction ID: 38f47652b665f4de972808f1671462e4038ff4ecbec7a4b350e22da1695f7197
          • Opcode Fuzzy Hash: 0adb8157b645e161110994494abecc846bf67cba0dc3325c4013b2fb23e3ad53
          • Instruction Fuzzy Hash: 70216D75600A01EFDB219F69C881F6AB7F8FF44350F44882DE59EC7650EB70A990CBA0
          Function 01A8E8C0 Relevance: .1, Instructions: 63COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: e9ea95686ddbec75fea495dc1aab48f4a88160ad87bb64cc60104a76ca6be326
          • Instruction ID: caf2f3b1722af67f4c537d63fd44f15ea4d41c4c976a8f4d4e3ab86519726cf2
          • Opcode Fuzzy Hash: e9ea95686ddbec75fea495dc1aab48f4a88160ad87bb64cc60104a76ca6be326
          • Instruction Fuzzy Hash: 8A1144337041109FCF1ADB28CD80A3BB367EFD5774B298569E922CB280EA308C02C290
          Function 01AF6870 Relevance: .1, Instructions: 63COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 545d6e26a697fdc6f08d6a533879bd4c34ba76a873e71000135da3e4961b27e9
          • Instruction ID: 56493a5ea61764242ac67dfffe87cd2338cc2bb973b22ec25bef5ca74ac32301
          • Opcode Fuzzy Hash: 545d6e26a697fdc6f08d6a533879bd4c34ba76a873e71000135da3e4961b27e9
          • Instruction Fuzzy Hash: F1118F72240614BBD722DBE9CD80F9AB7A8EB95750F114029F309DB251DA70E9018790
          Function 01A966B0 Relevance: .1, Instructions: 61COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 2e3918a94967e7d5b776df41563460a36ca1da48df4699a54ed6947709b49069
          • Instruction ID: 51559ca9f3dfd9b46f492c41cb2817d7d531c554dcd401720f174de030d1ed16
          • Opcode Fuzzy Hash: 2e3918a94967e7d5b776df41563460a36ca1da48df4699a54ed6947709b49069
          • Instruction Fuzzy Hash: 0D118C76A012059BCF25CF59D980E5ABBF8EF94650F06407AD9099B311EA34DD40CB90
          Function 01B2A8E4 Relevance: .1, Instructions: 61COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
          • Instruction ID: 8d32faa73a504d1d2ba66c0791a8e743f41489c77698337f6143a2d6a5d8220e
          • Opcode Fuzzy Hash: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
          • Instruction Fuzzy Hash: 3F11B236A00925AFDB19CB68CC05A9DBBB5EF84210F0582A9E85997340E775AE55CB80
          Function 01A60AD0 Relevance: .1, Instructions: 61COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
          • Instruction ID: ae7a6045ef3956af0faf197cd71bcfa168038b7b8c6d849787067316404785c8
          • Opcode Fuzzy Hash: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
          • Instruction Fuzzy Hash: F22106B5A40B059FD3A0CF29C540B52BBF4FB48B20F10892EE98AC7B40E371E854CB90
          Function 01AEE7E1 Relevance: .1, Instructions: 59COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
          • Instruction ID: c7829e65b60d88fc4d8205201f6576a5c9f14da00d976412e7cbb559052096e5
          • Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
          • Instruction Fuzzy Hash: 1111C232600601EFE722AF49CD48B56BBE5EF55754F098428EA499B160EB31DD44DB90
          Function 01A827ED Relevance: .1, Instructions: 58COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: c9d704c4ab650e24e3f4a8233d2b7b00fd7130ae5331e48e57a12aa6de9a9280
          • Instruction ID: 751bf1330d00dc0c972012a421921e3c349a93968f233dcbb758cdfe656ef7c5
          • Opcode Fuzzy Hash: c9d704c4ab650e24e3f4a8233d2b7b00fd7130ae5331e48e57a12aa6de9a9280
          • Instruction Fuzzy Hash: 8401C471705649AFE717A36DDD84F377AACEF50794F094069F9018B651EA54DC00C2A1
          Function 01A64690 Relevance: .1, Instructions: 57COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 133cfe9096f7d1cfc0aef1247ef5bc3809f6badda352b57a2f6517ba34e9a328
          • Instruction ID: e9b29e2eaa6351bfd3470861d697ed4355238155a9558b16cdf4ac9f5d2ca067
          • Opcode Fuzzy Hash: 133cfe9096f7d1cfc0aef1247ef5bc3809f6badda352b57a2f6517ba34e9a328
          • Instruction Fuzzy Hash: 56112D76200740AFDB25CF5DC980F567BACEB8AB65F08411AF9148B640C338EC40CFA0
          Function 01B34B00 Relevance: .1, Instructions: 57COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: ba57a0188fd9e210c9f408a7801c8fb75e3b8082e6a189da63e709e267f54e48
          • Instruction ID: 5d18a27b15a5667898891e074c6498478605c5f5f86ca700682ee564238620b0
          • Opcode Fuzzy Hash: ba57a0188fd9e210c9f408a7801c8fb75e3b8082e6a189da63e709e267f54e48
          • Instruction Fuzzy Hash: 0D11C6362006119FD7299A69D840F66BBA5FFC4710F154559E646C7690EB30A812C790
          Function 01A96620 Relevance: .1, Instructions: 56COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: b1390803b375016164820dc7cd4d06fd1a5c52f27665b38a5fc52bec52044a8b
          • Instruction ID: ce798f4aba53e47d457f5423338cdbb280ec0bb433b72a03359b87fd19ed987a
          • Opcode Fuzzy Hash: b1390803b375016164820dc7cd4d06fd1a5c52f27665b38a5fc52bec52044a8b
          • Instruction Fuzzy Hash: 6111CE72A00715ABEF25DF69CE80B5EFBF8EF84740F510058DA08A7200D730AE818BA0
          Function 01A8EA2E Relevance: .1, Instructions: 56COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 2480f180b21fc8fadf9649096a709820cad38c271f5d498f01390ecba2601d29
          • Instruction ID: b5785b82cf004fbf550ea1e7e686d185fcc9f6fa2dbf06ec1b44b3dbe37f3659
          • Opcode Fuzzy Hash: 2480f180b21fc8fadf9649096a709820cad38c271f5d498f01390ecba2601d29
          • Instruction Fuzzy Hash: 0C01B572500209DFD726EF19D544F26FBF9FB95716F24816AE1058B260D770EC42CB90
          Function 01A8E53E Relevance: .1, Instructions: 55COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
          • Instruction ID: 9e12e1d847c0a09fd84bf28eda12939b90a18f93ed31c72fac5089a4ce256bad
          • Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
          • Instruction Fuzzy Hash: 3911E5712026C2DFEB23A72CC954B657BA5EF01B44F1E04A4DE41CB653F728C842C261
          Function 01AEE75D Relevance: .1, Instructions: 54COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
          • Instruction ID: 59bed143bdde68dc5d2de4173cdefaf4a8b46c4ea513b284330a899eaafb4cd3
          • Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
          • Instruction Fuzzy Hash: 9401B132640206AFE7219F68CD08F5BBBE9EF89B50F098424EA459B260E775DD40CB90
          Function 01A5A250 Relevance: .1, Instructions: 52COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
          • Instruction ID: 832a815f909d01e9c045419092ea4a255e2287a6ee36da4d4fd53e23314f1829
          • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
          • Instruction Fuzzy Hash: B4012672608721AFCB718F19E841A3A7BB4EF557A07008A2DFC958B2A2C331D400CB60
          Function 01B34940 Relevance: .1, Instructions: 52COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: a0344039ff51db3610bbfccd8a468e0a7e8232b69bf0e26b8fec6d9512fb8aca
          • Instruction ID: 9c397f8b54046dab021e24072e951f8ba85d90db44c7f4b2fa0f693d345c3f7d
          • Opcode Fuzzy Hash: a0344039ff51db3610bbfccd8a468e0a7e8232b69bf0e26b8fec6d9512fb8aca
          • Instruction Fuzzy Hash: EC0100324412019FC3269F1C8D44E12BBA8EBC1370B2543A5E9A89B1A2E730D821CB90
          Function 01ADE1D0 Relevance: .1, Instructions: 51COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: c05e94aeb12c480c9f973ec7ab1bc524d8b354e815d1f75c51c1106d360abbb0
          • Instruction ID: 46a3474ab712355bc9d305416b7deeb4b5cb1052eb701e12b3ca1d6365c0b25f
          • Opcode Fuzzy Hash: c05e94aeb12c480c9f973ec7ab1bc524d8b354e815d1f75c51c1106d360abbb0
          • Instruction Fuzzy Hash: E511A131241641EFDB15EF19CE90F167BB8FF54B54F1400A5E9059B661C335ED01CA90
          Function 01A66259 Relevance: .1, Instructions: 51COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 19e456ed0982c87a9de0c64a49248e09bdfdf7f3db4b49ba70e2f4257c663107
          • Instruction ID: a3396fb3070ef1415adfaaec82bff5d62bfafcebdf7b0604853568df29ac45ac
          • Opcode Fuzzy Hash: 19e456ed0982c87a9de0c64a49248e09bdfdf7f3db4b49ba70e2f4257c663107
          • Instruction Fuzzy Hash: 55112A71941229ABEF25AF64CE42FE9B3B8AF04710F9041D5A318A71E0DB709E95CF94
          Function 01A6208A Relevance: .0, Instructions: 50COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
          • Instruction ID: 13f9dc153cf088b2f0d9e3778828e051aa953ec1f5fc29901ae7d1813798b354
          • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
          • Instruction Fuzzy Hash: D701B1326001119FEF159B6DD880BA2B76EFFC4720F5A45AAED058F247DA719C81D790
          Function 01AE6050 Relevance: .0, Instructions: 50COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: e739a857d0d86bc7ea2cf584e6c444d558e55bf66db092b6a18aea8ca002a825
          • Instruction ID: 82160b4f33455c0d2bd11b52f98f15ee97b035480098fdc892bbaa6f95518e1b
          • Opcode Fuzzy Hash: e739a857d0d86bc7ea2cf584e6c444d558e55bf66db092b6a18aea8ca002a825
          • Instruction Fuzzy Hash: 29112973900119ABCB11DB94CD84EEFBBBCEF58254F044566E906E7211EA34EA55CBE0
          Function 01AF6500 Relevance: .0, Instructions: 50COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 92d04b57a0d9b52d8998ed0ce6aded2aa09f6b1da476507fd1c5d2bba99f9218
          • Instruction ID: 202ecd0fc98a46c8f0663add7f27e6aadf095b996a534b84ff548d1f1a2e3a9e
          • Opcode Fuzzy Hash: 92d04b57a0d9b52d8998ed0ce6aded2aa09f6b1da476507fd1c5d2bba99f9218
          • Instruction Fuzzy Hash: 111104326401469FC311CFA8C800BA2BBB9FB5A304F088159F948DF315D732EC80CBA0
          Function 01AEC810 Relevance: .0, Instructions: 50COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 6088217058980be2833b512a2c3d696fb2c86d331a5e0f18fdd12465f0b11592
          • Instruction ID: 1240bb0ff2d70acbb9bb26a4daf911aeb30d2cfd536d71c9d654ae9af5be148d
          • Opcode Fuzzy Hash: 6088217058980be2833b512a2c3d696fb2c86d331a5e0f18fdd12465f0b11592
          • Instruction Fuzzy Hash: 82111CB1A002199BCB00DF99D545AAEB7F4FF58250F14406AF905E7351D774EA018BA4
          Function 01B0EA60 Relevance: .0, Instructions: 50COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 5a2f9bf0fd4b3a54e592d593032ac93019ef5bd1c97d2c9e7ad68236652e6b97
          • Instruction ID: f0572d3b2ab98ac550d0309346b5ca98e2e9be62020daf54042e8bb627f3fda6
          • Opcode Fuzzy Hash: 5a2f9bf0fd4b3a54e592d593032ac93019ef5bd1c97d2c9e7ad68236652e6b97
          • Instruction Fuzzy Hash: 7F01D4325402119FCB3BAB29C940E36BFBAFF55790B0548AEE5555B291CB30DC81CB91
          Function 01AA20F0 Relevance: .0, Instructions: 49COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: b4d09e4e917d8d8d5a263c0d241e1159bf77fb75669e58c6e12042b35e792506
          • Instruction ID: fd588b46dda5246048b8023c91f4c95698fec98638b3ab15273ab284d3fb2e35
          • Opcode Fuzzy Hash: b4d09e4e917d8d8d5a263c0d241e1159bf77fb75669e58c6e12042b35e792506
          • Instruction Fuzzy Hash: EC116975A0020DABCB15EFA4C950BAE7BB5EB48240F008059F9169B290DB35AE11CB90
          Function 01A5C020 Relevance: .0, Instructions: 49COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
          • Instruction ID: 2708227c3754504f8324c15b726646bec474dc976b3e30291e66def8440bd588
          • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
          • Instruction Fuzzy Hash: 980128321007459FEF22A7B9C940EA777FDFFD5224F088919E9468B544DA70E401CB60
          Function 01A9E5CF Relevance: .0, Instructions: 49COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 6a97f952bf011628b5f04c3742b33973c39a41ae6eebd1cef44bda49ca84b761
          • Instruction ID: d78ade685d0423c62fdcc0342fead5a6c2a84840a8a0dec2fef40277c98a6eca
          • Opcode Fuzzy Hash: 6a97f952bf011628b5f04c3742b33973c39a41ae6eebd1cef44bda49ca84b761
          • Instruction Fuzzy Hash: DE01A7B12419017FD711BB79CE44F57B7BCFF94654B00062AB50583551DB34ED01C6E0
          Function 01AF69C0 Relevance: .0, Instructions: 49COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 8f5baec1a44b7d2eef5b2e76765f2866576ef389f2c119cb04db9db2033272af
          • Instruction ID: 21313db846063f3d5c60f17cba09f63b3ea5f18785c55ae6145a3ef809ded437
          • Opcode Fuzzy Hash: 8f5baec1a44b7d2eef5b2e76765f2866576ef389f2c119cb04db9db2033272af
          • Instruction Fuzzy Hash: 7501FC322243029BC724EFA9C88896BFBB8FF58660F51462DFA6D87181E7309905C7D1
          Function 01AEC460 Relevance: .0, Instructions: 48COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 668c90a02bba848ff3820926a686b8e7f01e563e1fb03ba99de69d05303a7601
          • Instruction ID: c1481551594a644f1440368805f9c109cde34e37d138d464b3563a196f796f6d
          • Opcode Fuzzy Hash: 668c90a02bba848ff3820926a686b8e7f01e563e1fb03ba99de69d05303a7601
          • Instruction Fuzzy Hash: F6115771A00209ABDB15EFA8C948EAEBBB6EB48250F004059F901A7385DB34EA11CB90
          Function 01AEC97C Relevance: .0, Instructions: 48COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 422cf2043725d132989cdf13b0d3c2bcaa0bb1c2eb66551f827228f467d37933
          • Instruction ID: 41a1d3edd5fe9b5cf1fda7495568e9834f65f6d17d1d1e47feb64e18b95ae19a
          • Opcode Fuzzy Hash: 422cf2043725d132989cdf13b0d3c2bcaa0bb1c2eb66551f827228f467d37933
          • Instruction Fuzzy Hash: B11179B16083089FC710DF69C541A5BBBF4EF98310F00891AF998D7391E730E900CB92
          Function 01B34A80 Relevance: .0, Instructions: 48COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
          • Instruction ID: a88028f7f92d22004179f8f5898620aced50b551b673e410ba9df078c59f7c9f
          • Opcode Fuzzy Hash: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
          • Instruction Fuzzy Hash: 1E01FC322046059FDB29DA6DDC44F57B7E6FFC6310F044859E6428B650DB70F861C754
          Function 01AECA11 Relevance: .0, Instructions: 48COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: c6123e1f7da36b15da9977bdbaf6a334f5a3dfc90b9af977e5231cc9bf92c1b6
          • Instruction ID: 1e5258cfc3fa88bf87441078075e09ea18dc0bfb8d336892fcfed6bf8e97e464
          • Opcode Fuzzy Hash: c6123e1f7da36b15da9977bdbaf6a334f5a3dfc90b9af977e5231cc9bf92c1b6
          • Instruction Fuzzy Hash: 4E1157B16083089FC710DF69C541A5BBBE4AF99350F00891AF958D73A5E770E9008B92
          Function 01A7E016 Relevance: .0, Instructions: 46COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
          • Instruction ID: f1b412374f0cc8fefda0b03eaaf22e44351718d1a228576d96d54a98c3c8e5ba
          • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
          • Instruction Fuzzy Hash: 3D017C722415C09FE323871DCA48F677BECEF46768F0D04A9FA05CB6A2D668DE41C621
          Function 01A5826B Relevance: .0, Instructions: 46COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: a996281710de497594e104dab44fbd277acc4496b8950c0ccec0ba764ff8ab70
          • Instruction ID: 3da0ac7ccc5185e31dda525da88e3e22485ff1148ec8d8243ce3f4bf0ea6fbc4
          • Opcode Fuzzy Hash: a996281710de497594e104dab44fbd277acc4496b8950c0ccec0ba764ff8ab70
          • Instruction Fuzzy Hash: 6F012F32700605ABD744EB6AD944AAEBBF8EF80290B084029DD01A7241EE70E901C2A0
          Function 01B0EB50 Relevance: .0, Instructions: 46COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID: InitializeThunk
          • String ID:
          • API String ID: 2994545307-0
          • Opcode ID: 9c56fbdd216f51d245b8f5e194e3729d6a47b3bafc564f7410bd858bcf264b46
          • Instruction ID: cba52c66c3e80c9573be40bf0e5e08ef5873de142422e775caab2b6e5361aa94
          • Opcode Fuzzy Hash: 9c56fbdd216f51d245b8f5e194e3729d6a47b3bafc564f7410bd858bcf264b46
          • Instruction Fuzzy Hash: C301A271680B01AFD33A5B19DD41F02BFA8EF55B90F11486AF6069F3E0D7B0D8408B94
          Function 01A62582 Relevance: .0, Instructions: 45COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: fc2dd0819612478646416053b2c279deb38159c53ee46b8818c015881ee8bb5f
          • Instruction ID: daa4dffd73a6b1813aa83b4a5441d11aa6e2ba6b98011be5436338bc8275a54f
          • Opcode Fuzzy Hash: fc2dd0819612478646416053b2c279deb38159c53ee46b8818c015881ee8bb5f
          • Instruction Fuzzy Hash: ABF0F432B41A10BBC7319B6ACD40F57BFADEF84B90F054429A60A97600CA34ED05CBA0
          Function 01A8C073 Relevance: .0, Instructions: 43COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
          • Instruction ID: a736df4f2a32def756032df080d8183f330eb7c7dfff2e603ab2bb55d96f0df3
          • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
          • Instruction Fuzzy Hash: F5F0C2B2A00611ABD324DF4DDD40E57FBFADBD1AA0F048528A645C7220EA31DD05CB90
          Function 01A5C310 Relevance: .0, Instructions: 43COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
          • Instruction ID: 9f88d431e52e04ced6c04f1a2192b72b90b28f2f2b88250b0c993f84237acc37
          • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
          • Instruction Fuzzy Hash: EBF0FC7320C7239BD77217694984B6BE6AD8FE1A74F1A0035EA059B20DC9B18D01A6D1
          Function 01B3634F Relevance: .0, Instructions: 43COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: b585c22849bf04e02959a34f0961e27429005c36196acb4cb2f61627564ad35b
          • Instruction ID: 085ae72c74c434b18f9c87b203bbdf9f5579bd25058f76c58f0c5aa707f36b63
          • Opcode Fuzzy Hash: b585c22849bf04e02959a34f0961e27429005c36196acb4cb2f61627564ad35b
          • Instruction Fuzzy Hash: 4B014F71A10209EFDB04DFA9D591AAEBBF8FF98304F10406AF904E7351D774AA018BA4
          Function 01B362D6 Relevance: .0, Instructions: 43COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 8e6611cbc510dfc5a995a87c8d919d3b07aeac1d3c9bfd31e18013b4230c207a
          • Instruction ID: d97e30731ce7ead97736837da2ac3a37dcccf06138f4e0e3efd5b79eddcfcd1c
          • Opcode Fuzzy Hash: 8e6611cbc510dfc5a995a87c8d919d3b07aeac1d3c9bfd31e18013b4230c207a
          • Instruction Fuzzy Hash: 64014471A00209EFDB04DFA9D541AAEB7F8FF58304F50405AF914E7351D7749E018BA4
          Function 01B3625D Relevance: .0, Instructions: 43COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 7f114b02030d14ad09d0667ccc085793109b81ce9f22deaeabc0a71ab6f680e4
          • Instruction ID: b3b3cbc00dd6a285fde18214ee5e545912be45eb00d234c7bb626f24d73bfc46
          • Opcode Fuzzy Hash: 7f114b02030d14ad09d0667ccc085793109b81ce9f22deaeabc0a71ab6f680e4
          • Instruction Fuzzy Hash: 34014F71A1020AEFCB04DFA9D951AAEB7F8FF58304F51806AF904E7351D774AA01CBA4
          Function 01A9CA6F Relevance: .0, Instructions: 42COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
          • Instruction ID: 0873320f84e2a3976816783e82e3cae0262d9be22537c2caa2ed588b9c41a127
          • Opcode Fuzzy Hash: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
          • Instruction Fuzzy Hash: 6A01F472200A859BDB22971DCD09F59BBE9EF41760F0D84A9FA058FAA2D77CC940C215
          Function 01B361E5 Relevance: .0, Instructions: 41COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 3accd5d6ce8f646175b778d4f6c422ca0d5128171139215a9a1369230e498bc4
          • Instruction ID: 4d92b698b3f380f1c878bc1eac2ec72f59250c7ab5b034a20c9f748d7c5ed21d
          • Opcode Fuzzy Hash: 3accd5d6ce8f646175b778d4f6c422ca0d5128171139215a9a1369230e498bc4
          • Instruction Fuzzy Hash: 16014F71A00249ABDB04DFA9D945AEEFBF8FF58310F15405AF505A7280D774EA01CBA5
          Function 01AE63C0 Relevance: .0, Instructions: 41COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
          • Instruction ID: cb0c01098251789ed162f7831715f5db5181d758ac9e200777a41b9caa00a20b
          • Opcode Fuzzy Hash: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
          • Instruction Fuzzy Hash: F0F01D7220001DBFEF019F94DE80DAF7BBEEF592A8B114125FA1592160D631DE21ABA0
          Function 01AEA4B0 Relevance: .0, Instructions: 40COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 687f5ae440d09171a2350f6326be6b8f0b79927d5cc19c2b5edd991f46c75e11
          • Instruction ID: 704d2b93064fe4232fc359328b44907ece8183f1b08828f847fed035d7d59344
          • Opcode Fuzzy Hash: 687f5ae440d09171a2350f6326be6b8f0b79927d5cc19c2b5edd991f46c75e11
          • Instruction Fuzzy Hash: AA018536110219ABCF229F98D844EDA3FA6FB4C664F068105FE1966220C332E970EB91
          Function 01A5C0F0 Relevance: .0, Instructions: 39COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 6b773854991650a88a76a71423c608a68d3f99f3ec19290aac680a0513f03f26
          • Instruction ID: 8f86e55226e481cfd423197c8c777945af17ceb3f08b28620b27e1fcc9310f47
          • Opcode Fuzzy Hash: 6b773854991650a88a76a71423c608a68d3f99f3ec19290aac680a0513f03f26
          • Instruction Fuzzy Hash: 49F0BBB23083415BF79596699D01B62369DF7D0661F258066FF058B2CDF971DC018394
          Function 01A9656A Relevance: .0, Instructions: 39COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 939bcc7201daba0c020324cfd0108b0bcdb0119c4b2bc4667ee66db896b1b62f
          • Instruction ID: 59b60899da7b76a9b27fce8ff6a86f6c191ccc417615d6d4fc218006217e0b26
          • Opcode Fuzzy Hash: 939bcc7201daba0c020324cfd0108b0bcdb0119c4b2bc4667ee66db896b1b62f
          • Instruction Fuzzy Hash: 5E014FB1200B819BEB329B7CCE48F253BF8BF44B44F4D4594FA068BAD6DB78D5418615
          Function 01B0437C Relevance: .0, Instructions: 37COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
          • Instruction ID: 8d7aca9d6b71d367f65aa596ee92d2b9d33e3ef3c65b8243ff00395fd4ffad27
          • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
          • Instruction Fuzzy Hash: ECF0E93574191347EB3FAA2D9950B2BAF96DF90980B0525BC9741CB6C0DF60DC008790
          Function 01AEC89D Relevance: .0, Instructions: 36COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 6af6164cb7b5a98ac4bc7387de4fb9ad6ed2a385e68b030530d4951fc446ee52
          • Instruction ID: 0a3eba15524e1eda2ddd899c3f1096542f9f828a1227948076a1316c4a9f0d06
          • Opcode Fuzzy Hash: 6af6164cb7b5a98ac4bc7387de4fb9ad6ed2a385e68b030530d4951fc446ee52
          • Instruction Fuzzy Hash: C6F0AF706057049FC710EF28CA45A2BB7E4FF98720F84465AB898DB395E734EA00C796
          Function 01AEE872 Relevance: .0, Instructions: 36COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
          • Instruction ID: 5747f288240ac740184292579a159f136b5e257a0946c0e56be679fde86c3531
          • Opcode Fuzzy Hash: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
          • Instruction Fuzzy Hash: B5F05E337116529BE7229B5ECC84F16B7F8AFD5A60F5A0165E6089B264C760EC0187D0
          Function 01A90854 Relevance: .0, Instructions: 35COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
          • Instruction ID: 4b5a1fa010920809b7f12dea6a1b7c228c1c3348f6aa8d2aa0d7d28920dec926
          • Opcode Fuzzy Hash: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
          • Instruction Fuzzy Hash: 29F0B4B2610204AFE715DB25CE01F56B7EDEF98740F14C478A945DB260FAB0DE41C654
          Function 01AEC912 Relevance: .0, Instructions: 34COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: b7af49e2269a6d57da189d51b8c50b5fd22caebc6caec0096d8bf5e00e0f4d58
          • Instruction ID: 324984cecc0afb3b4c43f62637852a7a6658311d25788d2860e6e3d6f63bc4e7
          • Opcode Fuzzy Hash: b7af49e2269a6d57da189d51b8c50b5fd22caebc6caec0096d8bf5e00e0f4d58
          • Instruction Fuzzy Hash: E5F04F70A01249AFCB04EF69C655A6EB7F4EF18300F408055F955EB385DB74EA01CB64
          Function 01A647FB Relevance: .0, Instructions: 33COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 4611c30f5d9e12a18fbe734dbf1ad326790024803d5b6db098bf4d732349c676
          • Instruction ID: d110c013f8d4189d43055577c3edec4238b0db01ef53579a69fcaf13e952d56d
          • Opcode Fuzzy Hash: 4611c30f5d9e12a18fbe734dbf1ad326790024803d5b6db098bf4d732349c676
          • Instruction Fuzzy Hash: 76F0E2319167E1DFE733CBECC544B62BBDC9B09630F08896AD68987542CB24D880C650
          Function 01B20115 Relevance: .0, Instructions: 32COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 45a738f64435ae437875a889d5fa06d7f95daa2130aa1a5cfa9e2a1bab1d0344
          • Instruction ID: 2a69e289530a8bf32ca26b3cb5161194ccbb48792213f69ac86094b88cd36b01
          • Opcode Fuzzy Hash: 45a738f64435ae437875a889d5fa06d7f95daa2130aa1a5cfa9e2a1bab1d0344
          • Instruction Fuzzy Hash: 2FF05C674157D106CF3E7B3C74503D12F74E755210FAA14C9F9A557209C7788487C320
          Function 01A9C5ED Relevance: .0, Instructions: 31COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 88a477527a887c3cd044ffaf05d8b16a38b998b59a43caa2d970b6c672123c47
          • Instruction ID: 184b091986e413a2095737cceee2c1e8d6c3a15f51376cb97363bab953e80534
          • Opcode Fuzzy Hash: 88a477527a887c3cd044ffaf05d8b16a38b998b59a43caa2d970b6c672123c47
          • Instruction Fuzzy Hash: A9F0E271511E919FEF22975CC188B61BBE49B807B0F08B465E606C755ACB60E8C0CAD0
          Function 01AA2619 Relevance: .0, Instructions: 31COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
          • Instruction ID: 0c50157e6227548ffe867aa73a7619dc9e43a2dead4a0521d2277659113c453a
          • Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
          • Instruction Fuzzy Hash: 21E0D8723416012BE7119F598DC0F47776EDFD2B10F44047EB6045F251CAE2DD1982A4
          Function 01AF6030 Relevance: .0, Instructions: 29COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
          • Instruction ID: c6ce6d7a0330737132a28663443d028c1f079164e0071648b1fced74db6a6e65
          • Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
          • Instruction Fuzzy Hash: 1DF01C721042049FE3218F49D944F92B7B8EB05365F55C429F7099B561D37AEC40CBA4
          Function 01A60710 Relevance: .0, Instructions: 28COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
          • Instruction ID: f01fa1bf2b95ff811bfad4bf2e3ed2203fea72546a3f27e2d31ed191f3134ad0
          • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
          • Instruction Fuzzy Hash: CEF0ED3A204B819BEB1ACF19D180AE57BECFB41360F054494F8428B312EB35E9C2CB95
          Function 01A949D0 Relevance: .0, Instructions: 28COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
          • Instruction ID: 3890a722ed48a43b0057ff32fb5a0907245f1bc182957d82820152dd15996ca7
          • Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
          • Instruction Fuzzy Hash: 66E0D832644145AFDB211A598E00B667FE5DBDA7A0F150429E2009B950DB78DCC2C7D8
          Function 01B34164 Relevance: .0, Instructions: 27COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: e2507f7f58d8e2b98c35cea0ea315cc4f036bdef776ed9d83e466e44dc0da37f
          • Instruction ID: 8a22c56841e9cb0e06e3049a3a45c98e1a1d66e2d4c946498093677f60b2838d
          • Opcode Fuzzy Hash: e2507f7f58d8e2b98c35cea0ea315cc4f036bdef776ed9d83e466e44dc0da37f
          • Instruction Fuzzy Hash: A6F09B31A35D914FE77AD76DE644F567BE4EF90630F1A05D4D405C7922C724DC90C690
          Function 01B0678E Relevance: .0, Instructions: 27COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
          • Instruction ID: 38e07501408c14b25985325fd6c9fdb80ea8507ad0ed9712e7a9114c2329e86a
          • Opcode Fuzzy Hash: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
          • Instruction Fuzzy Hash: 21E0DF72A00110BBDF229799CE01F9ABFECDB94FA0F050098BA00E70D0E630DE00C690
          Function 01B308C0 Relevance: .0, Instructions: 25COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
          • Instruction ID: 98d3b6d747fadfc87b5370b77829f94d94b284b6363f0f2260c1cbffd36ea192
          • Opcode Fuzzy Hash: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
          • Instruction Fuzzy Hash: C6E09B316403508BCB299E1DD140A53B7E8DFD5660F1580E9E90547612C331F862C6D0
          Function 01A625E0 Relevance: .0, Instructions: 23COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID: InitializeThunk
          • String ID:
          • API String ID: 2994545307-0
          • Opcode ID: e1d2ddaa5969832aef4fd46a58720eeb10460aa058990d59b958a9548024a2b2
          • Instruction ID: b476bc03755e17bd49b0a85ba532bebb2595a4d8d44e0eb20def72236f8c12ff
          • Opcode Fuzzy Hash: e1d2ddaa5969832aef4fd46a58720eeb10460aa058990d59b958a9548024a2b2
          • Instruction Fuzzy Hash: 92E0D8321006549BC721FF29DE01F9BB79EEF64764F014515F11557190CB30AD10C7D4
          Function 01B1A456 Relevance: .0, Instructions: 23COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
          • Instruction ID: 472c54d1d0873a3fb2e60d3b4f4b337765a3f132ecba18e112318119cac2789d
          • Opcode Fuzzy Hash: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
          • Instruction Fuzzy Hash: 41E09231051A51DFEB366F3ACA48B52BAE0FF50B11F558C6DA19A024B4C774A8D0CA40
          Function 01AE4000 Relevance: .0, Instructions: 22COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
          • Instruction ID: dd9cb22cf7b7367d527a1606727027a2ac3c124d6fcb55ee8089b4581a586cd0
          • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
          • Instruction Fuzzy Hash: 34E0AE343002058BE715CF19C044B627BAABFD9A20F28C078E9488F205EB36A8428A40
          Function 01A9CA38 Relevance: .0, Instructions: 22COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 42979627f0a12c24c0899b1864186ee2a30e589c00bba756ed2f8f1b67aba7dd
          • Instruction ID: 045c0e5cb9c02ef7821314d46e921bc16bc4a7b7c234237743fc18443c3ec39a
          • Opcode Fuzzy Hash: 42979627f0a12c24c0899b1864186ee2a30e589c00bba756ed2f8f1b67aba7dd
          • Instruction Fuzzy Hash: 51D02B724818606ACF35F3197E04F973ADAAB50270F054C60F10893414D568CCC192C4
          Function 01A5823B Relevance: .0, Instructions: 21COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
          • Instruction ID: f1b54b8b5609c151282971e177a16591b1f04f53eee0197c51dcf4e0e3507b8e
          • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
          • Instruction Fuzzy Hash: 1AE0C231108A10EFDB322F27DE00F567AB5FF64F90F15492AE482064B5C778AC91DB55
          Function 01A62050 Relevance: .0, Instructions: 20COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 854369d6d15173fca32e6636b1e5c9f4791aef7adff74c32737f26254e28918e
          • Instruction ID: de2d12a54e70bb1c1cd8b9bd45db47de6261ccfc0e40c7ec62eb09cf7dde3f8b
          • Opcode Fuzzy Hash: 854369d6d15173fca32e6636b1e5c9f4791aef7adff74c32737f26254e28918e
          • Instruction Fuzzy Hash: E6E08C321005506BC711FB6DDE40F9A739EEFA4660F010221F15187290CA20AD00C794
          Function 01A98A90 Relevance: .0, Instructions: 20COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
          • Instruction ID: d4dae4dff2492d782e9d40ae9c701c9963226cf8a74c871a9bd828e6db30f93a
          • Opcode Fuzzy Hash: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
          • Instruction Fuzzy Hash: 0AE08633111A188BC728DE18D512B7277E4EF45720F09463EA61347780C538E544C794
          Function 01AB6AA4 Relevance: .0, Instructions: 17COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
          • Instruction ID: d70b4d2185e2e9e9154b3864855b930a709d88cc55d44534c6c0a5cd3ec3eda2
          • Opcode Fuzzy Hash: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
          • Instruction Fuzzy Hash: 99D05E36511A50AFD7329F1BEE40C53BBF9FFC4A10706062EA54583920C670A806DBA0
          Function 01A9E59C Relevance: .0, Instructions: 16COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
          • Instruction ID: 6d097edb429a3fb005eb7ba19e584a5f29225b717b065ba7563f561f92b1e9d7
          • Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
          • Instruction Fuzzy Hash: 1BD0A932204A20ABEB32AA2CFC00FD333E8BB98720F060459B009C7050C360EC81CA84
          Function 01ADE908 Relevance: .0, Instructions: 16COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
          • Instruction ID: f436b2a2e508ab1c1ae2f81192704065e124136311be2a28c3bd49a45e37c13d
          • Opcode Fuzzy Hash: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
          • Instruction Fuzzy Hash: FEE0EC35951A849FDF12DF69CA40F5ABBB9BB94B40F550054A1099F660C624A900CB80
          Function 01A5A0E3 Relevance: .0, Instructions: 15COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
          • Instruction ID: efc0fcfc7c130a40a8625218246442337c28806d5aae748352e7d56c9a970e02
          • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
          • Instruction Fuzzy Hash: BDD0223232A03093DF2897656D00F637915BF80AA0F0A012C380A93800C0248C43D2E0
          Function 01A9A830 Relevance: .0, Instructions: 14COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
          • Instruction ID: e2e0e562a2b1c2162a34783b9001e05d923c2c6c3b97a4c6a43f99f67a9bb0e3
          • Opcode Fuzzy Hash: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
          • Instruction Fuzzy Hash: 87D012371D054DBBDB119F66DD01FA57BA9EB64BA0F454020B504875A0C63AE950D584
          Function 01A9CA24 Relevance: .0, Instructions: 14COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 2565bef095f9f3b623a652f8bc3801f3feb6a0c268b99126166de35069895ebb
          • Instruction ID: 14e53ed29772dd247581bc699175c65d085110072700f430808386e883b9775d
          • Opcode Fuzzy Hash: 2565bef095f9f3b623a652f8bc3801f3feb6a0c268b99126166de35069895ebb
          • Instruction Fuzzy Hash: 67D0A930681902CBEF2ADF18CE10E7E3BB1FF10640F80006CE70292821E32CDC01CA10
          Function 01A702A0 Relevance: .0, Instructions: 13COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
          • Instruction ID: 2243fca4af98019e83e0a522d62c0f35c0a3b670b71945f777fb8aacec44b8f8
          • Opcode Fuzzy Hash: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
          • Instruction Fuzzy Hash: 01D0C93A616E80CFD61BCB0CCAA4B1633B4BB45F44F850490F541CBB22E63CDA40CA40
          Function 01A9C700 Relevance: .0, Instructions: 12COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
          • Instruction ID: 0a269634b0f158104b77b8baca14440511708856db56a8d82aafc74fc82ac444
          • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
          • Instruction Fuzzy Hash: 31C08033150644AFD711DF95CD01F1277A9FB98B40F010021F30447570C531FD10E644
          Function 01A80310 Relevance: .0, Instructions: 11COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
          • Instruction ID: 074ce2ab2c94499562d5fa9ca428c86821b4dee188765ca0919451cf58ff5a80
          • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
          • Instruction Fuzzy Hash: 61D01236100248EFCB02EF41D990D9A772AFBD8710F109019FD19076108A31ED62DA50
          Function 01A60750 Relevance: .0, Instructions: 9COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
          • Instruction ID: a32fd1d28dab55708f6bafaa64cd9a426fcafb021ad64a7b16bd88f1f51556f1
          • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
          • Instruction Fuzzy Hash: BFC04879701A828FCF16DB2AD7D4F9977E8FB44740F164890E809CBB22E724E905DA11
          Function 01AA4340 Relevance: .0, Instructions: 4COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: f08a5e0f5ac83c638757b987ed5b15c343273378c5d84ad0bb958db080277dc3
          • Instruction ID: 9484fed2b3858a27f0f769905131d94cea0dbcded38ce0b15da790c9e07c089c
          • Opcode Fuzzy Hash: f08a5e0f5ac83c638757b987ed5b15c343273378c5d84ad0bb958db080277dc3
          • Instruction Fuzzy Hash: 46900231605840129140715C4CC4586400DA7E0301F56C015E0425554DCA188A565761
          Function 01AA4650 Relevance: .0, Instructions: 4COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: a4a78538d6975db700e1a2f5c6c6ed2d877725fabb903dad9342638683408829
          • Instruction ID: 09910045a0296ba97c436692620484b1f58504c80be549ac3b39532e03e45ac0
          • Opcode Fuzzy Hash: a4a78538d6975db700e1a2f5c6c6ed2d877725fabb903dad9342638683408829
          • Instruction Fuzzy Hash: FA900261601540424140715C4C44446600DA7E1301796C119A0555560DC61C89559769
          Function 01AA2BA0 Relevance: .0, Instructions: 4COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: a6a2abaa93f1de6a71048dca568f2c5b7eb1696c9b07b9662a001d358fe9933e
          • Instruction ID: 448c694ff27290805554a3ec4d2855c7175cff11d7d69201c11bad7bfab5dbe1
          • Opcode Fuzzy Hash: a6a2abaa93f1de6a71048dca568f2c5b7eb1696c9b07b9662a001d358fe9933e
          • Instruction Fuzzy Hash: 4790023160544802D150715C4854786000D97D0301F56C015A0025654EC7598B557BA1
          Function 01AA2B80 Relevance: .0, Instructions: 4COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 170023a07dd6b39535936e53a61226f97871f6c011930b95ea96ad2fb5eb661f
          • Instruction ID: 61aed0e03c3765daf6e71c13e68e1a34bc4f4034a0babc50f0d70f71446eca5e
          • Opcode Fuzzy Hash: 170023a07dd6b39535936e53a61226f97871f6c011930b95ea96ad2fb5eb661f
          • Instruction Fuzzy Hash: 6690023120144802D104715C4C446C6000D97D0301F56C015A6025655FD66989917631
          Function 01AA2BE0 Relevance: .0, Instructions: 4COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 3a96254028ddca072d0b7ecfcb8ebf05647023807a53776b4cf37a5315641be8
          • Instruction ID: 2a06029c3761f34fef074afdfd5270bc8ce90117effbd38289413749fd68a8a0
          • Opcode Fuzzy Hash: 3a96254028ddca072d0b7ecfcb8ebf05647023807a53776b4cf37a5315641be8
          • Instruction Fuzzy Hash: 3E90023120548842D140715C4844A86001D97D0305F56C015A0065694ED6298E55BB61
          Function 01AA2BF0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 536889fc7cf8ff0ee23c24468e4c219b6b4a6e24707f21aeaf78b6bd5fdc1e59
          • Instruction ID: 93d351b83ca47dfaeee71008e843723640bcd119b0c137a1d191f8e94f7d7aab
          • Opcode Fuzzy Hash: 536889fc7cf8ff0ee23c24468e4c219b6b4a6e24707f21aeaf78b6bd5fdc1e59
          • Instruction Fuzzy Hash: B890023120144802D180715C484468A000D97D1301F96C019A0026654ECA198B597BA1
          Function 01AA2AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: ced04b532cbe272739f48fb0c20fb80049a9b91c8d85597c3224a2da757130dd
          • Instruction ID: 1e60b989e10a83fb82506e14db635310581693fa349598b06f630f2399a77f6f
          • Opcode Fuzzy Hash: ced04b532cbe272739f48fb0c20fb80049a9b91c8d85597c3224a2da757130dd
          • Instruction Fuzzy Hash: 589002A1201580924500B25C8844B4A450D97E0201F56C01AE1055560DC52989519635
          Function 01AA2AF0 Relevance: .0, Instructions: 4COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: e98cabc29c7780b6d2b5d248497894384a752c94a657b249b9c8521cb5abec67
          • Instruction ID: 3d23ea4689dc128b4fa3dca65c72449c53e8ee033478cdb0767f0900998107b6
          • Opcode Fuzzy Hash: e98cabc29c7780b6d2b5d248497894384a752c94a657b249b9c8521cb5abec67
          • Instruction Fuzzy Hash: 96900225221440020145B55C0A4454B044DA7D6351796C019F1417590DC62589655721
          Function 01AA2AD0 Relevance: .0, Instructions: 4COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: e478100f42748ada9efe04ddd92a27a445cb69717a6cbfdf20ae72f754c27541
          • Instruction ID: e7302341fbd550da83abcac7c4b64ab619ba46c2fc2fb90efb8b5d1e2c68b169
          • Opcode Fuzzy Hash: e478100f42748ada9efe04ddd92a27a445cb69717a6cbfdf20ae72f754c27541
          • Instruction Fuzzy Hash: 3A900435311440030105F55C0F44547004FD7D5351757C035F1017550DD735CD715731
          Function 01AA2DB0 Relevance: .0, Instructions: 4COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 4e66d4ab2a80ec86c47c361ce6c749e18cc3f45aac27ccda674a9f450cabbcb2
          • Instruction ID: 9affd5c449445bed94344f34ebbfe4de440d8e278fc457f71bb4c45a8c4808ce
          • Opcode Fuzzy Hash: 4e66d4ab2a80ec86c47c361ce6c749e18cc3f45aac27ccda674a9f450cabbcb2
          • Instruction Fuzzy Hash: CF90023124144402D141715C4844646000DA7D0241F96C016A0425554FC6598B56AF61
          Function 01AA2DD0 Relevance: .0, Instructions: 4COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: c0185995985d861a85e48da614ab6094220651c86037094e312868bfb73d7c6a
          • Instruction ID: 41d6bf30a1c0c9979d4e00017fe2f26e6cafa4a6cb412409b65f5871b7a989ac
          • Opcode Fuzzy Hash: c0185995985d861a85e48da614ab6094220651c86037094e312868bfb73d7c6a
          • Instruction Fuzzy Hash: 66900221242481525545B15C4844547400EA7E0241B96C016A1415950DC52A9956DB21
          Function 01AA2D30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 3b02e6f3047437b6bb0f3b06a63e8947e3558a37b4fb28882bcdc262d4f6a0d7
          • Instruction ID: feb3a9e11e55cd1bdeb857f3db31dbec48ab573225c3793b8a462ade4fb073d3
          • Opcode Fuzzy Hash: 3b02e6f3047437b6bb0f3b06a63e8947e3558a37b4fb28882bcdc262d4f6a0d7
          • Instruction Fuzzy Hash: 4C90022130144003D140715C5858646400DE7E1301F56D015E0415554DD91989565722
          Function 01AA2D00 Relevance: .0, Instructions: 4COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 9308d05975e94670243fa1e9f99f1b2f164979227a7d7364ddb2cff9101de695
          • Instruction ID: 867fe696bb4433e87f788bbcb700d5a73fe766792f5071a258785fcddcfccbc4
          • Opcode Fuzzy Hash: 9308d05975e94670243fa1e9f99f1b2f164979227a7d7364ddb2cff9101de695
          • Instruction Fuzzy Hash: D790022120548442D100755C5848A46000D97D0205F56D015A1065595EC6398951A631
          Function 01AA2D10 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 1d104c494af693d5c51588ec464b0b6339ae3de0d88c833b2a25061d6d3f90b4
          • Instruction ID: 93bb1857e2903280aa55860441e73c4ac0942fd3df72363acf61f206a1cbe1db
          • Opcode Fuzzy Hash: 1d104c494af693d5c51588ec464b0b6339ae3de0d88c833b2a25061d6d3f90b4
          • Instruction Fuzzy Hash: 9690022921344002D180715C584864A000D97D1202F96D419A0016558DC91989695721
          Function 01AA2CA0 Relevance: .0, Instructions: 4COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 596e101d759561441f7acb35826b7baa6e440c2ab750ec16ef91903c3ad5ae3d
          • Instruction ID: 6c028b5848363e7d5886b8872a2ae22ba6e4c0305d0aa9477d753eaa88b04305
          • Opcode Fuzzy Hash: 596e101d759561441f7acb35826b7baa6e440c2ab750ec16ef91903c3ad5ae3d
          • Instruction Fuzzy Hash: 2990023120144402D100759C5848686000D97E0301F56D015A5025555FC66989916631
          Function 01AA2CF0 Relevance: .0, Instructions: 4COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 525358900d9c29fd87c5a552e905079d26281a0093279a1874e728150b8619ad
          • Instruction ID: 7f8ee1df69a3416e5af55cc498df096804906b3435be2b33183f6138558cc587
          • Opcode Fuzzy Hash: 525358900d9c29fd87c5a552e905079d26281a0093279a1874e728150b8619ad
          • Instruction Fuzzy Hash: 1690023120144403D100715C5948747000D97D0201F56D415A0425558ED65A89516621
          Function 01AA2CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 169722fd146c77f5ee25c5cac8bc6554442bd0222609b83ceb95f159854fc06b
          • Instruction ID: e567ec61314908eea8a012b9ecbcbf3c8c2512ee062f75525ecd7806babaf716
          • Opcode Fuzzy Hash: 169722fd146c77f5ee25c5cac8bc6554442bd0222609b83ceb95f159854fc06b
          • Instruction Fuzzy Hash: 3790022160544402D140715C5858746001D97D0201F56D015A0025554EC65D8B556BA1
          Function 01AA2C60 Relevance: .0, Instructions: 4COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: ee01e66153320bb6e42ff79b6c524534f65734101c8965e17228d2fb9a75051e
          • Instruction ID: 521f8de50992d73b370a9ce9e29aeae706241fbfec9eaed1eda6e21447128113
          • Opcode Fuzzy Hash: ee01e66153320bb6e42ff79b6c524534f65734101c8965e17228d2fb9a75051e
          • Instruction Fuzzy Hash: 8F90023120144842D100715C4844B86000D97E0301F56C01AA0125654EC619C9517A21
          Function 01AA2FA0 Relevance: .0, Instructions: 4COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: af99c29dde9923be1d621a6fd4efbf7952fa1acaf7721105449a50bf983beee4
          • Instruction ID: 5326d42ee2847088f04da45350ec2eab619eb6337dc5b4dc0198c083749b31c3
          • Opcode Fuzzy Hash: af99c29dde9923be1d621a6fd4efbf7952fa1acaf7721105449a50bf983beee4
          • Instruction Fuzzy Hash: 8A90023120184402D100715C4C48787000D97D0302F56C015A5165555FC669C9916A31
          Function 01AA2FB0 Relevance: .0, Instructions: 4COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 9c99aa7e72f7237550cdc36a43485830a4dd293b95f88bd067f6b5273b50e2ff
          • Instruction ID: ec53f89e1108f907be09fb18517b2a47fbaf6ddbabdfdb6d50b32032c6634cc5
          • Opcode Fuzzy Hash: 9c99aa7e72f7237550cdc36a43485830a4dd293b95f88bd067f6b5273b50e2ff
          • Instruction Fuzzy Hash: 18900221601440424140716C8C84946400DBBE1211B56C125A0999550EC55D89655B65
          Function 01AA2F90 Relevance: .0, Instructions: 4COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 4a66b9e16b9fa0548fd59ccf424cb436cf2770a2d4c51d3e9bd31033791bb314
          • Instruction ID: 06307bcb7923de6addcbaabb4e7c02ebfd599023ff175691629cfa6feef79dff
          • Opcode Fuzzy Hash: 4a66b9e16b9fa0548fd59ccf424cb436cf2770a2d4c51d3e9bd31033791bb314
          • Instruction Fuzzy Hash: 3A90023120184402D100715C4C5474B000D97D0302F56C015A1165555EC62989516A71
          Function 01AA2FE0 Relevance: .0, Instructions: 4COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: a706ca49e4c9951fcd86299df3582fbaf6023871b3b6fbb6179a043e5a400e11
          • Instruction ID: fac260d93af18a634e0b04626f7cf9ae73f74697de01049d46a11abbdb05544e
          • Opcode Fuzzy Hash: a706ca49e4c9951fcd86299df3582fbaf6023871b3b6fbb6179a043e5a400e11
          • Instruction Fuzzy Hash: F2900221211C4042D200756C4C54B47000D97D0303F56C119A0155554DC91989615A21
          Function 01AA2F30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 916156d398584b57a88797fa740bac5d16a98d21510284896acac30d4842967e
          • Instruction ID: cc7c9e31490b8c7940a999c9196cae454383a25a5ab9f4b635ec63a80f90cc51
          • Opcode Fuzzy Hash: 916156d398584b57a88797fa740bac5d16a98d21510284896acac30d4842967e
          • Instruction Fuzzy Hash: 6490026134144442D100715C4854B46000DD7E1301F56C019E1065554EC61DCD526626
          Function 01AA2F60 Relevance: .0, Instructions: 4COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 986877181d5a65922941810d2d0c7e9cf0f1d92a216f4885cd77b805df6360f8
          • Instruction ID: 26888f7f14651adf3cde60836333f025be834a9d445320a54d8f8e244a0edb5d
          • Opcode Fuzzy Hash: 986877181d5a65922941810d2d0c7e9cf0f1d92a216f4885cd77b805df6360f8
          • Instruction Fuzzy Hash: C090047131144043D104715C4C44747004DD7F1301F57C017F3155554DC53DCD715735
          Function 01AA2EA0 Relevance: .0, Instructions: 4COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 131869998649500d63c99dd2d2568298d53782e8b4f3fcafc1e00435a815e07f
          • Instruction ID: ee70ddb9a1c3f60bcdbf3a82cb04e6f8d307fd5882bb66d0d89954d01782e2ab
          • Opcode Fuzzy Hash: 131869998649500d63c99dd2d2568298d53782e8b4f3fcafc1e00435a815e07f
          • Instruction Fuzzy Hash: 8290027120144402D140715C4844786000D97D0301F56C015A5065554FC65D8ED56B65
          Function 01AA2E80 Relevance: .0, Instructions: 4COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 6c75d2c1779bd77577f8d5976fc35e43cb4c65d5ac67cbe5fb2d68a138287c1f
          • Instruction ID: 702fb851dd6aca0a00fab72e74ef9407201027a0a98fc32e5bb729246e97899f
          • Opcode Fuzzy Hash: 6c75d2c1779bd77577f8d5976fc35e43cb4c65d5ac67cbe5fb2d68a138287c1f
          • Instruction Fuzzy Hash: FF90022160144502D101715C4844656000E97D0241F96C026A1025555FCA298A92A631
          Function 01AA2EE0 Relevance: .0, Instructions: 4COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 0e979e150bf6e79bec957cec800d074b75b226e0bee92d0977789446aa13ef56
          • Instruction ID: 1d2aca9121437d6701b8b285733217eedeb034c6697a643651e612e27de21b37
          • Opcode Fuzzy Hash: 0e979e150bf6e79bec957cec800d074b75b226e0bee92d0977789446aa13ef56
          • Instruction Fuzzy Hash: F490026120184403D140755C4C44647000D97D0302F56C015A2065555FCA2D8D516635
          Function 01AA2E30 Relevance: .0, Instructions: 4COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 1b684f72c7d4d44b5bb7b45c17d19d975f0b235db79c1f149966e60f77c38107
          • Instruction ID: 6a2b189ab386368b015a75c8ccddb9bde954a5eb73743e74166f79ccae948da0
          • Opcode Fuzzy Hash: 1b684f72c7d4d44b5bb7b45c17d19d975f0b235db79c1f149966e60f77c38107
          • Instruction Fuzzy Hash: D890022130144402D102715C4854646000DD7D1345F96C016E1425555EC6298A53A632
          Function 01AA3090 Relevance: .0, Instructions: 4COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 0818ae7443608623bf50c481100ad4d28c9c060e0e2ec59b4703eaf809c9ecb8
          • Instruction ID: 185101ae922c5fc9a638133a5cfc915c25b900f7fbc98ce4810d1fe8141b9a3f
          • Opcode Fuzzy Hash: 0818ae7443608623bf50c481100ad4d28c9c060e0e2ec59b4703eaf809c9ecb8
          • Instruction Fuzzy Hash: 9690022124144802D140715C8854747000ED7D0601F56C015A0025554EC61A8A656BB1
          Function 01AA3010 Relevance: .0, Instructions: 4COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 33f2b32b87d67d52a80efcdc0f86975938b0db9e4a1f9a89d1120ef31935e284
          • Instruction ID: d318abd0305ae12ce42356d976c8cf3c7b8ecb96d0444dd4ee2b47e3f83e5242
          • Opcode Fuzzy Hash: 33f2b32b87d67d52a80efcdc0f86975938b0db9e4a1f9a89d1120ef31935e284
          • Instruction Fuzzy Hash: 3E90022120188442D140725C4C44B4F410D97E1202F96C01DA4157554DC91989555B21
          Function 01AA39B0 Relevance: .0, Instructions: 4COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 9fc7c236d7ac4063eddda0cf3786dcd7268ea225a582ab5bad6c458e4c0f36b1
          • Instruction ID: 8a81e492c42843af9b2c6f4952b932e8cf94567d84b05ba265e3b93ec447967f
          • Opcode Fuzzy Hash: 9fc7c236d7ac4063eddda0cf3786dcd7268ea225a582ab5bad6c458e4c0f36b1
          • Instruction Fuzzy Hash: 0590022124549102D150715C4844656400DB7E0201F56C025A0815594EC55989556721
          Function 01AA2C00 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
          • Instruction ID: 13d512d5140e679bfda04669b3a76830754d4f4709cb1f3a7db6e75aa6e4440d
          • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
          • Instruction Fuzzy Hash:
          Function 01AA2890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
          Download Yara Rule
          APIs
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID: ___swprintf_l
          • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
          • API String ID: 48624451-2108815105
          • Opcode ID: 9a58fb5acd71173446ca8ceb30769b27fdd4676d1e4928a38031e6600278f0e1
          • Instruction ID: 542441c8bd0945dd6ff54eec24e202d29e1754729a10c77cbe357045b76df461
          • Opcode Fuzzy Hash: 9a58fb5acd71173446ca8ceb30769b27fdd4676d1e4928a38031e6600278f0e1
          • Instruction Fuzzy Hash: A151F8B2A04556BFCB11DFADC9C0A7EFBB8BB48640B94816AF465D7641D334DE1087E0
          Function 01B12410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
          Download Yara Rule
          APIs
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID: ___swprintf_l
          • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
          • API String ID: 48624451-2108815105
          • Opcode ID: 9380c0c2a88343a939420c99bd219509a988564c9844121d827e21402b971757
          • Instruction ID: aade3c8ae451731c969371f2fd01958e8c4b6f81075bf18b06f0cedf0f7e58f4
          • Opcode Fuzzy Hash: 9380c0c2a88343a939420c99bd219509a988564c9844121d827e21402b971757
          • Instruction Fuzzy Hash: 17510571A00645AEDF38DF9CC99097FBBF8EF44200BA584E9E596C7646E774DA008760
          Function 01A97630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
          Download Yara Rule
          Strings
          • ExecuteOptions, xrefs: 01AD46A0
          • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 01AD46FC
          • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 01AD4742
          • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 01AD4655
          • CLIENT(ntdll): Processing section info %ws..., xrefs: 01AD4787
          • Execute=1, xrefs: 01AD4713
          • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 01AD4725
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
          • API String ID: 0-484625025
          • Opcode ID: 7378a1cf98b54eed76dc12459b60b7ff656cc8008fe495c054bc3b65d8a87e7d
          • Instruction ID: 21642e450f120f339b2c769c0b58b715c6fb7f5eb847aee51c962fb34cc71179
          • Opcode Fuzzy Hash: 7378a1cf98b54eed76dc12459b60b7ff656cc8008fe495c054bc3b65d8a87e7d
          • Instruction Fuzzy Hash: CC5109316102197BEF11AFE9DD89FBE77F8EF58300F080099D605AB181E7709A858FA0
          Function 01B36940 Relevance: 9.4, APIs: 6, Instructions: 416COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
          • Instruction ID: 7d4b540db99fe06cfa421d68de311b326063fa0884794c99e4ba8b67bea87a98
          • Opcode Fuzzy Hash: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
          • Instruction Fuzzy Hash: 27022671508342AFD709CF18C590A6FBBE5EFC8700F448A6DF9998B264DB31EA15CB52
          Function 01AAB5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
          Download Yara Rule
          APIs
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID: __aulldvrm
          • String ID: +$-$0$0
          • API String ID: 1302938615-699404926
          • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
          • Instruction ID: 37116f5cd9db83c16e531d3282a7a68fc70cc9fe1c5ba67ff8e2f1e452b3d197
          • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
          • Instruction Fuzzy Hash: 9D818070E062499EEF25CF6CC8917FEBFB2AF45320F9C425AD861A7291C77498408B71
          Function 01B120E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
          Download Yara Rule
          APIs
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID: ___swprintf_l
          • String ID: %%%u$[$]:%u
          • API String ID: 48624451-2819853543
          • Opcode ID: fca2e6d9daa210e92b7bd88f9910c3e8ccd823be1a1330334954757f4b53417e
          • Instruction ID: 22881ba6a99758ecd640eed91ae0bddbfd0c47c06e46829d8f6a5f2f80d9ae3b
          • Opcode Fuzzy Hash: fca2e6d9daa210e92b7bd88f9910c3e8ccd823be1a1330334954757f4b53417e
          • Instruction Fuzzy Hash: 8821957AE00119ABDB14DF7ACD40AFEBBF8EF54650F550196E905E3205E730DA118BA0
          Function 01A8F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
          Download Yara Rule
          Strings
          • RTL: Re-Waiting, xrefs: 01AD031E
          • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 01AD02BD
          • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 01AD02E7
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
          • API String ID: 0-2474120054
          • Opcode ID: 3b2281e200762f6ebb8a478cd6fca5ad0d32f8e64c87adebd86418afd9b7a90b
          • Instruction ID: f389ca07d8eb2fe095b28c6c1082122ceea144a1a5678141fac7e739428735eb
          • Opcode Fuzzy Hash: 3b2281e200762f6ebb8a478cd6fca5ad0d32f8e64c87adebd86418afd9b7a90b
          • Instruction Fuzzy Hash: E5E1AE30604B429FE725EF28C984B2ABBE0BF84314F140A6DF5A6CB2E1D774D945CB52
          Function 01A9B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
          Download Yara Rule
          APIs
          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01AD728C
          Strings
          • RTL: Resource at %p, xrefs: 01AD72A3
          • RTL: Re-Waiting, xrefs: 01AD72C1
          • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 01AD7294
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
          • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
          • API String ID: 885266447-605551621
          • Opcode ID: 142c34bd4a01476d5eac7c0ceb581eae917909d9f1ad90c450219c264947036d
          • Instruction ID: d57cc324decff36b11b2e6e90460fda8271541279c03dbfa5814e48c1c746ed9
          • Opcode Fuzzy Hash: 142c34bd4a01476d5eac7c0ceb581eae917909d9f1ad90c450219c264947036d
          • Instruction Fuzzy Hash: 3A410031700642ABCB25DF69CC41F6AB7E5FB94714F140619F956AB241DB30E8528BE1
          Function 01B12300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
          Download Yara Rule
          APIs
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID: ___swprintf_l
          • String ID: %%%u$]:%u
          • API String ID: 48624451-3050659472
          • Opcode ID: d65f1d7f960f9326be9bef81f24c5083213c3fda186fb343a7034331c1ecb03c
          • Instruction ID: e47786ad680efa46c29fda01e7b678dd00b40b68d1e14917e7d04c3ae330fb9a
          • Opcode Fuzzy Hash: d65f1d7f960f9326be9bef81f24c5083213c3fda186fb343a7034331c1ecb03c
          • Instruction Fuzzy Hash: C2318772A002199FDB24DF29DD80BEEB7B8EF54650F9545D5E949E3204EB30AA448B60
          Function 01A69126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.2856922715.0000000001A30000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A30000, based on PE: true
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_1a30000_INQUIRY 2024-SP000422-B(01) INQ24-_1.jbxd
          Similarity
          • API ID:
          • String ID: $$@
          • API String ID: 0-1194432280
          • Opcode ID: 4525061853e772f985a4e4324fa9d1dca84ea31f191a178fc493dbf421798b16
          • Instruction ID: 7f30f6ce14a0994a82bfedd285863c35aa81a9984ebec62fbfd0b9c4673c6581
          • Opcode Fuzzy Hash: 4525061853e772f985a4e4324fa9d1dca84ea31f191a178fc493dbf421798b16
          • Instruction Fuzzy Hash: 3B810A71D00269DBDB35DB54CD44BEABBB8AB48754F0441EAEA19B7280E7705E84CFA0