Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
L3pFsxNFICpBGmi.exe

Overview

General Information

Sample name:L3pFsxNFICpBGmi.exe
Analysis ID:1482902
MD5:24bb9c65918d0110cd3175a206ec1a4f
SHA1:851184f625d91154bf84a37f6fce380ab96e1770
SHA256:2ce56b77aff14fba64510a678e42154864d96f445f8fcb28a398fecb18b2d6d4
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Scheduled temp file as task from temp location
Yara detected AntiVM3
Yara detected FormBook
.NET source code contains potential unpacker
AI detected suspicious sample
Adds a directory exclusion to Windows Defender
Injects a PE file into a foreign processes
Loading BitLocker PowerShell Module
Machine Learning detection for dropped file
Machine Learning detection for sample
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Uses schtasks.exe or at.exe to add and modify task schedules
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Powershell Defender Exclusion
Sigma detected: Suspicious Add Scheduled Task Parent
Sigma detected: Suspicious Schtasks From Env Var Folder
Tries to resolve domain names, but no domain seems valid (expired dropper behavior)
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • L3pFsxNFICpBGmi.exe (PID: 6536 cmdline: "C:\Users\user\Desktop\L3pFsxNFICpBGmi.exe" MD5: 24BB9C65918D0110CD3175A206EC1A4F)
    • powershell.exe (PID: 5208 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exe" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 5336 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • WmiPrvSE.exe (PID: 7088 cmdline: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding MD5: 60FF40CFD7FB8FE41EE4FE9AE5FE1C51)
    • schtasks.exe (PID: 5344 cmdline: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\VgPjxShbdbBH" /XML "C:\Users\user\AppData\Local\Temp\tmp4C43.tmp" MD5: 48C2FE20575769DE916F48EF0676A965)
      • conhost.exe (PID: 2104 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • L3pFsxNFICpBGmi.exe (PID: 6448 cmdline: "C:\Users\user\Desktop\L3pFsxNFICpBGmi.exe" MD5: 24BB9C65918D0110CD3175A206EC1A4F)
  • VgPjxShbdbBH.exe (PID: 3580 cmdline: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exe MD5: 24BB9C65918D0110CD3175A206EC1A4F)
    • schtasks.exe (PID: 7000 cmdline: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\VgPjxShbdbBH" /XML "C:\Users\user\AppData\Local\Temp\tmp5CCE.tmp" MD5: 48C2FE20575769DE916F48EF0676A965)
      • conhost.exe (PID: 5680 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • VgPjxShbdbBH.exe (PID: 1172 cmdline: "C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exe" MD5: 24BB9C65918D0110CD3175A206EC1A4F)
    • VgPjxShbdbBH.exe (PID: 5944 cmdline: "C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exe" MD5: 24BB9C65918D0110CD3175A206EC1A4F)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000007.00000002.2368050884.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000007.00000002.2368050884.0000000000400000.00000040.00000400.00020000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x2f773:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0x17852:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    00000007.00000002.2368458197.0000000000BE0000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000007.00000002.2368458197.0000000000BE0000.00000004.00001000.00020000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
      • 0x2c200:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
      • 0x142df:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
      Process Memory Space: L3pFsxNFICpBGmi.exe PID: 6536JoeSecurity_AntiVM_3Yara detected AntiVM_3Joe Security
        Click to see the 1 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        7.2.L3pFsxNFICpBGmi.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          7.2.L3pFsxNFICpBGmi.exe.400000.0.raw.unpackWindows_Trojan_Formbook_1112e116unknownunknown
          • 0x2f773:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
          • 0x17852:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
          7.2.L3pFsxNFICpBGmi.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            7.2.L3pFsxNFICpBGmi.exe.400000.0.unpackWindows_Trojan_Formbook_1112e116unknownunknown
            • 0x2e973:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
            • 0x16a52:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01

            Sigma Signatures

            System Summary

            barindex
            Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
            Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\L3pFsxNFICpBGmi.exe", ParentImage: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exe, ParentProcessId: 6536, ParentProcessName: L3pFsxNFICpBGmi.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exe", ProcessId: 5208, ProcessName: powershell.exe
            Sigma detected: Powershell Defender Exclusion
            Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\L3pFsxNFICpBGmi.exe", ParentImage: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exe, ParentProcessId: 6536, ParentProcessName: L3pFsxNFICpBGmi.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exe", ProcessId: 5208, ProcessName: powershell.exe
            Sigma detected: Suspicious Add Scheduled Task Parent
            Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\VgPjxShbdbBH" /XML "C:\Users\user\AppData\Local\Temp\tmp5CCE.tmp", CommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\VgPjxShbdbBH" /XML "C:\Users\user\AppData\Local\Temp\tmp5CCE.tmp", CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exe, ParentImage: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exe, ParentProcessId: 3580, ParentProcessName: VgPjxShbdbBH.exe, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\VgPjxShbdbBH" /XML "C:\Users\user\AppData\Local\Temp\tmp5CCE.tmp", ProcessId: 7000, ProcessName: schtasks.exe
            Sigma detected: Suspicious Schtasks From Env Var Folder
            Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\VgPjxShbdbBH" /XML "C:\Users\user\AppData\Local\Temp\tmp4C43.tmp", CommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\VgPjxShbdbBH" /XML "C:\Users\user\AppData\Local\Temp\tmp4C43.tmp", CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: "C:\Users\user\Desktop\L3pFsxNFICpBGmi.exe", ParentImage: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exe, ParentProcessId: 6536, ParentProcessName: L3pFsxNFICpBGmi.exe, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\VgPjxShbdbBH" /XML "C:\Users\user\AppData\Local\Temp\tmp4C43.tmp", ProcessId: 5344, ProcessName: schtasks.exe
            Sigma detected: Non Interactive PowerShell Process Spawned
            Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\L3pFsxNFICpBGmi.exe", ParentImage: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exe, ParentProcessId: 6536, ParentProcessName: L3pFsxNFICpBGmi.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exe", ProcessId: 5208, ProcessName: powershell.exe

            Persistence and Installation Behavior

            barindex
            Sigma detected: Scheduled temp file as task from temp location
            Source: Process startedAuthor: Joe Security: Data: Command: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\VgPjxShbdbBH" /XML "C:\Users\user\AppData\Local\Temp\tmp4C43.tmp", CommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\VgPjxShbdbBH" /XML "C:\Users\user\AppData\Local\Temp\tmp4C43.tmp", CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: "C:\Users\user\Desktop\L3pFsxNFICpBGmi.exe", ParentImage: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exe, ParentProcessId: 6536, ParentProcessName: L3pFsxNFICpBGmi.exe, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\VgPjxShbdbBH" /XML "C:\Users\user\AppData\Local\Temp\tmp4C43.tmp", ProcessId: 5344, ProcessName: schtasks.exe

            Snort Signatures

            No Snort rule has matched

            Suricata Signatures

            Timestamp:2024-07-26T10:55:31.051870+0200
            SID:2022930
            Source Port:443
            Destination Port:59209
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-07-26T10:55:30.042277+0200
            SID:2022930
            Source Port:443
            Destination Port:59208
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:2024-07-26T10:55:10.961195+0200
            SID:2022930
            Source Port:443
            Destination Port:49717
            Protocol:TCP
            Classtype:A Network Trojan was detected

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Multi AV Scanner detection for dropped file
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeReversingLabs: Detection: 79%
            Multi AV Scanner detection for submitted file
            Source: L3pFsxNFICpBGmi.exeVirustotal: Detection: 35%Perma Link
            Source: L3pFsxNFICpBGmi.exeReversingLabs: Detection: 83%
            Yara detected FormBook
            Source: Yara matchFile source: 7.2.L3pFsxNFICpBGmi.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 7.2.L3pFsxNFICpBGmi.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000007.00000002.2368050884.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000002.2368458197.0000000000BE0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
            AI detected suspicious sample
            Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
            Machine Learning detection for dropped file
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeJoe Sandbox ML: detected
            Machine Learning detection for sample
            Source: L3pFsxNFICpBGmi.exeJoe Sandbox ML: detected
            Source: L3pFsxNFICpBGmi.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: L3pFsxNFICpBGmi.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: Binary string: qVcY.pdb- source: L3pFsxNFICpBGmi.exe, 00000000.00000002.2177605427.000000000703A000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdbUGP source: L3pFsxNFICpBGmi.exe, 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: L3pFsxNFICpBGmi.exe, L3pFsxNFICpBGmi.exe, 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: qVcY.pdb source: L3pFsxNFICpBGmi.exe, VgPjxShbdbBH.exe.0.dr
            Source: Binary string: qVcY.pdbSHA256 source: L3pFsxNFICpBGmi.exe, VgPjxShbdbBH.exe.0.dr
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 4x nop then jmp 06E30D4Dh0_2_06E30CE8
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 4x nop then jmp 06E30D4Dh0_2_06E30CD8
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 4x nop then jmp 06E30D4Dh0_2_06E30C91
            Source: unknownDNS traffic detected: query: 15.164.165.52.in-addr.arpa replaycode: Name error (3)
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: global trafficDNS traffic detected: DNS query: 15.164.165.52.in-addr.arpa
            Source: L3pFsxNFICpBGmi.exe, 00000000.00000002.2160601217.0000000002861000.00000004.00000800.00020000.00000000.sdmp, VgPjxShbdbBH.exe, 00000009.00000002.2307859481.00000000033C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name

            E-Banking Fraud

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 7.2.L3pFsxNFICpBGmi.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 7.2.L3pFsxNFICpBGmi.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000007.00000002.2368050884.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000002.2368458197.0000000000BE0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

            System Summary

            barindex
            Malicious sample detected (through community Yara rule)
            Source: 7.2.L3pFsxNFICpBGmi.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 7.2.L3pFsxNFICpBGmi.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000007.00000002.2368050884.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000007.00000002.2368458197.0000000000BE0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0042CA43 NtClose,7_2_0042CA43
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0040AD92 NtDelayExecution,7_2_0040AD92
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01122DF0 NtQuerySystemInformation,LdrInitializeThunk,7_2_01122DF0
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01122C70 NtFreeVirtualMemory,LdrInitializeThunk,7_2_01122C70
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_011235C0 NtCreateMutant,LdrInitializeThunk,7_2_011235C0
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01124340 NtSetContextThread,7_2_01124340
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01124650 NtSuspendThread,7_2_01124650
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01122B60 NtClose,7_2_01122B60
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01122B80 NtQueryInformationFile,7_2_01122B80
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01122BA0 NtEnumerateValueKey,7_2_01122BA0
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01122BF0 NtAllocateVirtualMemory,7_2_01122BF0
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01122BE0 NtQueryValueKey,7_2_01122BE0
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01122AB0 NtWaitForSingleObject,7_2_01122AB0
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01122AD0 NtReadFile,7_2_01122AD0
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01122AF0 NtWriteFile,7_2_01122AF0
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01122D10 NtMapViewOfSection,7_2_01122D10
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01122D00 NtSetInformationFile,7_2_01122D00
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01122D30 NtUnmapViewOfSection,7_2_01122D30
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01122DB0 NtEnumerateKey,7_2_01122DB0
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01122DD0 NtDelayExecution,7_2_01122DD0
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01122C00 NtQueryInformationProcess,7_2_01122C00
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01122C60 NtCreateKey,7_2_01122C60
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01122CA0 NtQueryInformationToken,7_2_01122CA0
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01122CC0 NtQueryVirtualMemory,7_2_01122CC0
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01122CF0 NtOpenProcess,7_2_01122CF0
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01122F30 NtCreateSection,7_2_01122F30
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01122F60 NtCreateProcessEx,7_2_01122F60
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01122F90 NtProtectVirtualMemory,7_2_01122F90
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01122FB0 NtResumeThread,7_2_01122FB0
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01122FA0 NtQuerySection,7_2_01122FA0
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01122FE0 NtCreateFile,7_2_01122FE0
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01122E30 NtWriteVirtualMemory,7_2_01122E30
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01122E80 NtReadVirtualMemory,7_2_01122E80
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01122EA0 NtAdjustPrivilegesToken,7_2_01122EA0
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01122EE0 NtQueueApcThread,7_2_01122EE0
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01123010 NtOpenDirectoryObject,7_2_01123010
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01123090 NtSetValueKey,7_2_01123090
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_011239B0 NtGetContextThread,7_2_011239B0
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01123D10 NtOpenProcessToken,7_2_01123D10
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01123D70 NtOpenThread,7_2_01123D70
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 0_2_06E32E500_2_06E32E50
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 0_2_06E34ADA0_2_06E34ADA
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 0_2_06FF04480_2_06FF0448
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 0_2_06FFA2B80_2_06FFA2B8
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 0_2_06FFE6300_2_06FFE630
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 0_2_06FFEEA00_2_06FFEEA0
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 0_2_06FF6FF80_2_06FF6FF8
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 0_2_06FF6FCE0_2_06FF6FCE
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 0_2_06FFEA680_2_06FFEA68
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 0_2_07466F200_2_07466F20
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 0_2_074604780_2_07460478
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 0_2_074600400_2_07460040
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 0_2_074600060_2_07460006
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 0_2_06E322780_2_06E32278
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 0_2_06E330080_2_06E33008
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0042F0637_2_0042F063
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_004029907_2_00402990
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_004102EA7_2_004102EA
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_004102F37_2_004102F3
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_004033207_2_00403320
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_00416BC37_2_00416BC3
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_00416BBE7_2_00416BBE
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_004105137_2_00410513
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0040E5937_2_0040E593
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_004026107_2_00402610
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_00402EC07_2_00402EC0
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0040E76B7_2_0040E76B
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0118A1187_2_0118A118
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010E01007_2_010E0100
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_011781587_2_01178158
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_011B01AA7_2_011B01AA
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_011A41A27_2_011A41A2
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_011A81CC7_2_011A81CC
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_011820007_2_01182000
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_011AA3527_2_011AA352
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_011B03E67_2_011B03E6
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010FE3F07_2_010FE3F0
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_011902747_2_01190274
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_011702C07_2_011702C0
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010F05357_2_010F0535
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_011B05917_2_011B0591
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_011944207_2_01194420
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_011A24467_2_011A2446
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0119E4F67_2_0119E4F6
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_011147507_2_01114750
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010F07707_2_010F0770
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010EC7C07_2_010EC7C0
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0110C6E07_2_0110C6E0
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_011069627_2_01106962
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010F29A07_2_010F29A0
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_011BA9A67_2_011BA9A6
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010F28407_2_010F2840
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010FA8407_2_010FA840
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010D68B87_2_010D68B8
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0111E8F07_2_0111E8F0
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_011AAB407_2_011AAB40
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_011A6BD77_2_011A6BD7
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010EEA807_2_010EEA80
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0118CD1F7_2_0118CD1F
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010FAD007_2_010FAD00
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01108DBF7_2_01108DBF
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010EADE07_2_010EADE0
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010F0C007_2_010F0C00
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01190CB57_2_01190CB5
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010E0CF27_2_010E0CF2
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01110F307_2_01110F30
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01192F307_2_01192F30
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01132F287_2_01132F28
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01164F407_2_01164F40
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0116EFA07_2_0116EFA0
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010E2FC87_2_010E2FC8
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010FCFE07_2_010FCFE0
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_011AEE267_2_011AEE26
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010F0E597_2_010F0E59
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01102E907_2_01102E90
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_011ACE937_2_011ACE93
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_011AEEDB7_2_011AEEDB
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_011BB16B7_2_011BB16B
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0112516C7_2_0112516C
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010DF1727_2_010DF172
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010FB1B07_2_010FB1B0
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010F70C07_2_010F70C0
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0119F0CC7_2_0119F0CC
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_011A70E97_2_011A70E9
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_011AF0E07_2_011AF0E0
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_011A132D7_2_011A132D
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010DD34C7_2_010DD34C
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0113739A7_2_0113739A
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010F52A07_2_010F52A0
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0110B2C07_2_0110B2C0
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_011912ED7_2_011912ED
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_011A75717_2_011A7571
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0118D5B07_2_0118D5B0
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_011B95C37_2_011B95C3
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_011AF43F7_2_011AF43F
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010E14607_2_010E1460
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_011AF7B07_2_011AF7B0
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_011356307_2_01135630
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_011A16CC7_2_011A16CC
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_011859107_2_01185910
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0110B9507_2_0110B950
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010F99507_2_010F9950
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0115D8007_2_0115D800
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010F38E07_2_010F38E0
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_011AFB767_2_011AFB76
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0110FB807_2_0110FB80
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01165BF07_2_01165BF0
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0112DBF97_2_0112DBF9
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_011AFA497_2_011AFA49
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_011A7A467_2_011A7A46
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01163A6C7_2_01163A6C
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01135AA07_2_01135AA0
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0118DAAC7_2_0118DAAC
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01191AA37_2_01191AA3
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0119DAC67_2_0119DAC6
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_011A1D5A7_2_011A1D5A
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010F3D407_2_010F3D40
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_011A7D737_2_011A7D73
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0110FDC07_2_0110FDC0
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01169C327_2_01169C32
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_011AFCF27_2_011AFCF2
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_011AFF097_2_011AFF09
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010F1F927_2_010F1F92
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_011AFFB17_2_011AFFB1
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010B3FD27_2_010B3FD2
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010B3FD57_2_010B3FD5
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010F9EB07_2_010F9EB0
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeCode function: 9_2_076004489_2_07600448
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeCode function: 9_2_0760A2B89_2_0760A2B8
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeCode function: 9_2_0760E6309_2_0760E630
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeCode function: 9_2_07606FF79_2_07606FF7
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeCode function: 9_2_07606FF89_2_07606FF8
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeCode function: 9_2_0760EEA09_2_0760EEA0
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeCode function: 9_2_0760EA689_2_0760EA68
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeCode function: 9_2_07A804789_2_07A80478
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeCode function: 9_2_07A862509_2_07A86250
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeCode function: 9_2_07A800409_2_07A80040
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeCode function: 13_2_0131010013_2_01310100
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeCode function: 13_2_0136600013_2_01366000
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeCode function: 13_2_013A02C013_2_013A02C0
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeCode function: 13_2_0132053513_2_01320535
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeCode function: 13_2_0132077013_2_01320770
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeCode function: 13_2_0134475013_2_01344750
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeCode function: 13_2_0131C7C013_2_0131C7C0
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeCode function: 13_2_0133C6E013_2_0133C6E0
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeCode function: 13_2_0133696213_2_01336962
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeCode function: 13_2_013229A013_2_013229A0
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeCode function: 13_2_0132A84013_2_0132A840
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeCode function: 13_2_0132284013_2_01322840
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeCode function: 13_2_013068B813_2_013068B8
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeCode function: 13_2_0135889013_2_01358890
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeCode function: 13_2_0134E8F013_2_0134E8F0
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeCode function: 13_2_0131EA8013_2_0131EA80
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeCode function: 13_2_0132AD0013_2_0132AD00
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeCode function: 13_2_0132ED7A13_2_0132ED7A
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeCode function: 13_2_01338DBF13_2_01338DBF
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeCode function: 13_2_0131ADE013_2_0131ADE0
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeCode function: 13_2_01328DC013_2_01328DC0
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeCode function: 13_2_01320C0013_2_01320C00
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeCode function: 13_2_01310CF213_2_01310CF2
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeCode function: 13_2_01340F3013_2_01340F30
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeCode function: 13_2_01362F2813_2_01362F28
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeCode function: 13_2_01394F4013_2_01394F40
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeCode function: 13_2_0139EFA013_2_0139EFA0
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeCode function: 13_2_01312FC813_2_01312FC8
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeCode function: 13_2_01320E5913_2_01320E59
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeCode function: 13_2_01332E9013_2_01332E90
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeCode function: 13_2_0130F17213_2_0130F172
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeCode function: 13_2_0135516C13_2_0135516C
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeCode function: 13_2_0132B1B013_2_0132B1B0
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeCode function: 13_2_0130D34C13_2_0130D34C
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeCode function: 13_2_013233F313_2_013233F3
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeCode function: 13_2_013252A013_2_013252A0
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeCode function: 13_2_0133D2F013_2_0133D2F0
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeCode function: 13_2_0133B2C013_2_0133B2C0
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeCode function: 13_2_0131146013_2_01311460
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeCode function: 13_2_0132349713_2_01323497
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeCode function: 13_2_013674E013_2_013674E0
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeCode function: 13_2_0132B73013_2_0132B730
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeCode function: 13_2_0132995013_2_01329950
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeCode function: 13_2_0133B95013_2_0133B950
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeCode function: 13_2_0132599013_2_01325990
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeCode function: 13_2_0138D80013_2_0138D800
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeCode function: 13_2_013238E013_2_013238E0
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeCode function: 13_2_0133FB8013_2_0133FB80
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeCode function: 13_2_01395BF013_2_01395BF0
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeCode function: 13_2_0135DBF913_2_0135DBF9
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeCode function: 13_2_01393A6C13_2_01393A6C
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeCode function: 13_2_01323D4013_2_01323D40
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeCode function: 13_2_0133FDC013_2_0133FDC0
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeCode function: 13_2_01399C3213_2_01399C32
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeCode function: 13_2_01339C2013_2_01339C20
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeCode function: 13_2_01321F9213_2_01321F92
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeCode function: 13_2_01329EB013_2_01329EB0
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: String function: 01125130 appears 58 times
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: String function: 0116F290 appears 105 times
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: String function: 010DB970 appears 280 times
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: String function: 01137E54 appears 111 times
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: String function: 0115EA12 appears 86 times
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeCode function: String function: 01367E54 appears 97 times
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeCode function: String function: 0138EA12 appears 37 times
            Source: L3pFsxNFICpBGmi.exe, 00000000.00000002.2161205330.0000000003A3E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs L3pFsxNFICpBGmi.exe
            Source: L3pFsxNFICpBGmi.exe, 00000000.00000002.2159682582.00000000009EE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs L3pFsxNFICpBGmi.exe
            Source: L3pFsxNFICpBGmi.exe, 00000000.00000002.2179546143.0000000007280000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs L3pFsxNFICpBGmi.exe
            Source: L3pFsxNFICpBGmi.exe, 00000000.00000002.2160601217.0000000002861000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMML.dll2 vs L3pFsxNFICpBGmi.exe
            Source: L3pFsxNFICpBGmi.exe, 00000000.00000002.2178360469.0000000007200000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMML.dll2 vs L3pFsxNFICpBGmi.exe
            Source: L3pFsxNFICpBGmi.exe, 00000000.00000000.2136997645.0000000000504000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameqVcY.exe2 vs L3pFsxNFICpBGmi.exe
            Source: L3pFsxNFICpBGmi.exe, 00000007.00000002.2369047392.00000000011DD000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs L3pFsxNFICpBGmi.exe
            Source: L3pFsxNFICpBGmi.exeBinary or memory string: OriginalFilenameqVcY.exe2 vs L3pFsxNFICpBGmi.exe
            Source: L3pFsxNFICpBGmi.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: 7.2.L3pFsxNFICpBGmi.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 7.2.L3pFsxNFICpBGmi.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000007.00000002.2368050884.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000007.00000002.2368458197.0000000000BE0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: L3pFsxNFICpBGmi.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: VgPjxShbdbBH.exe.0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: 0.2.L3pFsxNFICpBGmi.exe.7280000.5.raw.unpack, vRsUOtLODDDDFdDlot.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.L3pFsxNFICpBGmi.exe.7280000.5.raw.unpack, rsTBOyOF7WfQBcJnO8.csSecurity API names: _0020.SetAccessControl
            Source: 0.2.L3pFsxNFICpBGmi.exe.7280000.5.raw.unpack, rsTBOyOF7WfQBcJnO8.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.L3pFsxNFICpBGmi.exe.7280000.5.raw.unpack, rsTBOyOF7WfQBcJnO8.csSecurity API names: _0020.AddAccessRule
            Source: 0.2.L3pFsxNFICpBGmi.exe.3be1a10.2.raw.unpack, rsTBOyOF7WfQBcJnO8.csSecurity API names: _0020.SetAccessControl
            Source: 0.2.L3pFsxNFICpBGmi.exe.3be1a10.2.raw.unpack, rsTBOyOF7WfQBcJnO8.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.L3pFsxNFICpBGmi.exe.3be1a10.2.raw.unpack, rsTBOyOF7WfQBcJnO8.csSecurity API names: _0020.AddAccessRule
            Source: 0.2.L3pFsxNFICpBGmi.exe.3be1a10.2.raw.unpack, vRsUOtLODDDDFdDlot.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.L3pFsxNFICpBGmi.exe.3c69830.1.raw.unpack, rsTBOyOF7WfQBcJnO8.csSecurity API names: _0020.SetAccessControl
            Source: 0.2.L3pFsxNFICpBGmi.exe.3c69830.1.raw.unpack, rsTBOyOF7WfQBcJnO8.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.L3pFsxNFICpBGmi.exe.3c69830.1.raw.unpack, rsTBOyOF7WfQBcJnO8.csSecurity API names: _0020.AddAccessRule
            Source: 0.2.L3pFsxNFICpBGmi.exe.3c69830.1.raw.unpack, vRsUOtLODDDDFdDlot.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: classification engineClassification label: mal100.troj.evad.winEXE@18/11@1/0
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeFile created: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeJump to behavior
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeMutant created: NULL
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5336:120:WilError_03
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2104:120:WilError_03
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5680:120:WilError_03
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeFile created: C:\Users\user\AppData\Local\Temp\tmp4C43.tmpJump to behavior
            Source: L3pFsxNFICpBGmi.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: L3pFsxNFICpBGmi.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: L3pFsxNFICpBGmi.exeVirustotal: Detection: 35%
            Source: L3pFsxNFICpBGmi.exeReversingLabs: Detection: 83%
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeFile read: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeJump to behavior
            Source: unknownProcess created: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exe "C:\Users\user\Desktop\L3pFsxNFICpBGmi.exe"
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exe"
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\VgPjxShbdbBH" /XML "C:\Users\user\AppData\Local\Temp\tmp4C43.tmp"
            Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeProcess created: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exe "C:\Users\user\Desktop\L3pFsxNFICpBGmi.exe"
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
            Source: unknownProcess created: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exe C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exe
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\VgPjxShbdbBH" /XML "C:\Users\user\AppData\Local\Temp\tmp5CCE.tmp"
            Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeProcess created: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exe "C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exe"
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeProcess created: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exe "C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exe"
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exe"Jump to behavior
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\VgPjxShbdbBH" /XML "C:\Users\user\AppData\Local\Temp\tmp4C43.tmp"Jump to behavior
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeProcess created: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exe "C:\Users\user\Desktop\L3pFsxNFICpBGmi.exe"Jump to behavior
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\VgPjxShbdbBH" /XML "C:\Users\user\AppData\Local\Temp\tmp5CCE.tmp"Jump to behavior
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeProcess created: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exe "C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exe"Jump to behavior
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeProcess created: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exe "C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exe"Jump to behavior
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeSection loaded: dwrite.dllJump to behavior
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeSection loaded: windowscodecs.dllJump to behavior
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeSection loaded: ntmarta.dllJump to behavior
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeSection loaded: edputil.dllJump to behavior
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeSection loaded: urlmon.dllJump to behavior
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeSection loaded: windows.staterepositoryps.dllJump to behavior
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeSection loaded: appresolver.dllJump to behavior
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeSection loaded: bcp47langs.dllJump to behavior
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeSection loaded: slc.dllJump to behavior
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeSection loaded: sppc.dllJump to behavior
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeSection loaded: onecorecommonproxystub.dllJump to behavior
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
            Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dllJump to behavior
            Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: fastprox.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: ncobjapi.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mpclient.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wmitomi.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mi.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeSection loaded: dwrite.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeSection loaded: windowscodecs.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeSection loaded: edputil.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeSection loaded: urlmon.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeSection loaded: windows.staterepositoryps.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeSection loaded: appresolver.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeSection loaded: bcp47langs.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeSection loaded: slc.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeSection loaded: sppc.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeSection loaded: onecorecommonproxystub.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
            Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dllJump to behavior
            Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
            Source: Window RecorderWindow detected: More than 3 window changes detected
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
            Source: L3pFsxNFICpBGmi.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
            Source: L3pFsxNFICpBGmi.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: L3pFsxNFICpBGmi.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
            Source: Binary string: qVcY.pdb- source: L3pFsxNFICpBGmi.exe, 00000000.00000002.2177605427.000000000703A000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdbUGP source: L3pFsxNFICpBGmi.exe, 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: L3pFsxNFICpBGmi.exe, L3pFsxNFICpBGmi.exe, 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: qVcY.pdb source: L3pFsxNFICpBGmi.exe, VgPjxShbdbBH.exe.0.dr
            Source: Binary string: qVcY.pdbSHA256 source: L3pFsxNFICpBGmi.exe, VgPjxShbdbBH.exe.0.dr

            Data Obfuscation

            barindex
            .NET source code contains potential unpacker
            Source: 0.2.L3pFsxNFICpBGmi.exe.3c69830.1.raw.unpack, rsTBOyOF7WfQBcJnO8.cs.Net Code: oxCmLb4yxk System.Reflection.Assembly.Load(byte[])
            Source: 0.2.L3pFsxNFICpBGmi.exe.7200000.3.raw.unpack, -.cs.Net Code: _0001 System.Reflection.Assembly.Load(byte[])
            Source: 0.2.L3pFsxNFICpBGmi.exe.7200000.3.raw.unpack, PingPong.cs.Net Code: Justy
            Source: 0.2.L3pFsxNFICpBGmi.exe.3be1a10.2.raw.unpack, rsTBOyOF7WfQBcJnO8.cs.Net Code: oxCmLb4yxk System.Reflection.Assembly.Load(byte[])
            Source: 0.2.L3pFsxNFICpBGmi.exe.7280000.5.raw.unpack, rsTBOyOF7WfQBcJnO8.cs.Net Code: oxCmLb4yxk System.Reflection.Assembly.Load(byte[])
            Source: 0.2.L3pFsxNFICpBGmi.exe.288a0e4.0.raw.unpack, -.cs.Net Code: _0001 System.Reflection.Assembly.Load(byte[])
            Source: 0.2.L3pFsxNFICpBGmi.exe.288a0e4.0.raw.unpack, PingPong.cs.Net Code: Justy
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 0_2_06E39801 push 9806E4BEh; iretd 0_2_06E3980D
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 0_2_06FFC8CB push esp; ret 0_2_06FFC8D1
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 0_2_06FFD9E8 push eax; iretd 0_2_06FFD9E9
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0041F80D pushad ; iretd 7_2_0041F82A
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0041F83A pushad ; iretd 7_2_0041F82A
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0040D83D push 024B2A5Ch; iretd 7_2_0040D85E
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_00419287 push eax; iretd 7_2_00419288
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_00423BE8 push ss; iretd 7_2_00423BEE
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_00424397 push 00000068h; retf 7_2_00424399
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0040D473 push ebx; iretd 7_2_0040D475
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_004194AF push esi; iretd 7_2_004194B0
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_00403570 push eax; ret 7_2_00403572
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0040D64B push DD34D148h; ret 7_2_0040D650
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_00414F0D push ss; iretd 7_2_00414F0E
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010B225F pushad ; ret 7_2_010B27F9
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010B27FA pushad ; ret 7_2_010B27F9
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010E09AD push ecx; mov dword ptr [esp], ecx7_2_010E09B6
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010B283D push eax; iretd 7_2_010B2858
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010B1366 push eax; iretd 7_2_010B1369
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeCode function: 9_2_0760D9E8 push eax; iretd 9_2_0760D9E9
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeCode function: 9_2_0760C8CA push esp; ret 9_2_0760C8D1
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeCode function: 13_2_0135C54D pushfd ; ret 13_2_0135C54E
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeCode function: 13_2_0135C54F push 8B012E67h; ret 13_2_0135C554
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeCode function: 13_2_013109AD push ecx; mov dword ptr [esp], ecx13_2_013109B6
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeCode function: 13_2_0135C9D7 push edi; ret 13_2_0135C9D9
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeCode function: 13_2_012E1368 push eax; iretd 13_2_012E1369
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeCode function: 13_2_012E1FEC push eax; iretd 13_2_012E1FED
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeCode function: 13_2_01367E99 push ecx; ret 13_2_01367EAC
            Source: L3pFsxNFICpBGmi.exeStatic PE information: section name: .text entropy: 7.92691719537184
            Source: VgPjxShbdbBH.exe.0.drStatic PE information: section name: .text entropy: 7.92691719537184
            Source: 0.2.L3pFsxNFICpBGmi.exe.3c69830.1.raw.unpack, Mf9fGZCUtxLE1lxTi2.csHigh entropy of concatenated method names: 'yfm4ZdOayl', 'WNT4KhmF0q', 'Jia426vlpP', 'hjp4QvqV0u', 'hhm4qJR8oa', 'cB743lsnZt', 'e0Q371GZHYDfaM4FCD', 'pXgPYJ4kvqCljDTQHc', 'wnYL6Z1pxqvdhkS9Q1', 'RX244dg40c'
            Source: 0.2.L3pFsxNFICpBGmi.exe.3c69830.1.raw.unpack, E0lA2XkHhq24UrfrL2S.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'LfxbIj3oas', 'kkqbuQu0tE', 'oRLb9JMsc1', 'rFnb09dDp1', 'w2jbTrsBor', 'j8Ebh6CxvI', 's7xbgtNSqG'
            Source: 0.2.L3pFsxNFICpBGmi.exe.3c69830.1.raw.unpack, gAgUdLkkn3pE9McEd3O.csHigh entropy of concatenated method names: 'ToString', 'Xq0bVPhAIC', 'DrcbmkMGfJ', 'qjBbNxk0hH', 'afebPl1SXl', 'hfCbcCxrt3', 'oF1bYGlgQ4', 'Lx9bOBWiL6', 'cqeuQHrEGvW6Bc0Ky3c', 'RNQOFRrggq7GYEis471'
            Source: 0.2.L3pFsxNFICpBGmi.exe.3c69830.1.raw.unpack, o4jfPcyns5C1jwO5Ml.csHigh entropy of concatenated method names: 'kXfYiCie0T', 'aMuY5Wciyt', 'lhVYfj6xCh', 'MFYYF9Zllx', 'oH8YqJBpeM', 'evXY3Sf3jZ', 'KMnYMQEtKZ', 'yqLYvj5SKW', 'mJVYoecjLU', 'WtiYb5rg2r'
            Source: 0.2.L3pFsxNFICpBGmi.exe.3c69830.1.raw.unpack, WXZTa3wOMcwmvT2dy5.csHigh entropy of concatenated method names: 'HCqq8ky7V6', 'DxAq7yW6Js', 'wOjqISZm3m', 'HNequ25xgD', 'gRLqHlLXnm', 'FiEqdDUF69', 'HhgqDAOLul', 'kUsq1uOoXp', 'oIoqlLwcOA', 'Sr2qeAVSHw'
            Source: 0.2.L3pFsxNFICpBGmi.exe.3c69830.1.raw.unpack, m8imPH8RDiKdEpb5Cu.csHigh entropy of concatenated method names: 'tL0LBe6mU', 'SZfijWbpJ', 'UXe5KJUgq', 'Y8fUMcGEo', 'kFYFOrOtf', 'TCCCkve7s', 'UgOUDr899Ib6RMAy4C', 'akjlqxEDyPNdGo0mxs', 'pBrv4qT9V', 'jfLbPFsvJ'
            Source: 0.2.L3pFsxNFICpBGmi.exe.3c69830.1.raw.unpack, vRsUOtLODDDDFdDlot.csHigh entropy of concatenated method names: 'AZscItTqYL', 'cuccuGrhRr', 'sARc9yrEQi', 'kcuc0hVXYP', 'JOecTu1RfO', 'diDchjAeQj', 't85cg8UhVq', 'sLRcxFnGdA', 'iHfcRewb8Y', 'FZTcJmqnIp'
            Source: 0.2.L3pFsxNFICpBGmi.exe.3c69830.1.raw.unpack, hXOejlIqi6RstsrJkQ.csHigh entropy of concatenated method names: 'rAuZyCA1MO', 'XKhZXonxBk', 'IVjZLrpD8C', 'tkGZiA4sH5', 'OUrZ6XrXmg', 'zl7Z5s2VNW', 'UapZU3d8Gc', 'UntZfYph9G', 'fXsZFhbUXr', 'gDaZCXKkRR'
            Source: 0.2.L3pFsxNFICpBGmi.exe.3c69830.1.raw.unpack, OfEwCHr7TwVojPnX3J.csHigh entropy of concatenated method names: 'yQLrf6E2MW', 'cx1rFR89TO', 'VChrWEMaO8', 'ei5rHi7tFs', 'SBlrDuPVY2', 'IXsr1UlOIx', 'BnvreaEona', 'eCjrGAC6Xk', 'IElr8AIMfb', 'oNfrAPPXFv'
            Source: 0.2.L3pFsxNFICpBGmi.exe.3c69830.1.raw.unpack, rtN0ht0FqLVQlHkL8d.csHigh entropy of concatenated method names: 'uFTo4HEt5Z', 'o5NoVuyIU7', 'LJJom7YeC4', 'zAKoP0xojf', 'CCCocNf7xi', 'sFHoOKUlY9', 'xOWoSEq9fq', 'WpRvgJpJ8y', 'CYHvxBUEse', 'bQbvRr7wCc'
            Source: 0.2.L3pFsxNFICpBGmi.exe.3c69830.1.raw.unpack, dqL8rN4QOXDT7rVqEb.csHigh entropy of concatenated method names: 'x2WvW5Ugp0', 'hpbvH4GUFn', 'PbMvdjaKRo', 'K0EvDhcDcV', 'poCvIf1tva', 'OZTv1ZvVqZ', 'Next', 'Next', 'Next', 'NextBytes'
            Source: 0.2.L3pFsxNFICpBGmi.exe.3c69830.1.raw.unpack, MoCqVYkqqcmxrpVO3KG.csHigh entropy of concatenated method names: 'L8coyTQwgM', 'wHIoXfJNI2', 'NeLoLKyR5L', 'PKxoiFcKGB', 'f9ro6CCVpf', 'eUuo5oyvtS', 'EBqoUAoFRI', 'zSMoffv33Y', 'Y1yoFkqV3h', 'CYToCrNyyj'
            Source: 0.2.L3pFsxNFICpBGmi.exe.3c69830.1.raw.unpack, jGh0f6da7wPlrjUftu.csHigh entropy of concatenated method names: 's9vvPuDBap', 'VdXvcB9fXd', 'tFdvYuhD1t', 'iGMvOnOyrk', 'xvwvSqUol2', 'hiJvZW0goZ', 'oa8vKXRIwD', 'wAGvnOYAbO', 'QsNv2Hsj5l', 'jqovQi9GI8'
            Source: 0.2.L3pFsxNFICpBGmi.exe.3c69830.1.raw.unpack, MLZsOCVH9oEcSAMSXk.csHigh entropy of concatenated method names: 'LgPMxiL0AW', 'U15MJSnL4i', 'rNVvaJ4MXC', 'Ctkv4GGM7x', 'i3nMAEDlnh', 'iRbM7U6djy', 'XM8Mw8ZOlY', 'YZeMIh4HoV', 'EbUMu0gCOL', 'jtkM9Gvaaa'
            Source: 0.2.L3pFsxNFICpBGmi.exe.3c69830.1.raw.unpack, rsTBOyOF7WfQBcJnO8.csHigh entropy of concatenated method names: 'WGxVNL7rXJ', 'ibvVPh4U9s', 'PRjVcouqg0', 'FNdVYEe8qh', 'B8CVOfXgLu', 'iSPVS6lKoG', 'P1CVZ7S6Fx', 'rtjVKDsO94', 'aLKVnYAJRS', 'BdcV2F1fYS'
            Source: 0.2.L3pFsxNFICpBGmi.exe.3c69830.1.raw.unpack, lX8mGBzbZKqfy9eq3E.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'IflorU8eu6', 'fn7oq2pcpi', 'VORo3DJRjS', 'g6woM50kpH', 'cSAov48fLs', 'ULaoo3maaX', 'NyEob1pJE4'
            Source: 0.2.L3pFsxNFICpBGmi.exe.3c69830.1.raw.unpack, lipLHQA0HXPkqBR4Xo.csHigh entropy of concatenated method names: 'tTfM2whN7w', 'x0lMQ0MlUu', 'ToString', 'DK0MPOMj8f', 'IhQMccvJ5y', 'QLCMYakgXx', 'mpLMOEA56i', 'GmrMSvSuqi', 'fP6MZW0Qqq', 'DgvMKIN1JH'
            Source: 0.2.L3pFsxNFICpBGmi.exe.3c69830.1.raw.unpack, KZBhJ4sOaOwuQCN5j1.csHigh entropy of concatenated method names: 'Dispose', 'Guj4RaYSGi', 'N3MpHjPej3', 'Xm8BBqHEC3', 'Cd74JxqlrQ', 'kM44zxs1qD', 'ProcessDialogKey', 'NB4pa6jTy7', 'c89p4jf46R', 'UaCppnCd07'
            Source: 0.2.L3pFsxNFICpBGmi.exe.3c69830.1.raw.unpack, PAdjSefqVd3d1MbrPP.csHigh entropy of concatenated method names: 'y4rZPNbbqR', 'yqqZYSsM6F', 'NE8ZSryJ1N', 'pOpSJycumZ', 'pmiSzluaOV', 'c7NZaqrIwW', 'HYYZ4nWFjV', 'KCJZpQY07w', 'N2XZVyX9vv', 'hcEZmklQib'
            Source: 0.2.L3pFsxNFICpBGmi.exe.3c69830.1.raw.unpack, bgWR3SlvGBnIBeVV8B.csHigh entropy of concatenated method names: 'ToString', 'lhu3AlUpI6', 'MG13HUCEKJ', 'ISJ3dtTTDW', 'XEi3D71vk3', 'rNx31IDaGC', 'MHG3lvuUl9', 'wdO3ekxdD2', 'qIt3GnFxMC', 'Mbm3t3XlFJ'
            Source: 0.2.L3pFsxNFICpBGmi.exe.3c69830.1.raw.unpack, U53nLycTvhMOpauPXv.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'CvspR2adLY', 'r6KpJF3alV', 'c5npzYdEow', 'bVoVamUGym', 'Ne5V4ry4Tr', 'njpVpRE06m', 'PhCVVjCdXU', 's13t5AHlJmIc2coLvXi'
            Source: 0.2.L3pFsxNFICpBGmi.exe.3c69830.1.raw.unpack, qBl9b0GxTlxFFuCRK2.csHigh entropy of concatenated method names: 'KfpSNjMeG7', 'OnaScBadpM', 'G5xSOUX7vH', 'eOUSZ8EbGD', 'AHFSK2xpUH', 'gnkOTPa7Br', 'hL6Ohhp91e', 'y7bOgNVkGW', 'sGMOxRP4GS', 'wLoORbLJ8X'
            Source: 0.2.L3pFsxNFICpBGmi.exe.3be1a10.2.raw.unpack, Mf9fGZCUtxLE1lxTi2.csHigh entropy of concatenated method names: 'yfm4ZdOayl', 'WNT4KhmF0q', 'Jia426vlpP', 'hjp4QvqV0u', 'hhm4qJR8oa', 'cB743lsnZt', 'e0Q371GZHYDfaM4FCD', 'pXgPYJ4kvqCljDTQHc', 'wnYL6Z1pxqvdhkS9Q1', 'RX244dg40c'
            Source: 0.2.L3pFsxNFICpBGmi.exe.3be1a10.2.raw.unpack, E0lA2XkHhq24UrfrL2S.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'LfxbIj3oas', 'kkqbuQu0tE', 'oRLb9JMsc1', 'rFnb09dDp1', 'w2jbTrsBor', 'j8Ebh6CxvI', 's7xbgtNSqG'
            Source: 0.2.L3pFsxNFICpBGmi.exe.3be1a10.2.raw.unpack, gAgUdLkkn3pE9McEd3O.csHigh entropy of concatenated method names: 'ToString', 'Xq0bVPhAIC', 'DrcbmkMGfJ', 'qjBbNxk0hH', 'afebPl1SXl', 'hfCbcCxrt3', 'oF1bYGlgQ4', 'Lx9bOBWiL6', 'cqeuQHrEGvW6Bc0Ky3c', 'RNQOFRrggq7GYEis471'
            Source: 0.2.L3pFsxNFICpBGmi.exe.3be1a10.2.raw.unpack, o4jfPcyns5C1jwO5Ml.csHigh entropy of concatenated method names: 'kXfYiCie0T', 'aMuY5Wciyt', 'lhVYfj6xCh', 'MFYYF9Zllx', 'oH8YqJBpeM', 'evXY3Sf3jZ', 'KMnYMQEtKZ', 'yqLYvj5SKW', 'mJVYoecjLU', 'WtiYb5rg2r'
            Source: 0.2.L3pFsxNFICpBGmi.exe.3be1a10.2.raw.unpack, WXZTa3wOMcwmvT2dy5.csHigh entropy of concatenated method names: 'HCqq8ky7V6', 'DxAq7yW6Js', 'wOjqISZm3m', 'HNequ25xgD', 'gRLqHlLXnm', 'FiEqdDUF69', 'HhgqDAOLul', 'kUsq1uOoXp', 'oIoqlLwcOA', 'Sr2qeAVSHw'
            Source: 0.2.L3pFsxNFICpBGmi.exe.3be1a10.2.raw.unpack, m8imPH8RDiKdEpb5Cu.csHigh entropy of concatenated method names: 'tL0LBe6mU', 'SZfijWbpJ', 'UXe5KJUgq', 'Y8fUMcGEo', 'kFYFOrOtf', 'TCCCkve7s', 'UgOUDr899Ib6RMAy4C', 'akjlqxEDyPNdGo0mxs', 'pBrv4qT9V', 'jfLbPFsvJ'
            Source: 0.2.L3pFsxNFICpBGmi.exe.3be1a10.2.raw.unpack, vRsUOtLODDDDFdDlot.csHigh entropy of concatenated method names: 'AZscItTqYL', 'cuccuGrhRr', 'sARc9yrEQi', 'kcuc0hVXYP', 'JOecTu1RfO', 'diDchjAeQj', 't85cg8UhVq', 'sLRcxFnGdA', 'iHfcRewb8Y', 'FZTcJmqnIp'
            Source: 0.2.L3pFsxNFICpBGmi.exe.3be1a10.2.raw.unpack, hXOejlIqi6RstsrJkQ.csHigh entropy of concatenated method names: 'rAuZyCA1MO', 'XKhZXonxBk', 'IVjZLrpD8C', 'tkGZiA4sH5', 'OUrZ6XrXmg', 'zl7Z5s2VNW', 'UapZU3d8Gc', 'UntZfYph9G', 'fXsZFhbUXr', 'gDaZCXKkRR'
            Source: 0.2.L3pFsxNFICpBGmi.exe.3be1a10.2.raw.unpack, OfEwCHr7TwVojPnX3J.csHigh entropy of concatenated method names: 'yQLrf6E2MW', 'cx1rFR89TO', 'VChrWEMaO8', 'ei5rHi7tFs', 'SBlrDuPVY2', 'IXsr1UlOIx', 'BnvreaEona', 'eCjrGAC6Xk', 'IElr8AIMfb', 'oNfrAPPXFv'
            Source: 0.2.L3pFsxNFICpBGmi.exe.3be1a10.2.raw.unpack, rtN0ht0FqLVQlHkL8d.csHigh entropy of concatenated method names: 'uFTo4HEt5Z', 'o5NoVuyIU7', 'LJJom7YeC4', 'zAKoP0xojf', 'CCCocNf7xi', 'sFHoOKUlY9', 'xOWoSEq9fq', 'WpRvgJpJ8y', 'CYHvxBUEse', 'bQbvRr7wCc'
            Source: 0.2.L3pFsxNFICpBGmi.exe.3be1a10.2.raw.unpack, dqL8rN4QOXDT7rVqEb.csHigh entropy of concatenated method names: 'x2WvW5Ugp0', 'hpbvH4GUFn', 'PbMvdjaKRo', 'K0EvDhcDcV', 'poCvIf1tva', 'OZTv1ZvVqZ', 'Next', 'Next', 'Next', 'NextBytes'
            Source: 0.2.L3pFsxNFICpBGmi.exe.3be1a10.2.raw.unpack, MoCqVYkqqcmxrpVO3KG.csHigh entropy of concatenated method names: 'L8coyTQwgM', 'wHIoXfJNI2', 'NeLoLKyR5L', 'PKxoiFcKGB', 'f9ro6CCVpf', 'eUuo5oyvtS', 'EBqoUAoFRI', 'zSMoffv33Y', 'Y1yoFkqV3h', 'CYToCrNyyj'
            Source: 0.2.L3pFsxNFICpBGmi.exe.3be1a10.2.raw.unpack, jGh0f6da7wPlrjUftu.csHigh entropy of concatenated method names: 's9vvPuDBap', 'VdXvcB9fXd', 'tFdvYuhD1t', 'iGMvOnOyrk', 'xvwvSqUol2', 'hiJvZW0goZ', 'oa8vKXRIwD', 'wAGvnOYAbO', 'QsNv2Hsj5l', 'jqovQi9GI8'
            Source: 0.2.L3pFsxNFICpBGmi.exe.3be1a10.2.raw.unpack, MLZsOCVH9oEcSAMSXk.csHigh entropy of concatenated method names: 'LgPMxiL0AW', 'U15MJSnL4i', 'rNVvaJ4MXC', 'Ctkv4GGM7x', 'i3nMAEDlnh', 'iRbM7U6djy', 'XM8Mw8ZOlY', 'YZeMIh4HoV', 'EbUMu0gCOL', 'jtkM9Gvaaa'
            Source: 0.2.L3pFsxNFICpBGmi.exe.3be1a10.2.raw.unpack, rsTBOyOF7WfQBcJnO8.csHigh entropy of concatenated method names: 'WGxVNL7rXJ', 'ibvVPh4U9s', 'PRjVcouqg0', 'FNdVYEe8qh', 'B8CVOfXgLu', 'iSPVS6lKoG', 'P1CVZ7S6Fx', 'rtjVKDsO94', 'aLKVnYAJRS', 'BdcV2F1fYS'
            Source: 0.2.L3pFsxNFICpBGmi.exe.3be1a10.2.raw.unpack, lX8mGBzbZKqfy9eq3E.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'IflorU8eu6', 'fn7oq2pcpi', 'VORo3DJRjS', 'g6woM50kpH', 'cSAov48fLs', 'ULaoo3maaX', 'NyEob1pJE4'
            Source: 0.2.L3pFsxNFICpBGmi.exe.3be1a10.2.raw.unpack, lipLHQA0HXPkqBR4Xo.csHigh entropy of concatenated method names: 'tTfM2whN7w', 'x0lMQ0MlUu', 'ToString', 'DK0MPOMj8f', 'IhQMccvJ5y', 'QLCMYakgXx', 'mpLMOEA56i', 'GmrMSvSuqi', 'fP6MZW0Qqq', 'DgvMKIN1JH'
            Source: 0.2.L3pFsxNFICpBGmi.exe.3be1a10.2.raw.unpack, KZBhJ4sOaOwuQCN5j1.csHigh entropy of concatenated method names: 'Dispose', 'Guj4RaYSGi', 'N3MpHjPej3', 'Xm8BBqHEC3', 'Cd74JxqlrQ', 'kM44zxs1qD', 'ProcessDialogKey', 'NB4pa6jTy7', 'c89p4jf46R', 'UaCppnCd07'
            Source: 0.2.L3pFsxNFICpBGmi.exe.3be1a10.2.raw.unpack, PAdjSefqVd3d1MbrPP.csHigh entropy of concatenated method names: 'y4rZPNbbqR', 'yqqZYSsM6F', 'NE8ZSryJ1N', 'pOpSJycumZ', 'pmiSzluaOV', 'c7NZaqrIwW', 'HYYZ4nWFjV', 'KCJZpQY07w', 'N2XZVyX9vv', 'hcEZmklQib'
            Source: 0.2.L3pFsxNFICpBGmi.exe.3be1a10.2.raw.unpack, bgWR3SlvGBnIBeVV8B.csHigh entropy of concatenated method names: 'ToString', 'lhu3AlUpI6', 'MG13HUCEKJ', 'ISJ3dtTTDW', 'XEi3D71vk3', 'rNx31IDaGC', 'MHG3lvuUl9', 'wdO3ekxdD2', 'qIt3GnFxMC', 'Mbm3t3XlFJ'
            Source: 0.2.L3pFsxNFICpBGmi.exe.3be1a10.2.raw.unpack, U53nLycTvhMOpauPXv.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'CvspR2adLY', 'r6KpJF3alV', 'c5npzYdEow', 'bVoVamUGym', 'Ne5V4ry4Tr', 'njpVpRE06m', 'PhCVVjCdXU', 's13t5AHlJmIc2coLvXi'
            Source: 0.2.L3pFsxNFICpBGmi.exe.3be1a10.2.raw.unpack, qBl9b0GxTlxFFuCRK2.csHigh entropy of concatenated method names: 'KfpSNjMeG7', 'OnaScBadpM', 'G5xSOUX7vH', 'eOUSZ8EbGD', 'AHFSK2xpUH', 'gnkOTPa7Br', 'hL6Ohhp91e', 'y7bOgNVkGW', 'sGMOxRP4GS', 'wLoORbLJ8X'
            Source: 0.2.L3pFsxNFICpBGmi.exe.7280000.5.raw.unpack, Mf9fGZCUtxLE1lxTi2.csHigh entropy of concatenated method names: 'yfm4ZdOayl', 'WNT4KhmF0q', 'Jia426vlpP', 'hjp4QvqV0u', 'hhm4qJR8oa', 'cB743lsnZt', 'e0Q371GZHYDfaM4FCD', 'pXgPYJ4kvqCljDTQHc', 'wnYL6Z1pxqvdhkS9Q1', 'RX244dg40c'
            Source: 0.2.L3pFsxNFICpBGmi.exe.7280000.5.raw.unpack, E0lA2XkHhq24UrfrL2S.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'LfxbIj3oas', 'kkqbuQu0tE', 'oRLb9JMsc1', 'rFnb09dDp1', 'w2jbTrsBor', 'j8Ebh6CxvI', 's7xbgtNSqG'
            Source: 0.2.L3pFsxNFICpBGmi.exe.7280000.5.raw.unpack, gAgUdLkkn3pE9McEd3O.csHigh entropy of concatenated method names: 'ToString', 'Xq0bVPhAIC', 'DrcbmkMGfJ', 'qjBbNxk0hH', 'afebPl1SXl', 'hfCbcCxrt3', 'oF1bYGlgQ4', 'Lx9bOBWiL6', 'cqeuQHrEGvW6Bc0Ky3c', 'RNQOFRrggq7GYEis471'
            Source: 0.2.L3pFsxNFICpBGmi.exe.7280000.5.raw.unpack, o4jfPcyns5C1jwO5Ml.csHigh entropy of concatenated method names: 'kXfYiCie0T', 'aMuY5Wciyt', 'lhVYfj6xCh', 'MFYYF9Zllx', 'oH8YqJBpeM', 'evXY3Sf3jZ', 'KMnYMQEtKZ', 'yqLYvj5SKW', 'mJVYoecjLU', 'WtiYb5rg2r'
            Source: 0.2.L3pFsxNFICpBGmi.exe.7280000.5.raw.unpack, WXZTa3wOMcwmvT2dy5.csHigh entropy of concatenated method names: 'HCqq8ky7V6', 'DxAq7yW6Js', 'wOjqISZm3m', 'HNequ25xgD', 'gRLqHlLXnm', 'FiEqdDUF69', 'HhgqDAOLul', 'kUsq1uOoXp', 'oIoqlLwcOA', 'Sr2qeAVSHw'
            Source: 0.2.L3pFsxNFICpBGmi.exe.7280000.5.raw.unpack, m8imPH8RDiKdEpb5Cu.csHigh entropy of concatenated method names: 'tL0LBe6mU', 'SZfijWbpJ', 'UXe5KJUgq', 'Y8fUMcGEo', 'kFYFOrOtf', 'TCCCkve7s', 'UgOUDr899Ib6RMAy4C', 'akjlqxEDyPNdGo0mxs', 'pBrv4qT9V', 'jfLbPFsvJ'
            Source: 0.2.L3pFsxNFICpBGmi.exe.7280000.5.raw.unpack, vRsUOtLODDDDFdDlot.csHigh entropy of concatenated method names: 'AZscItTqYL', 'cuccuGrhRr', 'sARc9yrEQi', 'kcuc0hVXYP', 'JOecTu1RfO', 'diDchjAeQj', 't85cg8UhVq', 'sLRcxFnGdA', 'iHfcRewb8Y', 'FZTcJmqnIp'
            Source: 0.2.L3pFsxNFICpBGmi.exe.7280000.5.raw.unpack, hXOejlIqi6RstsrJkQ.csHigh entropy of concatenated method names: 'rAuZyCA1MO', 'XKhZXonxBk', 'IVjZLrpD8C', 'tkGZiA4sH5', 'OUrZ6XrXmg', 'zl7Z5s2VNW', 'UapZU3d8Gc', 'UntZfYph9G', 'fXsZFhbUXr', 'gDaZCXKkRR'
            Source: 0.2.L3pFsxNFICpBGmi.exe.7280000.5.raw.unpack, OfEwCHr7TwVojPnX3J.csHigh entropy of concatenated method names: 'yQLrf6E2MW', 'cx1rFR89TO', 'VChrWEMaO8', 'ei5rHi7tFs', 'SBlrDuPVY2', 'IXsr1UlOIx', 'BnvreaEona', 'eCjrGAC6Xk', 'IElr8AIMfb', 'oNfrAPPXFv'
            Source: 0.2.L3pFsxNFICpBGmi.exe.7280000.5.raw.unpack, rtN0ht0FqLVQlHkL8d.csHigh entropy of concatenated method names: 'uFTo4HEt5Z', 'o5NoVuyIU7', 'LJJom7YeC4', 'zAKoP0xojf', 'CCCocNf7xi', 'sFHoOKUlY9', 'xOWoSEq9fq', 'WpRvgJpJ8y', 'CYHvxBUEse', 'bQbvRr7wCc'
            Source: 0.2.L3pFsxNFICpBGmi.exe.7280000.5.raw.unpack, dqL8rN4QOXDT7rVqEb.csHigh entropy of concatenated method names: 'x2WvW5Ugp0', 'hpbvH4GUFn', 'PbMvdjaKRo', 'K0EvDhcDcV', 'poCvIf1tva', 'OZTv1ZvVqZ', 'Next', 'Next', 'Next', 'NextBytes'
            Source: 0.2.L3pFsxNFICpBGmi.exe.7280000.5.raw.unpack, MoCqVYkqqcmxrpVO3KG.csHigh entropy of concatenated method names: 'L8coyTQwgM', 'wHIoXfJNI2', 'NeLoLKyR5L', 'PKxoiFcKGB', 'f9ro6CCVpf', 'eUuo5oyvtS', 'EBqoUAoFRI', 'zSMoffv33Y', 'Y1yoFkqV3h', 'CYToCrNyyj'
            Source: 0.2.L3pFsxNFICpBGmi.exe.7280000.5.raw.unpack, jGh0f6da7wPlrjUftu.csHigh entropy of concatenated method names: 's9vvPuDBap', 'VdXvcB9fXd', 'tFdvYuhD1t', 'iGMvOnOyrk', 'xvwvSqUol2', 'hiJvZW0goZ', 'oa8vKXRIwD', 'wAGvnOYAbO', 'QsNv2Hsj5l', 'jqovQi9GI8'
            Source: 0.2.L3pFsxNFICpBGmi.exe.7280000.5.raw.unpack, MLZsOCVH9oEcSAMSXk.csHigh entropy of concatenated method names: 'LgPMxiL0AW', 'U15MJSnL4i', 'rNVvaJ4MXC', 'Ctkv4GGM7x', 'i3nMAEDlnh', 'iRbM7U6djy', 'XM8Mw8ZOlY', 'YZeMIh4HoV', 'EbUMu0gCOL', 'jtkM9Gvaaa'
            Source: 0.2.L3pFsxNFICpBGmi.exe.7280000.5.raw.unpack, rsTBOyOF7WfQBcJnO8.csHigh entropy of concatenated method names: 'WGxVNL7rXJ', 'ibvVPh4U9s', 'PRjVcouqg0', 'FNdVYEe8qh', 'B8CVOfXgLu', 'iSPVS6lKoG', 'P1CVZ7S6Fx', 'rtjVKDsO94', 'aLKVnYAJRS', 'BdcV2F1fYS'
            Source: 0.2.L3pFsxNFICpBGmi.exe.7280000.5.raw.unpack, lX8mGBzbZKqfy9eq3E.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'IflorU8eu6', 'fn7oq2pcpi', 'VORo3DJRjS', 'g6woM50kpH', 'cSAov48fLs', 'ULaoo3maaX', 'NyEob1pJE4'
            Source: 0.2.L3pFsxNFICpBGmi.exe.7280000.5.raw.unpack, lipLHQA0HXPkqBR4Xo.csHigh entropy of concatenated method names: 'tTfM2whN7w', 'x0lMQ0MlUu', 'ToString', 'DK0MPOMj8f', 'IhQMccvJ5y', 'QLCMYakgXx', 'mpLMOEA56i', 'GmrMSvSuqi', 'fP6MZW0Qqq', 'DgvMKIN1JH'
            Source: 0.2.L3pFsxNFICpBGmi.exe.7280000.5.raw.unpack, KZBhJ4sOaOwuQCN5j1.csHigh entropy of concatenated method names: 'Dispose', 'Guj4RaYSGi', 'N3MpHjPej3', 'Xm8BBqHEC3', 'Cd74JxqlrQ', 'kM44zxs1qD', 'ProcessDialogKey', 'NB4pa6jTy7', 'c89p4jf46R', 'UaCppnCd07'
            Source: 0.2.L3pFsxNFICpBGmi.exe.7280000.5.raw.unpack, PAdjSefqVd3d1MbrPP.csHigh entropy of concatenated method names: 'y4rZPNbbqR', 'yqqZYSsM6F', 'NE8ZSryJ1N', 'pOpSJycumZ', 'pmiSzluaOV', 'c7NZaqrIwW', 'HYYZ4nWFjV', 'KCJZpQY07w', 'N2XZVyX9vv', 'hcEZmklQib'
            Source: 0.2.L3pFsxNFICpBGmi.exe.7280000.5.raw.unpack, bgWR3SlvGBnIBeVV8B.csHigh entropy of concatenated method names: 'ToString', 'lhu3AlUpI6', 'MG13HUCEKJ', 'ISJ3dtTTDW', 'XEi3D71vk3', 'rNx31IDaGC', 'MHG3lvuUl9', 'wdO3ekxdD2', 'qIt3GnFxMC', 'Mbm3t3XlFJ'
            Source: 0.2.L3pFsxNFICpBGmi.exe.7280000.5.raw.unpack, U53nLycTvhMOpauPXv.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'CvspR2adLY', 'r6KpJF3alV', 'c5npzYdEow', 'bVoVamUGym', 'Ne5V4ry4Tr', 'njpVpRE06m', 'PhCVVjCdXU', 's13t5AHlJmIc2coLvXi'
            Source: 0.2.L3pFsxNFICpBGmi.exe.7280000.5.raw.unpack, qBl9b0GxTlxFFuCRK2.csHigh entropy of concatenated method names: 'KfpSNjMeG7', 'OnaScBadpM', 'G5xSOUX7vH', 'eOUSZ8EbGD', 'AHFSK2xpUH', 'gnkOTPa7Br', 'hL6Ohhp91e', 'y7bOgNVkGW', 'sGMOxRP4GS', 'wLoORbLJ8X'
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeFile created: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeJump to dropped file

            Boot Survival

            barindex
            Uses schtasks.exe or at.exe to add and modify task schedules
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\VgPjxShbdbBH" /XML "C:\Users\user\AppData\Local\Temp\tmp4C43.tmp"

            Hooking and other Techniques for Hiding and Protection

            barindex
            Loading BitLocker PowerShell Module
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

            Malware Analysis System Evasion

            barindex
            Yara detected AntiVM3
            Source: Yara matchFile source: Process Memory Space: L3pFsxNFICpBGmi.exe PID: 6536, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: VgPjxShbdbBH.exe PID: 3580, type: MEMORYSTR
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeMemory allocated: E70000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeMemory allocated: 2860000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeMemory allocated: 2660000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeMemory allocated: 75B0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeMemory allocated: 85B0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeMemory allocated: 8760000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeMemory allocated: 9760000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeMemory allocated: 1680000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeMemory allocated: 3380000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeMemory allocated: 5380000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeMemory allocated: 7F40000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeMemory allocated: 78D0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeMemory allocated: 8F40000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeMemory allocated: 9F40000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0112096E rdtsc 7_2_0112096E
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 6249Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2119Jump to behavior
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeAPI coverage: 0.6 %
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeAPI coverage: 0.3 %
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exe TID: 2748Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 2196Thread sleep time: -5534023222112862s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 4420Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exe TID: 3640Thread sleep time: -30000s >= -30000sJump to behavior
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exe TID: 2968Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exe TID: 6336Thread sleep time: -30000s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeLast function: Thread delayed
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeProcess queried: DebugPortJump to behavior
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeProcess queried: DebugPortJump to behavior
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0112096E rdtsc 7_2_0112096E
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_00417B73 LdrLoadDll,7_2_00417B73
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0118A118 mov ecx, dword ptr fs:[00000030h]7_2_0118A118
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0118A118 mov eax, dword ptr fs:[00000030h]7_2_0118A118
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0118A118 mov eax, dword ptr fs:[00000030h]7_2_0118A118
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0118A118 mov eax, dword ptr fs:[00000030h]7_2_0118A118
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_011A0115 mov eax, dword ptr fs:[00000030h]7_2_011A0115
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0118E10E mov eax, dword ptr fs:[00000030h]7_2_0118E10E
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0118E10E mov ecx, dword ptr fs:[00000030h]7_2_0118E10E
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0118E10E mov eax, dword ptr fs:[00000030h]7_2_0118E10E
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0118E10E mov eax, dword ptr fs:[00000030h]7_2_0118E10E
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0118E10E mov ecx, dword ptr fs:[00000030h]7_2_0118E10E
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0118E10E mov eax, dword ptr fs:[00000030h]7_2_0118E10E
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0118E10E mov eax, dword ptr fs:[00000030h]7_2_0118E10E
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0118E10E mov ecx, dword ptr fs:[00000030h]7_2_0118E10E
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0118E10E mov eax, dword ptr fs:[00000030h]7_2_0118E10E
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0118E10E mov ecx, dword ptr fs:[00000030h]7_2_0118E10E
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01110124 mov eax, dword ptr fs:[00000030h]7_2_01110124
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01178158 mov eax, dword ptr fs:[00000030h]7_2_01178158
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01174144 mov eax, dword ptr fs:[00000030h]7_2_01174144
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01174144 mov eax, dword ptr fs:[00000030h]7_2_01174144
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01174144 mov ecx, dword ptr fs:[00000030h]7_2_01174144
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01174144 mov eax, dword ptr fs:[00000030h]7_2_01174144
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01174144 mov eax, dword ptr fs:[00000030h]7_2_01174144
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010E6154 mov eax, dword ptr fs:[00000030h]7_2_010E6154
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010E6154 mov eax, dword ptr fs:[00000030h]7_2_010E6154
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010DC156 mov eax, dword ptr fs:[00000030h]7_2_010DC156
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_011B4164 mov eax, dword ptr fs:[00000030h]7_2_011B4164
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_011B4164 mov eax, dword ptr fs:[00000030h]7_2_011B4164
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0116019F mov eax, dword ptr fs:[00000030h]7_2_0116019F
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0116019F mov eax, dword ptr fs:[00000030h]7_2_0116019F
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0116019F mov eax, dword ptr fs:[00000030h]7_2_0116019F
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0116019F mov eax, dword ptr fs:[00000030h]7_2_0116019F
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0119C188 mov eax, dword ptr fs:[00000030h]7_2_0119C188
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0119C188 mov eax, dword ptr fs:[00000030h]7_2_0119C188
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01120185 mov eax, dword ptr fs:[00000030h]7_2_01120185
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01184180 mov eax, dword ptr fs:[00000030h]7_2_01184180
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01184180 mov eax, dword ptr fs:[00000030h]7_2_01184180
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010DA197 mov eax, dword ptr fs:[00000030h]7_2_010DA197
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010DA197 mov eax, dword ptr fs:[00000030h]7_2_010DA197
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010DA197 mov eax, dword ptr fs:[00000030h]7_2_010DA197
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0115E1D0 mov eax, dword ptr fs:[00000030h]7_2_0115E1D0
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0115E1D0 mov eax, dword ptr fs:[00000030h]7_2_0115E1D0
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0115E1D0 mov ecx, dword ptr fs:[00000030h]7_2_0115E1D0
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0115E1D0 mov eax, dword ptr fs:[00000030h]7_2_0115E1D0
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0115E1D0 mov eax, dword ptr fs:[00000030h]7_2_0115E1D0
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_011A61C3 mov eax, dword ptr fs:[00000030h]7_2_011A61C3
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_011A61C3 mov eax, dword ptr fs:[00000030h]7_2_011A61C3
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_011101F8 mov eax, dword ptr fs:[00000030h]7_2_011101F8
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_011B61E5 mov eax, dword ptr fs:[00000030h]7_2_011B61E5
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01164000 mov ecx, dword ptr fs:[00000030h]7_2_01164000
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01182000 mov eax, dword ptr fs:[00000030h]7_2_01182000
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01182000 mov eax, dword ptr fs:[00000030h]7_2_01182000
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01182000 mov eax, dword ptr fs:[00000030h]7_2_01182000
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01182000 mov eax, dword ptr fs:[00000030h]7_2_01182000
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01182000 mov eax, dword ptr fs:[00000030h]7_2_01182000
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01182000 mov eax, dword ptr fs:[00000030h]7_2_01182000
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01182000 mov eax, dword ptr fs:[00000030h]7_2_01182000
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01182000 mov eax, dword ptr fs:[00000030h]7_2_01182000
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010FE016 mov eax, dword ptr fs:[00000030h]7_2_010FE016
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010FE016 mov eax, dword ptr fs:[00000030h]7_2_010FE016
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010FE016 mov eax, dword ptr fs:[00000030h]7_2_010FE016
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010FE016 mov eax, dword ptr fs:[00000030h]7_2_010FE016
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01176030 mov eax, dword ptr fs:[00000030h]7_2_01176030
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010DA020 mov eax, dword ptr fs:[00000030h]7_2_010DA020
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010DC020 mov eax, dword ptr fs:[00000030h]7_2_010DC020
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01166050 mov eax, dword ptr fs:[00000030h]7_2_01166050
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010E2050 mov eax, dword ptr fs:[00000030h]7_2_010E2050
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0110C073 mov eax, dword ptr fs:[00000030h]7_2_0110C073
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010E208A mov eax, dword ptr fs:[00000030h]7_2_010E208A
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_011A60B8 mov eax, dword ptr fs:[00000030h]7_2_011A60B8
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_011A60B8 mov ecx, dword ptr fs:[00000030h]7_2_011A60B8
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010D80A0 mov eax, dword ptr fs:[00000030h]7_2_010D80A0
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_011780A8 mov eax, dword ptr fs:[00000030h]7_2_011780A8
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_011620DE mov eax, dword ptr fs:[00000030h]7_2_011620DE
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_011220F0 mov ecx, dword ptr fs:[00000030h]7_2_011220F0
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010E80E9 mov eax, dword ptr fs:[00000030h]7_2_010E80E9
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010DA0E3 mov ecx, dword ptr fs:[00000030h]7_2_010DA0E3
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_011660E0 mov eax, dword ptr fs:[00000030h]7_2_011660E0
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010DC0F0 mov eax, dword ptr fs:[00000030h]7_2_010DC0F0
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01100310 mov ecx, dword ptr fs:[00000030h]7_2_01100310
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0111A30B mov eax, dword ptr fs:[00000030h]7_2_0111A30B
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0111A30B mov eax, dword ptr fs:[00000030h]7_2_0111A30B
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0111A30B mov eax, dword ptr fs:[00000030h]7_2_0111A30B
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010DC310 mov ecx, dword ptr fs:[00000030h]7_2_010DC310
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_011B8324 mov eax, dword ptr fs:[00000030h]7_2_011B8324
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_011B8324 mov ecx, dword ptr fs:[00000030h]7_2_011B8324
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_011B8324 mov eax, dword ptr fs:[00000030h]7_2_011B8324
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_011B8324 mov eax, dword ptr fs:[00000030h]7_2_011B8324
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_011AA352 mov eax, dword ptr fs:[00000030h]7_2_011AA352
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01188350 mov ecx, dword ptr fs:[00000030h]7_2_01188350
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0116035C mov eax, dword ptr fs:[00000030h]7_2_0116035C
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0116035C mov eax, dword ptr fs:[00000030h]7_2_0116035C
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0116035C mov eax, dword ptr fs:[00000030h]7_2_0116035C
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0116035C mov ecx, dword ptr fs:[00000030h]7_2_0116035C
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0116035C mov eax, dword ptr fs:[00000030h]7_2_0116035C
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0116035C mov eax, dword ptr fs:[00000030h]7_2_0116035C
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_011B634F mov eax, dword ptr fs:[00000030h]7_2_011B634F
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01162349 mov eax, dword ptr fs:[00000030h]7_2_01162349
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01162349 mov eax, dword ptr fs:[00000030h]7_2_01162349
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01162349 mov eax, dword ptr fs:[00000030h]7_2_01162349
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01162349 mov eax, dword ptr fs:[00000030h]7_2_01162349
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01162349 mov eax, dword ptr fs:[00000030h]7_2_01162349
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01162349 mov eax, dword ptr fs:[00000030h]7_2_01162349
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01162349 mov eax, dword ptr fs:[00000030h]7_2_01162349
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01162349 mov eax, dword ptr fs:[00000030h]7_2_01162349
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01162349 mov eax, dword ptr fs:[00000030h]7_2_01162349
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01162349 mov eax, dword ptr fs:[00000030h]7_2_01162349
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01162349 mov eax, dword ptr fs:[00000030h]7_2_01162349
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01162349 mov eax, dword ptr fs:[00000030h]7_2_01162349
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01162349 mov eax, dword ptr fs:[00000030h]7_2_01162349
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01162349 mov eax, dword ptr fs:[00000030h]7_2_01162349
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01162349 mov eax, dword ptr fs:[00000030h]7_2_01162349
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0118437C mov eax, dword ptr fs:[00000030h]7_2_0118437C
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010DE388 mov eax, dword ptr fs:[00000030h]7_2_010DE388
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010DE388 mov eax, dword ptr fs:[00000030h]7_2_010DE388
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010DE388 mov eax, dword ptr fs:[00000030h]7_2_010DE388
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010D8397 mov eax, dword ptr fs:[00000030h]7_2_010D8397
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010D8397 mov eax, dword ptr fs:[00000030h]7_2_010D8397
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010D8397 mov eax, dword ptr fs:[00000030h]7_2_010D8397
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0110438F mov eax, dword ptr fs:[00000030h]7_2_0110438F
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0110438F mov eax, dword ptr fs:[00000030h]7_2_0110438F
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0118E3DB mov eax, dword ptr fs:[00000030h]7_2_0118E3DB
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0118E3DB mov eax, dword ptr fs:[00000030h]7_2_0118E3DB
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0118E3DB mov ecx, dword ptr fs:[00000030h]7_2_0118E3DB
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0118E3DB mov eax, dword ptr fs:[00000030h]7_2_0118E3DB
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_011843D4 mov eax, dword ptr fs:[00000030h]7_2_011843D4
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_011843D4 mov eax, dword ptr fs:[00000030h]7_2_011843D4
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010EA3C0 mov eax, dword ptr fs:[00000030h]7_2_010EA3C0
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010EA3C0 mov eax, dword ptr fs:[00000030h]7_2_010EA3C0
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010EA3C0 mov eax, dword ptr fs:[00000030h]7_2_010EA3C0
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010EA3C0 mov eax, dword ptr fs:[00000030h]7_2_010EA3C0
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010EA3C0 mov eax, dword ptr fs:[00000030h]7_2_010EA3C0
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010EA3C0 mov eax, dword ptr fs:[00000030h]7_2_010EA3C0
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010E83C0 mov eax, dword ptr fs:[00000030h]7_2_010E83C0
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010E83C0 mov eax, dword ptr fs:[00000030h]7_2_010E83C0
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010E83C0 mov eax, dword ptr fs:[00000030h]7_2_010E83C0
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010E83C0 mov eax, dword ptr fs:[00000030h]7_2_010E83C0
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0119C3CD mov eax, dword ptr fs:[00000030h]7_2_0119C3CD
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_011663C0 mov eax, dword ptr fs:[00000030h]7_2_011663C0
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010F03E9 mov eax, dword ptr fs:[00000030h]7_2_010F03E9
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010F03E9 mov eax, dword ptr fs:[00000030h]7_2_010F03E9
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010F03E9 mov eax, dword ptr fs:[00000030h]7_2_010F03E9
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010F03E9 mov eax, dword ptr fs:[00000030h]7_2_010F03E9
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010F03E9 mov eax, dword ptr fs:[00000030h]7_2_010F03E9
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010F03E9 mov eax, dword ptr fs:[00000030h]7_2_010F03E9
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010F03E9 mov eax, dword ptr fs:[00000030h]7_2_010F03E9
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010F03E9 mov eax, dword ptr fs:[00000030h]7_2_010F03E9
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_011163FF mov eax, dword ptr fs:[00000030h]7_2_011163FF
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010FE3F0 mov eax, dword ptr fs:[00000030h]7_2_010FE3F0
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010FE3F0 mov eax, dword ptr fs:[00000030h]7_2_010FE3F0
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010FE3F0 mov eax, dword ptr fs:[00000030h]7_2_010FE3F0
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010D823B mov eax, dword ptr fs:[00000030h]7_2_010D823B
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_011B625D mov eax, dword ptr fs:[00000030h]7_2_011B625D
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0119A250 mov eax, dword ptr fs:[00000030h]7_2_0119A250
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0119A250 mov eax, dword ptr fs:[00000030h]7_2_0119A250
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01168243 mov eax, dword ptr fs:[00000030h]7_2_01168243
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01168243 mov ecx, dword ptr fs:[00000030h]7_2_01168243
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010E6259 mov eax, dword ptr fs:[00000030h]7_2_010E6259
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010DA250 mov eax, dword ptr fs:[00000030h]7_2_010DA250
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010D826B mov eax, dword ptr fs:[00000030h]7_2_010D826B
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01190274 mov eax, dword ptr fs:[00000030h]7_2_01190274
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01190274 mov eax, dword ptr fs:[00000030h]7_2_01190274
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01190274 mov eax, dword ptr fs:[00000030h]7_2_01190274
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01190274 mov eax, dword ptr fs:[00000030h]7_2_01190274
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01190274 mov eax, dword ptr fs:[00000030h]7_2_01190274
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01190274 mov eax, dword ptr fs:[00000030h]7_2_01190274
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01190274 mov eax, dword ptr fs:[00000030h]7_2_01190274
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01190274 mov eax, dword ptr fs:[00000030h]7_2_01190274
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01190274 mov eax, dword ptr fs:[00000030h]7_2_01190274
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01190274 mov eax, dword ptr fs:[00000030h]7_2_01190274
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01190274 mov eax, dword ptr fs:[00000030h]7_2_01190274
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01190274 mov eax, dword ptr fs:[00000030h]7_2_01190274
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010E4260 mov eax, dword ptr fs:[00000030h]7_2_010E4260
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010E4260 mov eax, dword ptr fs:[00000030h]7_2_010E4260
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010E4260 mov eax, dword ptr fs:[00000030h]7_2_010E4260
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01160283 mov eax, dword ptr fs:[00000030h]7_2_01160283
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01160283 mov eax, dword ptr fs:[00000030h]7_2_01160283
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01160283 mov eax, dword ptr fs:[00000030h]7_2_01160283
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0111E284 mov eax, dword ptr fs:[00000030h]7_2_0111E284
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0111E284 mov eax, dword ptr fs:[00000030h]7_2_0111E284
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_011762A0 mov eax, dword ptr fs:[00000030h]7_2_011762A0
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_011762A0 mov ecx, dword ptr fs:[00000030h]7_2_011762A0
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_011762A0 mov eax, dword ptr fs:[00000030h]7_2_011762A0
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_011762A0 mov eax, dword ptr fs:[00000030h]7_2_011762A0
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_011762A0 mov eax, dword ptr fs:[00000030h]7_2_011762A0
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_011762A0 mov eax, dword ptr fs:[00000030h]7_2_011762A0
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010EA2C3 mov eax, dword ptr fs:[00000030h]7_2_010EA2C3
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010EA2C3 mov eax, dword ptr fs:[00000030h]7_2_010EA2C3
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010EA2C3 mov eax, dword ptr fs:[00000030h]7_2_010EA2C3
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010EA2C3 mov eax, dword ptr fs:[00000030h]7_2_010EA2C3
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010EA2C3 mov eax, dword ptr fs:[00000030h]7_2_010EA2C3
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_011B62D6 mov eax, dword ptr fs:[00000030h]7_2_011B62D6
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010F02E1 mov eax, dword ptr fs:[00000030h]7_2_010F02E1
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010F02E1 mov eax, dword ptr fs:[00000030h]7_2_010F02E1
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010F02E1 mov eax, dword ptr fs:[00000030h]7_2_010F02E1
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01176500 mov eax, dword ptr fs:[00000030h]7_2_01176500
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_011B4500 mov eax, dword ptr fs:[00000030h]7_2_011B4500
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_011B4500 mov eax, dword ptr fs:[00000030h]7_2_011B4500
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_011B4500 mov eax, dword ptr fs:[00000030h]7_2_011B4500
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_011B4500 mov eax, dword ptr fs:[00000030h]7_2_011B4500
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_011B4500 mov eax, dword ptr fs:[00000030h]7_2_011B4500
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_011B4500 mov eax, dword ptr fs:[00000030h]7_2_011B4500
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_011B4500 mov eax, dword ptr fs:[00000030h]7_2_011B4500
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0110E53E mov eax, dword ptr fs:[00000030h]7_2_0110E53E
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0110E53E mov eax, dword ptr fs:[00000030h]7_2_0110E53E
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0110E53E mov eax, dword ptr fs:[00000030h]7_2_0110E53E
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0110E53E mov eax, dword ptr fs:[00000030h]7_2_0110E53E
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0110E53E mov eax, dword ptr fs:[00000030h]7_2_0110E53E
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010F0535 mov eax, dword ptr fs:[00000030h]7_2_010F0535
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010F0535 mov eax, dword ptr fs:[00000030h]7_2_010F0535
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010F0535 mov eax, dword ptr fs:[00000030h]7_2_010F0535
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010F0535 mov eax, dword ptr fs:[00000030h]7_2_010F0535
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010F0535 mov eax, dword ptr fs:[00000030h]7_2_010F0535
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010F0535 mov eax, dword ptr fs:[00000030h]7_2_010F0535
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010E8550 mov eax, dword ptr fs:[00000030h]7_2_010E8550
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010E8550 mov eax, dword ptr fs:[00000030h]7_2_010E8550
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0111656A mov eax, dword ptr fs:[00000030h]7_2_0111656A
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0111656A mov eax, dword ptr fs:[00000030h]7_2_0111656A
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0111656A mov eax, dword ptr fs:[00000030h]7_2_0111656A
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010E2582 mov eax, dword ptr fs:[00000030h]7_2_010E2582
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010E2582 mov ecx, dword ptr fs:[00000030h]7_2_010E2582
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0111E59C mov eax, dword ptr fs:[00000030h]7_2_0111E59C
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01114588 mov eax, dword ptr fs:[00000030h]7_2_01114588
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_011045B1 mov eax, dword ptr fs:[00000030h]7_2_011045B1
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_011045B1 mov eax, dword ptr fs:[00000030h]7_2_011045B1
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_011605A7 mov eax, dword ptr fs:[00000030h]7_2_011605A7
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_011605A7 mov eax, dword ptr fs:[00000030h]7_2_011605A7
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_011605A7 mov eax, dword ptr fs:[00000030h]7_2_011605A7
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0111A5D0 mov eax, dword ptr fs:[00000030h]7_2_0111A5D0
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0111A5D0 mov eax, dword ptr fs:[00000030h]7_2_0111A5D0
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0111E5CF mov eax, dword ptr fs:[00000030h]7_2_0111E5CF
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0111E5CF mov eax, dword ptr fs:[00000030h]7_2_0111E5CF
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010E65D0 mov eax, dword ptr fs:[00000030h]7_2_010E65D0
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010E25E0 mov eax, dword ptr fs:[00000030h]7_2_010E25E0
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0110E5E7 mov eax, dword ptr fs:[00000030h]7_2_0110E5E7
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0110E5E7 mov eax, dword ptr fs:[00000030h]7_2_0110E5E7
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0110E5E7 mov eax, dword ptr fs:[00000030h]7_2_0110E5E7
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0110E5E7 mov eax, dword ptr fs:[00000030h]7_2_0110E5E7
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0110E5E7 mov eax, dword ptr fs:[00000030h]7_2_0110E5E7
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0110E5E7 mov eax, dword ptr fs:[00000030h]7_2_0110E5E7
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0110E5E7 mov eax, dword ptr fs:[00000030h]7_2_0110E5E7
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0110E5E7 mov eax, dword ptr fs:[00000030h]7_2_0110E5E7
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0111C5ED mov eax, dword ptr fs:[00000030h]7_2_0111C5ED
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0111C5ED mov eax, dword ptr fs:[00000030h]7_2_0111C5ED
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01118402 mov eax, dword ptr fs:[00000030h]7_2_01118402
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01118402 mov eax, dword ptr fs:[00000030h]7_2_01118402
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01118402 mov eax, dword ptr fs:[00000030h]7_2_01118402
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0111A430 mov eax, dword ptr fs:[00000030h]7_2_0111A430
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010DC427 mov eax, dword ptr fs:[00000030h]7_2_010DC427
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010DE420 mov eax, dword ptr fs:[00000030h]7_2_010DE420
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010DE420 mov eax, dword ptr fs:[00000030h]7_2_010DE420
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010DE420 mov eax, dword ptr fs:[00000030h]7_2_010DE420
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01166420 mov eax, dword ptr fs:[00000030h]7_2_01166420
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01166420 mov eax, dword ptr fs:[00000030h]7_2_01166420
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01166420 mov eax, dword ptr fs:[00000030h]7_2_01166420
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01166420 mov eax, dword ptr fs:[00000030h]7_2_01166420
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01166420 mov eax, dword ptr fs:[00000030h]7_2_01166420
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01166420 mov eax, dword ptr fs:[00000030h]7_2_01166420
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01166420 mov eax, dword ptr fs:[00000030h]7_2_01166420
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0110245A mov eax, dword ptr fs:[00000030h]7_2_0110245A
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0119A456 mov eax, dword ptr fs:[00000030h]7_2_0119A456
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010D645D mov eax, dword ptr fs:[00000030h]7_2_010D645D
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0111E443 mov eax, dword ptr fs:[00000030h]7_2_0111E443
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0111E443 mov eax, dword ptr fs:[00000030h]7_2_0111E443
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0111E443 mov eax, dword ptr fs:[00000030h]7_2_0111E443
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0111E443 mov eax, dword ptr fs:[00000030h]7_2_0111E443
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0111E443 mov eax, dword ptr fs:[00000030h]7_2_0111E443
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0111E443 mov eax, dword ptr fs:[00000030h]7_2_0111E443
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0111E443 mov eax, dword ptr fs:[00000030h]7_2_0111E443
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0111E443 mov eax, dword ptr fs:[00000030h]7_2_0111E443
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0110A470 mov eax, dword ptr fs:[00000030h]7_2_0110A470
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0110A470 mov eax, dword ptr fs:[00000030h]7_2_0110A470
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0110A470 mov eax, dword ptr fs:[00000030h]7_2_0110A470
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0116C460 mov ecx, dword ptr fs:[00000030h]7_2_0116C460
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0119A49A mov eax, dword ptr fs:[00000030h]7_2_0119A49A
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_011144B0 mov ecx, dword ptr fs:[00000030h]7_2_011144B0
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010E64AB mov eax, dword ptr fs:[00000030h]7_2_010E64AB
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0116A4B0 mov eax, dword ptr fs:[00000030h]7_2_0116A4B0
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010E04E5 mov ecx, dword ptr fs:[00000030h]7_2_010E04E5
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01110710 mov eax, dword ptr fs:[00000030h]7_2_01110710
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0111C700 mov eax, dword ptr fs:[00000030h]7_2_0111C700
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010E0710 mov eax, dword ptr fs:[00000030h]7_2_010E0710
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0115C730 mov eax, dword ptr fs:[00000030h]7_2_0115C730
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0111273C mov eax, dword ptr fs:[00000030h]7_2_0111273C
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0111273C mov ecx, dword ptr fs:[00000030h]7_2_0111273C
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0111273C mov eax, dword ptr fs:[00000030h]7_2_0111273C
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0111C720 mov eax, dword ptr fs:[00000030h]7_2_0111C720
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0111C720 mov eax, dword ptr fs:[00000030h]7_2_0111C720
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01122750 mov eax, dword ptr fs:[00000030h]7_2_01122750
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01122750 mov eax, dword ptr fs:[00000030h]7_2_01122750
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01164755 mov eax, dword ptr fs:[00000030h]7_2_01164755
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0116E75D mov eax, dword ptr fs:[00000030h]7_2_0116E75D
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0111674D mov esi, dword ptr fs:[00000030h]7_2_0111674D
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0111674D mov eax, dword ptr fs:[00000030h]7_2_0111674D
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0111674D mov eax, dword ptr fs:[00000030h]7_2_0111674D
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010E0750 mov eax, dword ptr fs:[00000030h]7_2_010E0750
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010E8770 mov eax, dword ptr fs:[00000030h]7_2_010E8770
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010F0770 mov eax, dword ptr fs:[00000030h]7_2_010F0770
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010F0770 mov eax, dword ptr fs:[00000030h]7_2_010F0770
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010F0770 mov eax, dword ptr fs:[00000030h]7_2_010F0770
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010F0770 mov eax, dword ptr fs:[00000030h]7_2_010F0770
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010F0770 mov eax, dword ptr fs:[00000030h]7_2_010F0770
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010F0770 mov eax, dword ptr fs:[00000030h]7_2_010F0770
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010F0770 mov eax, dword ptr fs:[00000030h]7_2_010F0770
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010F0770 mov eax, dword ptr fs:[00000030h]7_2_010F0770
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010F0770 mov eax, dword ptr fs:[00000030h]7_2_010F0770
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010F0770 mov eax, dword ptr fs:[00000030h]7_2_010F0770
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010F0770 mov eax, dword ptr fs:[00000030h]7_2_010F0770
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010F0770 mov eax, dword ptr fs:[00000030h]7_2_010F0770
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0118678E mov eax, dword ptr fs:[00000030h]7_2_0118678E
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010E07AF mov eax, dword ptr fs:[00000030h]7_2_010E07AF
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_011947A0 mov eax, dword ptr fs:[00000030h]7_2_011947A0
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010EC7C0 mov eax, dword ptr fs:[00000030h]7_2_010EC7C0
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_011607C3 mov eax, dword ptr fs:[00000030h]7_2_011607C3
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010E47FB mov eax, dword ptr fs:[00000030h]7_2_010E47FB
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010E47FB mov eax, dword ptr fs:[00000030h]7_2_010E47FB
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0116E7E1 mov eax, dword ptr fs:[00000030h]7_2_0116E7E1
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_011027ED mov eax, dword ptr fs:[00000030h]7_2_011027ED
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_011027ED mov eax, dword ptr fs:[00000030h]7_2_011027ED
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_011027ED mov eax, dword ptr fs:[00000030h]7_2_011027ED
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010F260B mov eax, dword ptr fs:[00000030h]7_2_010F260B
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010F260B mov eax, dword ptr fs:[00000030h]7_2_010F260B
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010F260B mov eax, dword ptr fs:[00000030h]7_2_010F260B
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010F260B mov eax, dword ptr fs:[00000030h]7_2_010F260B
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010F260B mov eax, dword ptr fs:[00000030h]7_2_010F260B
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010F260B mov eax, dword ptr fs:[00000030h]7_2_010F260B
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010F260B mov eax, dword ptr fs:[00000030h]7_2_010F260B
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01122619 mov eax, dword ptr fs:[00000030h]7_2_01122619
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0115E609 mov eax, dword ptr fs:[00000030h]7_2_0115E609
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010E262C mov eax, dword ptr fs:[00000030h]7_2_010E262C
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010FE627 mov eax, dword ptr fs:[00000030h]7_2_010FE627
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01116620 mov eax, dword ptr fs:[00000030h]7_2_01116620
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01118620 mov eax, dword ptr fs:[00000030h]7_2_01118620
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010FC640 mov eax, dword ptr fs:[00000030h]7_2_010FC640
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01112674 mov eax, dword ptr fs:[00000030h]7_2_01112674
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0111A660 mov eax, dword ptr fs:[00000030h]7_2_0111A660
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0111A660 mov eax, dword ptr fs:[00000030h]7_2_0111A660
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_011A866E mov eax, dword ptr fs:[00000030h]7_2_011A866E
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_011A866E mov eax, dword ptr fs:[00000030h]7_2_011A866E
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010E4690 mov eax, dword ptr fs:[00000030h]7_2_010E4690
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010E4690 mov eax, dword ptr fs:[00000030h]7_2_010E4690
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_011166B0 mov eax, dword ptr fs:[00000030h]7_2_011166B0
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0111C6A6 mov eax, dword ptr fs:[00000030h]7_2_0111C6A6
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0111A6C7 mov ebx, dword ptr fs:[00000030h]7_2_0111A6C7
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0111A6C7 mov eax, dword ptr fs:[00000030h]7_2_0111A6C7
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0115E6F2 mov eax, dword ptr fs:[00000030h]7_2_0115E6F2
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0115E6F2 mov eax, dword ptr fs:[00000030h]7_2_0115E6F2
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0115E6F2 mov eax, dword ptr fs:[00000030h]7_2_0115E6F2
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0115E6F2 mov eax, dword ptr fs:[00000030h]7_2_0115E6F2
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_011606F1 mov eax, dword ptr fs:[00000030h]7_2_011606F1
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_011606F1 mov eax, dword ptr fs:[00000030h]7_2_011606F1
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0116C912 mov eax, dword ptr fs:[00000030h]7_2_0116C912
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010D8918 mov eax, dword ptr fs:[00000030h]7_2_010D8918
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010D8918 mov eax, dword ptr fs:[00000030h]7_2_010D8918
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0115E908 mov eax, dword ptr fs:[00000030h]7_2_0115E908
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0115E908 mov eax, dword ptr fs:[00000030h]7_2_0115E908
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0116892A mov eax, dword ptr fs:[00000030h]7_2_0116892A
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0117892B mov eax, dword ptr fs:[00000030h]7_2_0117892B
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01160946 mov eax, dword ptr fs:[00000030h]7_2_01160946
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_011B4940 mov eax, dword ptr fs:[00000030h]7_2_011B4940
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01184978 mov eax, dword ptr fs:[00000030h]7_2_01184978
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01184978 mov eax, dword ptr fs:[00000030h]7_2_01184978
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0116C97C mov eax, dword ptr fs:[00000030h]7_2_0116C97C
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01106962 mov eax, dword ptr fs:[00000030h]7_2_01106962
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01106962 mov eax, dword ptr fs:[00000030h]7_2_01106962
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01106962 mov eax, dword ptr fs:[00000030h]7_2_01106962
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0112096E mov eax, dword ptr fs:[00000030h]7_2_0112096E
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0112096E mov edx, dword ptr fs:[00000030h]7_2_0112096E
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0112096E mov eax, dword ptr fs:[00000030h]7_2_0112096E
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010E09AD mov eax, dword ptr fs:[00000030h]7_2_010E09AD
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010E09AD mov eax, dword ptr fs:[00000030h]7_2_010E09AD
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_011689B3 mov esi, dword ptr fs:[00000030h]7_2_011689B3
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_011689B3 mov eax, dword ptr fs:[00000030h]7_2_011689B3
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_011689B3 mov eax, dword ptr fs:[00000030h]7_2_011689B3
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010F29A0 mov eax, dword ptr fs:[00000030h]7_2_010F29A0
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010F29A0 mov eax, dword ptr fs:[00000030h]7_2_010F29A0
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010F29A0 mov eax, dword ptr fs:[00000030h]7_2_010F29A0
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010F29A0 mov eax, dword ptr fs:[00000030h]7_2_010F29A0
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010F29A0 mov eax, dword ptr fs:[00000030h]7_2_010F29A0
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010F29A0 mov eax, dword ptr fs:[00000030h]7_2_010F29A0
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010F29A0 mov eax, dword ptr fs:[00000030h]7_2_010F29A0
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010F29A0 mov eax, dword ptr fs:[00000030h]7_2_010F29A0
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010F29A0 mov eax, dword ptr fs:[00000030h]7_2_010F29A0
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010F29A0 mov eax, dword ptr fs:[00000030h]7_2_010F29A0
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010F29A0 mov eax, dword ptr fs:[00000030h]7_2_010F29A0
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010F29A0 mov eax, dword ptr fs:[00000030h]7_2_010F29A0
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010F29A0 mov eax, dword ptr fs:[00000030h]7_2_010F29A0
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_011149D0 mov eax, dword ptr fs:[00000030h]7_2_011149D0
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_011AA9D3 mov eax, dword ptr fs:[00000030h]7_2_011AA9D3
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_011769C0 mov eax, dword ptr fs:[00000030h]7_2_011769C0
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010EA9D0 mov eax, dword ptr fs:[00000030h]7_2_010EA9D0
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010EA9D0 mov eax, dword ptr fs:[00000030h]7_2_010EA9D0
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010EA9D0 mov eax, dword ptr fs:[00000030h]7_2_010EA9D0
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010EA9D0 mov eax, dword ptr fs:[00000030h]7_2_010EA9D0
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010EA9D0 mov eax, dword ptr fs:[00000030h]7_2_010EA9D0
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010EA9D0 mov eax, dword ptr fs:[00000030h]7_2_010EA9D0
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_011129F9 mov eax, dword ptr fs:[00000030h]7_2_011129F9
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_011129F9 mov eax, dword ptr fs:[00000030h]7_2_011129F9
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0116E9E0 mov eax, dword ptr fs:[00000030h]7_2_0116E9E0
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0116C810 mov eax, dword ptr fs:[00000030h]7_2_0116C810
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0111A830 mov eax, dword ptr fs:[00000030h]7_2_0111A830
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0118483A mov eax, dword ptr fs:[00000030h]7_2_0118483A
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0118483A mov eax, dword ptr fs:[00000030h]7_2_0118483A
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01102835 mov eax, dword ptr fs:[00000030h]7_2_01102835
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01102835 mov eax, dword ptr fs:[00000030h]7_2_01102835
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01102835 mov eax, dword ptr fs:[00000030h]7_2_01102835
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01102835 mov ecx, dword ptr fs:[00000030h]7_2_01102835
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01102835 mov eax, dword ptr fs:[00000030h]7_2_01102835
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01102835 mov eax, dword ptr fs:[00000030h]7_2_01102835
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01110854 mov eax, dword ptr fs:[00000030h]7_2_01110854
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010F2840 mov ecx, dword ptr fs:[00000030h]7_2_010F2840
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010E4859 mov eax, dword ptr fs:[00000030h]7_2_010E4859
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010E4859 mov eax, dword ptr fs:[00000030h]7_2_010E4859
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0116E872 mov eax, dword ptr fs:[00000030h]7_2_0116E872
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0116E872 mov eax, dword ptr fs:[00000030h]7_2_0116E872
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01176870 mov eax, dword ptr fs:[00000030h]7_2_01176870
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01176870 mov eax, dword ptr fs:[00000030h]7_2_01176870
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010E0887 mov eax, dword ptr fs:[00000030h]7_2_010E0887
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0116C89D mov eax, dword ptr fs:[00000030h]7_2_0116C89D
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0110E8C0 mov eax, dword ptr fs:[00000030h]7_2_0110E8C0
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_011B08C0 mov eax, dword ptr fs:[00000030h]7_2_011B08C0
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0111C8F9 mov eax, dword ptr fs:[00000030h]7_2_0111C8F9
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0111C8F9 mov eax, dword ptr fs:[00000030h]7_2_0111C8F9
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_011AA8E4 mov eax, dword ptr fs:[00000030h]7_2_011AA8E4
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0115EB1D mov eax, dword ptr fs:[00000030h]7_2_0115EB1D
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0115EB1D mov eax, dword ptr fs:[00000030h]7_2_0115EB1D
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0115EB1D mov eax, dword ptr fs:[00000030h]7_2_0115EB1D
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0115EB1D mov eax, dword ptr fs:[00000030h]7_2_0115EB1D
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0115EB1D mov eax, dword ptr fs:[00000030h]7_2_0115EB1D
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0115EB1D mov eax, dword ptr fs:[00000030h]7_2_0115EB1D
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0115EB1D mov eax, dword ptr fs:[00000030h]7_2_0115EB1D
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0115EB1D mov eax, dword ptr fs:[00000030h]7_2_0115EB1D
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0115EB1D mov eax, dword ptr fs:[00000030h]7_2_0115EB1D
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_011B4B00 mov eax, dword ptr fs:[00000030h]7_2_011B4B00
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0110EB20 mov eax, dword ptr fs:[00000030h]7_2_0110EB20
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0110EB20 mov eax, dword ptr fs:[00000030h]7_2_0110EB20
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_011A8B28 mov eax, dword ptr fs:[00000030h]7_2_011A8B28
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_011A8B28 mov eax, dword ptr fs:[00000030h]7_2_011A8B28
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0118EB50 mov eax, dword ptr fs:[00000030h]7_2_0118EB50
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_011B2B57 mov eax, dword ptr fs:[00000030h]7_2_011B2B57
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_011B2B57 mov eax, dword ptr fs:[00000030h]7_2_011B2B57
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_011B2B57 mov eax, dword ptr fs:[00000030h]7_2_011B2B57
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_011B2B57 mov eax, dword ptr fs:[00000030h]7_2_011B2B57
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01194B4B mov eax, dword ptr fs:[00000030h]7_2_01194B4B
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01194B4B mov eax, dword ptr fs:[00000030h]7_2_01194B4B
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01176B40 mov eax, dword ptr fs:[00000030h]7_2_01176B40
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01176B40 mov eax, dword ptr fs:[00000030h]7_2_01176B40
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_011AAB40 mov eax, dword ptr fs:[00000030h]7_2_011AAB40
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01188B42 mov eax, dword ptr fs:[00000030h]7_2_01188B42
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010D8B50 mov eax, dword ptr fs:[00000030h]7_2_010D8B50
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010DCB7E mov eax, dword ptr fs:[00000030h]7_2_010DCB7E
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01194BB0 mov eax, dword ptr fs:[00000030h]7_2_01194BB0
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01194BB0 mov eax, dword ptr fs:[00000030h]7_2_01194BB0
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010F0BBE mov eax, dword ptr fs:[00000030h]7_2_010F0BBE
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010F0BBE mov eax, dword ptr fs:[00000030h]7_2_010F0BBE
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010E0BCD mov eax, dword ptr fs:[00000030h]7_2_010E0BCD
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010E0BCD mov eax, dword ptr fs:[00000030h]7_2_010E0BCD
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010E0BCD mov eax, dword ptr fs:[00000030h]7_2_010E0BCD
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0118EBD0 mov eax, dword ptr fs:[00000030h]7_2_0118EBD0
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01100BCB mov eax, dword ptr fs:[00000030h]7_2_01100BCB
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01100BCB mov eax, dword ptr fs:[00000030h]7_2_01100BCB
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01100BCB mov eax, dword ptr fs:[00000030h]7_2_01100BCB
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0116CBF0 mov eax, dword ptr fs:[00000030h]7_2_0116CBF0
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0110EBFC mov eax, dword ptr fs:[00000030h]7_2_0110EBFC
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010E8BF0 mov eax, dword ptr fs:[00000030h]7_2_010E8BF0
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010E8BF0 mov eax, dword ptr fs:[00000030h]7_2_010E8BF0
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010E8BF0 mov eax, dword ptr fs:[00000030h]7_2_010E8BF0
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0116CA11 mov eax, dword ptr fs:[00000030h]7_2_0116CA11
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01104A35 mov eax, dword ptr fs:[00000030h]7_2_01104A35
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01104A35 mov eax, dword ptr fs:[00000030h]7_2_01104A35
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0111CA38 mov eax, dword ptr fs:[00000030h]7_2_0111CA38
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0111CA24 mov eax, dword ptr fs:[00000030h]7_2_0111CA24
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0110EA2E mov eax, dword ptr fs:[00000030h]7_2_0110EA2E
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010F0A5B mov eax, dword ptr fs:[00000030h]7_2_010F0A5B
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010F0A5B mov eax, dword ptr fs:[00000030h]7_2_010F0A5B
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010E6A50 mov eax, dword ptr fs:[00000030h]7_2_010E6A50
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010E6A50 mov eax, dword ptr fs:[00000030h]7_2_010E6A50
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010E6A50 mov eax, dword ptr fs:[00000030h]7_2_010E6A50
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010E6A50 mov eax, dword ptr fs:[00000030h]7_2_010E6A50
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010E6A50 mov eax, dword ptr fs:[00000030h]7_2_010E6A50
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010E6A50 mov eax, dword ptr fs:[00000030h]7_2_010E6A50
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010E6A50 mov eax, dword ptr fs:[00000030h]7_2_010E6A50
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0115CA72 mov eax, dword ptr fs:[00000030h]7_2_0115CA72
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0115CA72 mov eax, dword ptr fs:[00000030h]7_2_0115CA72
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0118EA60 mov eax, dword ptr fs:[00000030h]7_2_0118EA60
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0111CA6F mov eax, dword ptr fs:[00000030h]7_2_0111CA6F
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0111CA6F mov eax, dword ptr fs:[00000030h]7_2_0111CA6F
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_0111CA6F mov eax, dword ptr fs:[00000030h]7_2_0111CA6F
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_01118A90 mov edx, dword ptr fs:[00000030h]7_2_01118A90
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010EEA80 mov eax, dword ptr fs:[00000030h]7_2_010EEA80
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010EEA80 mov eax, dword ptr fs:[00000030h]7_2_010EEA80
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010EEA80 mov eax, dword ptr fs:[00000030h]7_2_010EEA80
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010EEA80 mov eax, dword ptr fs:[00000030h]7_2_010EEA80
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010EEA80 mov eax, dword ptr fs:[00000030h]7_2_010EEA80
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010EEA80 mov eax, dword ptr fs:[00000030h]7_2_010EEA80
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010EEA80 mov eax, dword ptr fs:[00000030h]7_2_010EEA80
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010EEA80 mov eax, dword ptr fs:[00000030h]7_2_010EEA80
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010EEA80 mov eax, dword ptr fs:[00000030h]7_2_010EEA80
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_011B4A80 mov eax, dword ptr fs:[00000030h]7_2_011B4A80
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010E8AA0 mov eax, dword ptr fs:[00000030h]7_2_010E8AA0
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeCode function: 7_2_010E8AA0 mov eax, dword ptr fs:[00000030h]7_2_010E8AA0
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeMemory allocated: page read and write | page guardJump to behavior

            HIPS / PFW / Operating System Protection Evasion

            barindex
            Adds a directory exclusion to Windows Defender
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exe"
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exe"Jump to behavior
            Injects a PE file into a foreign processes
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeMemory written: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exe base: 400000 value starts with: 4D5AJump to behavior
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeMemory written: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exe base: 400000 value starts with: 4D5AJump to behavior
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exe"Jump to behavior
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\VgPjxShbdbBH" /XML "C:\Users\user\AppData\Local\Temp\tmp4C43.tmp"Jump to behavior
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeProcess created: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exe "C:\Users\user\Desktop\L3pFsxNFICpBGmi.exe"Jump to behavior
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\VgPjxShbdbBH" /XML "C:\Users\user\AppData\Local\Temp\tmp5CCE.tmp"Jump to behavior
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeProcess created: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exe "C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exe"Jump to behavior
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeProcess created: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exe "C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exe"Jump to behavior
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeQueries volume information: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeQueries volume information: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exe VolumeInformationJump to behavior
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
            Source: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\L3pFsxNFICpBGmi.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

            Stealing of Sensitive Information

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 7.2.L3pFsxNFICpBGmi.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 7.2.L3pFsxNFICpBGmi.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000007.00000002.2368050884.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000002.2368458197.0000000000BE0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

            Remote Access Functionality

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 7.2.L3pFsxNFICpBGmi.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 7.2.L3pFsxNFICpBGmi.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000007.00000002.2368050884.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000002.2368458197.0000000000BE0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
            Scheduled Task/Job            		1
            Scheduled Task/Job            		111
            Process Injection            		1
            Masquerading            		OS Credential Dumping12
            Security Software Discovery            		Remote Services1
            Archive Collected Data            		1
            Encrypted Channel            		Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault AccountsScheduled Task/Job1
            DLL Side-Loading            		1
            Scheduled Task/Job            		11
            Disable or Modify Tools            		LSASS Memory1
            Process Discovery            		Remote Desktop ProtocolData from Removable Media1
            Non-Application Layer Protocol            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
            DLL Side-Loading            		41
            Virtualization/Sandbox Evasion            		Security Account Manager41
            Virtualization/Sandbox Evasion            		SMB/Windows Admin SharesData from Network Shared Drive1
            Application Layer Protocol            		Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook111
            Process Injection            		NTDS1
            Application Window Discovery            		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
            Deobfuscate/Decode Files or Information            		LSA Secrets1
            File and Directory Discovery            		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts4
            Obfuscated Files or Information            		Cached Domain Credentials12
            System Information Discovery            		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items12
            Software Packing            		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
            Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
            DLL Side-Loading            		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet
            behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1482902 Sample: L3pFsxNFICpBGmi.exe Startdate: 26/07/2024 Architecture: WINDOWS Score: 100 43 15.164.165.52.in-addr.arpa 2->43 45 Malicious sample detected (through community Yara rule) 2->45 47 Sigma detected: Scheduled temp file as task from temp location 2->47 49 Multi AV Scanner detection for submitted file 2->49 51 6 other signatures 2->51 8 L3pFsxNFICpBGmi.exe 7 2->8         started        12 VgPjxShbdbBH.exe 5 2->12         started        signatures3 process4 file5 35 C:\Users\user\AppData\...\VgPjxShbdbBH.exe, PE32 8->35 dropped 37 C:\Users\...\VgPjxShbdbBH.exe:Zone.Identifier, ASCII 8->37 dropped 39 C:\Users\user\AppData\Local\...\tmp4C43.tmp, XML 8->39 dropped 41 C:\Users\user\...\L3pFsxNFICpBGmi.exe.log, ASCII 8->41 dropped 53 Uses schtasks.exe or at.exe to add and modify task schedules 8->53 55 Adds a directory exclusion to Windows Defender 8->55 57 Injects a PE file into a foreign processes 8->57 14 powershell.exe 23 8->14         started        17 schtasks.exe 1 8->17         started        19 L3pFsxNFICpBGmi.exe 8->19         started        59 Multi AV Scanner detection for dropped file 12->59 61 Machine Learning detection for dropped file 12->61 21 schtasks.exe 1 12->21         started        23 VgPjxShbdbBH.exe 12->23         started        25 VgPjxShbdbBH.exe 12->25         started        signatures6 process7 signatures8 63 Loading BitLocker PowerShell Module 14->63 27 WmiPrvSE.exe 14->27         started        29 conhost.exe 14->29         started        31 conhost.exe 17->31         started        33 conhost.exe 21->33         started        process9

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            L3pFsxNFICpBGmi.exe35%VirustotalBrowse
            L3pFsxNFICpBGmi.exe83%ReversingLabsByteCode-MSIL.Spyware.Negasteal
            L3pFsxNFICpBGmi.exe100%Joe Sandbox ML

            Dropped Files

            SourceDetectionScannerLabelLink
            C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exe100%Joe Sandbox ML
            C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exe79%ReversingLabsByteCode-MSIL.Spyware.Negasteal

            Unpacked PE Files

            No Antivirus matches

            Domains

            No Antivirus matches

            URLs

            SourceDetectionScannerLabelLink
            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            15.164.165.52.in-addr.arpa
            		unknown
            		unknowntrue
              		unknown

              URLs from Memory and Binaries

              NameSourceMaliciousAntivirus DetectionReputation
              http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameL3pFsxNFICpBGmi.exe, 00000000.00000002.2160601217.0000000002861000.00000004.00000800.00020000.00000000.sdmp, VgPjxShbdbBH.exe, 00000009.00000002.2307859481.00000000033C4000.00000004.00000800.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              		unknown

              World Map of Contacted IPs

              No contacted IP infos

              General Information

              Joe Sandbox version:40.0.0 Tourmaline
              Analysis ID:1482902
              Start date and time:2024-07-26 10:53:58 +02:00
              Joe Sandbox product:CloudBasic
              Overall analysis duration:0h 8m 44s
              Hypervisor based Inspection enabled:false
              Report type:full
              Cookbook file name:default.jbs
              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
              Number of analysed new started processes analysed:16
              Number of new started drivers analysed:0
              Number of existing processes analysed:0
              Number of existing drivers analysed:0
              Number of injected processes analysed:0
              Technologies:
              • HCA enabled
              • EGA enabled
              • AMSI enabled
              Analysis Mode:default
              Analysis stop reason:Timeout
              Sample name:L3pFsxNFICpBGmi.exe
              Detection:MAL
              Classification:mal100.troj.evad.winEXE@18/11@1/0
              EGA Information:
              • Successful, ratio: 100%
              HCA Information:
              • Successful, ratio: 100%
              • Number of executed functions: 253
              • Number of non-executed functions: 273
              Cookbook Comments:
              • Found application associated with file extension: .exe

              Warnings

              • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
              • Excluded domains from analysis (whitelisted): client.wns.windows.com, fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
              • Not all processes where analyzed, report is missing behavior information
              • Report creation exceeded maximum time and may have missing disassembly code information.
              • Report size exceeded maximum capacity and may have missing behavior information.
              • Report size exceeded maximum capacity and may have missing disassembly code.
              • Report size getting too big, too many NtCreateKey calls found.
              • Report size getting too big, too many NtOpenKeyEx calls found.
              • Report size getting too big, too many NtProtectVirtualMemory calls found.
              • Report size getting too big, too many NtQueryValueKey calls found.

              Simulations

              Behavior and APIs

              TimeTypeDescription
              04:54:51API Interceptor4x Sleep call for process: L3pFsxNFICpBGmi.exe modified
              04:54:53API Interceptor16x Sleep call for process: powershell.exe modified
              04:54:56API Interceptor4x Sleep call for process: VgPjxShbdbBH.exe modified
              10:54:55Task SchedulerRun new task: VgPjxShbdbBH path: C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exe

              Joe Sandbox View / Context

              IPs

              No context

              Domains

              No context

              ASNs

              No context

              JA3 Fingerprints

              No context

              Dropped Files

              No context

              Created / dropped Files

              C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\L3pFsxNFICpBGmi.exe.log

              Download File
              Process:C:\Users\user\Desktop\L3pFsxNFICpBGmi.exe
              File Type:ASCII text, with CRLF line terminators
              Category:dropped
              Size (bytes):1216
              Entropy (8bit):5.34331486778365
              Encrypted:false
              SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
              MD5:1330C80CAAC9A0FB172F202485E9B1E8
              SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
              SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
              SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
              Malicious:true
              Reputation:high, very likely benign file
              Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

              C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\VgPjxShbdbBH.exe.log

              Download File
              Process:C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exe
              File Type:ASCII text, with CRLF line terminators
              Category:dropped
              Size (bytes):1216
              Entropy (8bit):5.34331486778365
              Encrypted:false
              SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
              MD5:1330C80CAAC9A0FB172F202485E9B1E8
              SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
              SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
              SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
              Malicious:false
              Reputation:high, very likely benign file
              Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

              C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

              Download File
              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
              File Type:data
              Category:dropped
              Size (bytes):2232
              Entropy (8bit):5.380747059108785
              Encrypted:false
              SSDEEP:48:lylWSU4xymI4RfoUeW+gZ9tK8NPZHUxL7u1iMugeC/ZPUyus:lGLHxvIIwLgZ2KRHWLOug8s
              MD5:4D3B8C97355CF67072ABECB12613F72B
              SHA1:07B27BA4FE575BBF9F893F03789AD9B8BC2F8615
              SHA-256:75FC38CDE708951C1963BB89E8AA6CC82F15F1A261BEACAF1BFD9CF0518BEECD
              SHA-512:8E47C93144772042865B784300F4528E079615F502A3C5DC6BFDE069880268706B7B3BEE227AD5D9EA0E6A3055EDBC90B39B9E55FE3AD58635493253A210C996
              Malicious:false
              Preview:@...e.................................^..............@..........P................1]...E.....j.....(.Microsoft.PowerShell.Commands.ManagementH...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..|f........System.Core.D...............4..7..D.#V.............System.Management.Automation<...............i..VdqF...|...........System.Configuration4.................%...K... ...........System.Xml..L.................*gQ?O.....x5.......#.Microsoft.Management.Infrastructure.<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServices8..................1...L..U;V.<}........System.Numerics.4.....................@.[8]'.\........System.Data.H................WY..2.M.&..g*(g........Microsoft.PowerShell.Security...<...............V.}...@...i...........System.Transactions.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Com

              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3pad0gkz.1q4.ps1

              Download File
              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
              File Type:ASCII text, with no line terminators
              Category:dropped
              Size (bytes):60
              Entropy (8bit):4.038920595031593
              Encrypted:false
              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
              MD5:D17FE0A3F47BE24A6453E9EF58C94641
              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
              Malicious:false
              Preview:# PowerShell test file to determine AppLocker lockdown mode

              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_504tzhih.vd4.psm1

              Download File
              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
              File Type:ASCII text, with no line terminators
              Category:dropped
              Size (bytes):60
              Entropy (8bit):4.038920595031593
              Encrypted:false
              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
              MD5:D17FE0A3F47BE24A6453E9EF58C94641
              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
              Malicious:false
              Preview:# PowerShell test file to determine AppLocker lockdown mode

              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_dd3gdga5.5id.ps1

              Download File
              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
              File Type:ASCII text, with no line terminators
              Category:dropped
              Size (bytes):60
              Entropy (8bit):4.038920595031593
              Encrypted:false
              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
              MD5:D17FE0A3F47BE24A6453E9EF58C94641
              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
              Malicious:false
              Preview:# PowerShell test file to determine AppLocker lockdown mode

              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_uxs0w3zc.zmi.psm1

              Download File
              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
              File Type:ASCII text, with no line terminators
              Category:dropped
              Size (bytes):60
              Entropy (8bit):4.038920595031593
              Encrypted:false
              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
              MD5:D17FE0A3F47BE24A6453E9EF58C94641
              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
              Malicious:false
              Preview:# PowerShell test file to determine AppLocker lockdown mode

              C:\Users\user\AppData\Local\Temp\tmp4C43.tmp

              Download File
              Process:C:\Users\user\Desktop\L3pFsxNFICpBGmi.exe
              File Type:XML 1.0 document, ASCII text
              Category:dropped
              Size (bytes):1599
              Entropy (8bit):5.104753356891658
              Encrypted:false
              SSDEEP:24:2di4+S2qhHb1eHky1mIHdUnrKMhEMOFGpwOzNgU3ODOiIQRvh7hwrgXuNtLt+xvn:cge7QYrFdOFzOzN33ODOiDdKrsuTByv
              MD5:310C84608CF6EC27E87905B554ABFFEA
              SHA1:D9C5DC94B960C913FD03F51EC5691833A06128C9
              SHA-256:7FCABC91E6B2770FBAADDF85BC73E87FDD3915E2411559BD3BC9ED5F937481EC
              SHA-512:D56ED168F2D0A198A340637CBFB51B01C455C6AEEA145022BC7E911118BD6B7175C607430E5FBFBD9FAE6522894300B5C1FEB4740D74BAFBFAA58E9EDE3BAF1D
              Malicious:true
              Preview:<?xml version="1.0" encoding="UTF-16"?>.<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">. <RegistrationInfo>. <Date>2014-10-25T14:27:44.8929027</Date>. <Author>user-PC\user</Author>. </RegistrationInfo>. <Triggers>. <LogonTrigger>. <Enabled>true</Enabled>. <UserId>user-PC\user</UserId>. </LogonTrigger>. <RegistrationTrigger>. <Enabled>false</Enabled>. </RegistrationTrigger>. </Triggers>. <Principals>. <Principal id="Author">. <UserId>user-PC\user</UserId>. <LogonType>InteractiveToken</LogonType>. <RunLevel>LeastPrivilege</RunLevel>. </Principal>. </Principals>. <Settings>. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>. <AllowHardTerminate>false</AllowHardTerminate>. <StartWhenAvailable>true</StartWhenAvailable>. <Run

              C:\Users\user\AppData\Local\Temp\tmp5CCE.tmp

              Download File
              Process:C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exe
              File Type:XML 1.0 document, ASCII text
              Category:dropped
              Size (bytes):1599
              Entropy (8bit):5.104753356891658
              Encrypted:false
              SSDEEP:24:2di4+S2qhHb1eHky1mIHdUnrKMhEMOFGpwOzNgU3ODOiIQRvh7hwrgXuNtLt+xvn:cge7QYrFdOFzOzN33ODOiDdKrsuTByv
              MD5:310C84608CF6EC27E87905B554ABFFEA
              SHA1:D9C5DC94B960C913FD03F51EC5691833A06128C9
              SHA-256:7FCABC91E6B2770FBAADDF85BC73E87FDD3915E2411559BD3BC9ED5F937481EC
              SHA-512:D56ED168F2D0A198A340637CBFB51B01C455C6AEEA145022BC7E911118BD6B7175C607430E5FBFBD9FAE6522894300B5C1FEB4740D74BAFBFAA58E9EDE3BAF1D
              Malicious:false
              Preview:<?xml version="1.0" encoding="UTF-16"?>.<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">. <RegistrationInfo>. <Date>2014-10-25T14:27:44.8929027</Date>. <Author>user-PC\user</Author>. </RegistrationInfo>. <Triggers>. <LogonTrigger>. <Enabled>true</Enabled>. <UserId>user-PC\user</UserId>. </LogonTrigger>. <RegistrationTrigger>. <Enabled>false</Enabled>. </RegistrationTrigger>. </Triggers>. <Principals>. <Principal id="Author">. <UserId>user-PC\user</UserId>. <LogonType>InteractiveToken</LogonType>. <RunLevel>LeastPrivilege</RunLevel>. </Principal>. </Principals>. <Settings>. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>. <AllowHardTerminate>false</AllowHardTerminate>. <StartWhenAvailable>true</StartWhenAvailable>. <Run

              C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exe

              Download File
              Process:C:\Users\user\Desktop\L3pFsxNFICpBGmi.exe
              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
              Category:dropped
              Size (bytes):724480
              Entropy (8bit):7.920454240803197
              Encrypted:false
              SSDEEP:12288:wDfbIokj2nRQVMt9XbKBB/CiPsz88npHeAwY+Sn5l0cWNcFhenTTbllk:wQoLnJK1szbnpLwY+STmNEOTk
              MD5:24BB9C65918D0110CD3175A206EC1A4F
              SHA1:851184F625D91154BF84A37F6FCE380AB96E1770
              SHA-256:2CE56B77AFF14FBA64510A678E42154864D96F445F8FCB28A398FECB18B2D6D4
              SHA-512:400AC23B515AE4CB65CE2809C08CDDA45627BE918579E7A8A910EDBDE54A3E9CA6C061EF4CBCD713DDA6453589B9019AA03C97FDB73BD65EE8833B6E51014E30
              Malicious:true
              Antivirus:
              • Antivirus: Joe Sandbox ML, Detection: 100%
              • Antivirus: ReversingLabs, Detection: 79%
              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......f..............0..............#... ...@....@.. ....................................@.................................."..O....@.......................`..........T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................."......H...........<............@.............................................&.( .....*...0..9........~.........,".r...p.....(!...o"...s#...........~.....+..*....0...........~.....+..*".......*.0..!........(....r;..p~....o$.....t.....+..*".(%....*F.(%.......(.....*..{....*"..}....*F.(%.......(.....*..{....*"..}....*&.(%.....*F.(%.......(.....*..{....*"..}....*....(......*f.(%.......(.......(.....*..{....*"..}....*..{....*"..}....**..(......*F.(%.......(.....*..{....*"..}....*F.(%.

              C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exe:Zone.Identifier

              Download File
              Process:C:\Users\user\Desktop\L3pFsxNFICpBGmi.exe
              File Type:ASCII text, with CRLF line terminators
              Category:dropped
              Size (bytes):26
              Entropy (8bit):3.95006375643621
              Encrypted:false
              SSDEEP:3:ggPYV:rPYV
              MD5:187F488E27DB4AF347237FE461A079AD
              SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
              SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
              SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
              Malicious:true
              Preview:[ZoneTransfer]....ZoneId=0

              Static File Info

              General

              File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
              Entropy (8bit):7.920454240803197
              TrID:
              • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
              • Win32 Executable (generic) a (10002005/4) 49.78%
              • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
              • Generic Win/DOS Executable (2004/3) 0.01%
              • DOS Executable Generic (2002/1) 0.01%
              File name:L3pFsxNFICpBGmi.exe
              File size:724'480 bytes
              MD5:24bb9c65918d0110cd3175a206ec1a4f
              SHA1:851184f625d91154bf84a37f6fce380ab96e1770
              SHA256:2ce56b77aff14fba64510a678e42154864d96f445f8fcb28a398fecb18b2d6d4
              SHA512:400ac23b515ae4cb65ce2809c08cdda45627be918579e7a8a910edbde54a3e9ca6c061ef4cbcd713dda6453589b9019aa03c97fdb73bd65ee8833b6e51014e30
              SSDEEP:12288:wDfbIokj2nRQVMt9XbKBB/CiPsz88npHeAwY+Sn5l0cWNcFhenTTbllk:wQoLnJK1szbnpLwY+STmNEOTk
              TLSH:DBF412382628933BD53DCBF994B5234003FAB221B522F7295EF0A0DD1967765C9A731B
              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......f..............0..............#... ...@....@.. ....................................@................................

              File Icon

              Icon Hash:00928e8e8686b000

              Static PE Info

              General

              Entrypoint:0x4b2302
              Entrypoint Section:.text
              Digitally signed:false
              Imagebase:0x400000
              Subsystem:windows gui
              Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
              DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
              Time Stamp:0x66A1FD01 [Thu Jul 25 07:21:37 2024 UTC]
              TLS Callbacks:
              CLR (.Net) Version:
              OS Version Major:4
              OS Version Minor:0
              File Version Major:4
              File Version Minor:0
              Subsystem Version Major:4
              Subsystem Version Minor:0
              Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

              Entrypoint Preview

              Instruction
              jmp dword ptr [00402000h]
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al

              Data Directories

              NameVirtual AddressVirtual Size Is in Section
              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
              IMAGE_DIRECTORY_ENTRY_IMPORT0xb22af0x4f.text
              IMAGE_DIRECTORY_ENTRY_RESOURCE0xb40000x5e4.rsrc
              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
              IMAGE_DIRECTORY_ENTRY_BASERELOC0xb60000xc.reloc
              IMAGE_DIRECTORY_ENTRY_DEBUG0xaecb00x54.text
              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
              IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

              Sections

              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
              .text0x20000xb03080xb04008d3b6310b0d06b96dbeacfb05294df23False0.9347462322695036data7.92691719537184IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
              .rsrc0xb40000x5e40x60065e7964f4059e07ec8f0e1b4e2e87dfaFalse0.4446614583333333data4.2024879021019546IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
              .reloc0xb60000xc0x200de6060026879f00b707708f57349cdc6False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

              Resources

              NameRVASizeTypeLanguageCountryZLIB Complexity
              RT_VERSION0xb40900x354data0.44835680751173707
              RT_MANIFEST0xb43f40x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

              Imports

              DLLImport
              mscoree.dll_CorExeMain

              Network Behavior

              Suricata IDS Alerts

              TimestampProtocolSIDSignatureSource PortDest PortSource IPDest IP
              2024-07-26T10:55:31.051870+0200TCP2022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow4435920920.12.23.50192.168.2.6
              2024-07-26T10:55:30.042277+0200TCP2022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow4435920820.12.23.50192.168.2.6
              2024-07-26T10:55:10.961195+0200TCP2022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow4434971752.165.165.26192.168.2.6

              Network Port Distribution

              UDP Packets

              TimestampSource PortDest PortSource IPDest IP
              Jul 26, 2024 10:55:25.631633997 CEST5354773162.159.36.2192.168.2.6
              Jul 26, 2024 10:55:26.125245094 CEST5023453192.168.2.61.1.1.1
              Jul 26, 2024 10:55:26.133162975 CEST53502341.1.1.1192.168.2.6

              DNS Queries

              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
              Jul 26, 2024 10:55:26.125245094 CEST192.168.2.61.1.1.10xa22cStandard query (0)15.164.165.52.in-addr.arpaPTR (Pointer record)IN (0x0001)false

              DNS Answers

              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
              Jul 26, 2024 10:55:26.133162975 CEST1.1.1.1192.168.2.60xa22cName error (3)15.164.165.52.in-addr.arpanonenonePTR (Pointer record)IN (0x0001)false

              Statistics

              CPU Usage

              Click to jump to process

              Memory Usage

              Click to jump to process

              High Level Behavior Distribution

              Click to dive into process behavior distribution

              Behavior

              Click to jump to process

              System Behavior

              General

              Target ID:0
              Start time:04:54:50
              Start date:26/07/2024
              Path:C:\Users\user\Desktop\L3pFsxNFICpBGmi.exe
              Wow64 process (32bit):true
              Commandline:"C:\Users\user\Desktop\L3pFsxNFICpBGmi.exe"
              Imagebase:0x450000
              File size:724'480 bytes
              MD5 hash:24BB9C65918D0110CD3175A206EC1A4F
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:low
              Has exited:true

              General

              Target ID:3
              Start time:04:54:52
              Start date:26/07/2024
              Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
              Wow64 process (32bit):true
              Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exe"
              Imagebase:0xd10000
              File size:433'152 bytes
              MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:high
              Has exited:true

              General

              Target ID:4
              Start time:04:54:52
              Start date:26/07/2024
              Path:C:\Windows\System32\conhost.exe
              Wow64 process (32bit):false
              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Imagebase:0x7ff66e660000
              File size:862'208 bytes
              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:high
              Has exited:true

              General

              Target ID:5
              Start time:04:54:52
              Start date:26/07/2024
              Path:C:\Windows\SysWOW64\schtasks.exe
              Wow64 process (32bit):true
              Commandline:"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\VgPjxShbdbBH" /XML "C:\Users\user\AppData\Local\Temp\tmp4C43.tmp"
              Imagebase:0xf40000
              File size:187'904 bytes
              MD5 hash:48C2FE20575769DE916F48EF0676A965
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:high
              Has exited:true

              General

              Target ID:6
              Start time:04:54:52
              Start date:26/07/2024
              Path:C:\Windows\System32\conhost.exe
              Wow64 process (32bit):false
              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Imagebase:0x7ff66e660000
              File size:862'208 bytes
              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:high
              Has exited:true

              General

              Target ID:7
              Start time:04:54:53
              Start date:26/07/2024
              Path:C:\Users\user\Desktop\L3pFsxNFICpBGmi.exe
              Wow64 process (32bit):true
              Commandline:"C:\Users\user\Desktop\L3pFsxNFICpBGmi.exe"
              Imagebase:0x5c0000
              File size:724'480 bytes
              MD5 hash:24BB9C65918D0110CD3175A206EC1A4F
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Yara matches:
              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000007.00000002.2368050884.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000007.00000002.2368050884.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000007.00000002.2368458197.0000000000BE0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000007.00000002.2368458197.0000000000BE0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
              Reputation:low
              Has exited:true

              General

              Target ID:8
              Start time:04:54:54
              Start date:26/07/2024
              Path:C:\Windows\System32\wbem\WmiPrvSE.exe
              Wow64 process (32bit):false
              Commandline:C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
              Imagebase:0x7ff717f30000
              File size:496'640 bytes
              MD5 hash:60FF40CFD7FB8FE41EE4FE9AE5FE1C51
              Has elevated privileges:true
              Has administrator privileges:false
              Programmed in:C, C++ or other language
              Reputation:high
              Has exited:true

              General

              Target ID:9
              Start time:04:54:55
              Start date:26/07/2024
              Path:C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exe
              Wow64 process (32bit):true
              Commandline:C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exe
              Imagebase:0xff0000
              File size:724'480 bytes
              MD5 hash:24BB9C65918D0110CD3175A206EC1A4F
              Has elevated privileges:false
              Has administrator privileges:false
              Programmed in:C, C++ or other language
              Antivirus matches:
              • Detection: 100%, Joe Sandbox ML
              • Detection: 79%, ReversingLabs
              Reputation:low
              Has exited:true

              General

              Target ID:10
              Start time:04:54:57
              Start date:26/07/2024
              Path:C:\Windows\SysWOW64\schtasks.exe
              Wow64 process (32bit):true
              Commandline:"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\VgPjxShbdbBH" /XML "C:\Users\user\AppData\Local\Temp\tmp5CCE.tmp"
              Imagebase:0xf40000
              File size:187'904 bytes
              MD5 hash:48C2FE20575769DE916F48EF0676A965
              Has elevated privileges:false
              Has administrator privileges:false
              Programmed in:C, C++ or other language
              Reputation:high
              Has exited:true

              General

              Target ID:11
              Start time:04:54:57
              Start date:26/07/2024
              Path:C:\Windows\System32\conhost.exe
              Wow64 process (32bit):false
              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Imagebase:0x7ff66e660000
              File size:862'208 bytes
              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
              Has elevated privileges:false
              Has administrator privileges:false
              Programmed in:C, C++ or other language
              Reputation:high
              Has exited:true

              General

              Target ID:12
              Start time:04:54:57
              Start date:26/07/2024
              Path:C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exe
              Wow64 process (32bit):false
              Commandline:"C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exe"
              Imagebase:0x230000
              File size:724'480 bytes
              MD5 hash:24BB9C65918D0110CD3175A206EC1A4F
              Has elevated privileges:false
              Has administrator privileges:false
              Programmed in:C, C++ or other language
              Reputation:low
              Has exited:true

              General

              Target ID:13
              Start time:04:54:57
              Start date:26/07/2024
              Path:C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exe
              Wow64 process (32bit):true
              Commandline:"C:\Users\user\AppData\Roaming\VgPjxShbdbBH.exe"
              Imagebase:0x840000
              File size:724'480 bytes
              MD5 hash:24BB9C65918D0110CD3175A206EC1A4F
              Has elevated privileges:false
              Has administrator privileges:false
              Programmed in:C, C++ or other language
              Reputation:low
              Has exited:true

              Disassembly

              Reset < >

                Execution Graph

                Execution Coverage:12.2%
                Dynamic/Decrypted Code Coverage:100%
                Signature Coverage:0%
                Total number of Nodes:206
                Total number of Limit Nodes:9
                execution_graph 41059 2724960 41060 2724972 41059->41060 41061 272497e 41060->41061 41063 2724a70 41060->41063 41064 2724a95 41063->41064 41068 2724b80 41064->41068 41072 2724b71 41064->41072 41070 2724ba7 41068->41070 41069 2724c84 41069->41069 41070->41069 41077 2724888 41070->41077 41073 2724a9f 41072->41073 41074 2724b7f 41072->41074 41073->41061 41075 2724c84 41074->41075 41076 2724888 CreateActCtxA 41074->41076 41075->41075 41076->41075 41078 2726010 CreateActCtxA 41077->41078 41080 27260d3 41078->41080 41081 74651d0 41082 746535b 41081->41082 41084 74651f6 41081->41084 41084->41082 41085 7464dc8 41084->41085 41086 7465450 PostMessageW 41085->41086 41087 74654bc 41086->41087 41087->41084 41088 74615e9 41089 7461605 41088->41089 41090 74616ec 41088->41090 41094 7463cce 41089->41094 41118 7463c68 41089->41118 41141 7463c58 41089->41141 41095 7463c5c 41094->41095 41097 7463cd1 41094->41097 41164 74648e6 41095->41164 41170 7464038 41095->41170 41178 746465b 41095->41178 41183 74641fc 41095->41183 41188 746487c 41095->41188 41193 746439f 41095->41193 41198 7464117 41095->41198 41203 7464256 41095->41203 41208 7464896 41095->41208 41216 74643f6 41095->41216 41220 74640a8 41095->41220 41225 74642c8 41095->41225 41229 746426b 41095->41229 41234 746476c 41095->41234 41239 746466e 41095->41239 41243 74646a1 41095->41243 41252 7464622 41095->41252 41256 7464342 41095->41256 41261 7464587 41095->41261 41266 7464606 41095->41266 41096 7463c8a 41096->41090 41097->41090 41119 7463c82 41118->41119 41121 74648e6 2 API calls 41119->41121 41122 7464606 2 API calls 41119->41122 41123 7464587 2 API calls 41119->41123 41124 7464342 2 API calls 41119->41124 41125 7464622 2 API calls 41119->41125 41126 74646a1 2 API calls 41119->41126 41127 746466e 2 API calls 41119->41127 41128 746476c 2 API calls 41119->41128 41129 746426b 2 API calls 41119->41129 41130 74642c8 2 API calls 41119->41130 41131 74640a8 2 API calls 41119->41131 41132 74643f6 2 API calls 41119->41132 41133 7464896 2 API calls 41119->41133 41134 7464256 2 API calls 41119->41134 41135 7464117 2 API calls 41119->41135 41136 746439f 2 API calls 41119->41136 41137 746487c 2 API calls 41119->41137 41138 74641fc 2 API calls 41119->41138 41139 746465b 2 API calls 41119->41139 41140 7464038 4 API calls 41119->41140 41120 7463c8a 41120->41090 41121->41120 41122->41120 41123->41120 41124->41120 41125->41120 41126->41120 41127->41120 41128->41120 41129->41120 41130->41120 41131->41120 41132->41120 41133->41120 41134->41120 41135->41120 41136->41120 41137->41120 41138->41120 41139->41120 41140->41120 41142 7463c5c 41141->41142 41144 74648e6 2 API calls 41142->41144 41145 7464606 2 API calls 41142->41145 41146 7464587 2 API calls 41142->41146 41147 7464342 2 API calls 41142->41147 41148 7464622 2 API calls 41142->41148 41149 74646a1 2 API calls 41142->41149 41150 746466e 2 API calls 41142->41150 41151 746476c 2 API calls 41142->41151 41152 746426b 2 API calls 41142->41152 41153 74642c8 2 API calls 41142->41153 41154 74640a8 2 API calls 41142->41154 41155 74643f6 2 API calls 41142->41155 41156 7464896 2 API calls 41142->41156 41157 7464256 2 API calls 41142->41157 41158 7464117 2 API calls 41142->41158 41159 746439f 2 API calls 41142->41159 41160 746487c 2 API calls 41142->41160 41161 74641fc 2 API calls 41142->41161 41162 746465b 2 API calls 41142->41162 41163 7464038 4 API calls 41142->41163 41143 7463c8a 41143->41090 41144->41143 41145->41143 41146->41143 41147->41143 41148->41143 41149->41143 41150->41143 41151->41143 41152->41143 41153->41143 41154->41143 41155->41143 41156->41143 41157->41143 41158->41143 41159->41143 41160->41143 41161->41143 41162->41143 41163->41143 41165 7464787 41164->41165 41166 74648f3 41164->41166 41271 7460ca0 41165->41271 41275 7460c98 41165->41275 41167 746479c 41171 7464055 41170->41171 41279 7461164 41171->41279 41283 7461170 41171->41283 41172 7464a9d 41172->41096 41173 7464089 41176 7460d50 Wow64SetThreadContext 41173->41176 41177 7460d48 Wow64SetThreadContext 41173->41177 41176->41172 41177->41172 41179 746421d 41178->41179 41181 7460ca0 ResumeThread 41179->41181 41182 7460c98 ResumeThread 41179->41182 41180 746479c 41181->41180 41182->41180 41184 746421d 41183->41184 41186 7460ca0 ResumeThread 41184->41186 41187 7460c98 ResumeThread 41184->41187 41185 746479c 41186->41185 41187->41185 41189 7464889 41188->41189 41287 7460ee0 41189->41287 41291 7460ee8 41189->41291 41190 7464994 41194 746437e 41193->41194 41195 7464a5b 41194->41195 41295 7460fd5 41194->41295 41299 7460fd8 41194->41299 41195->41096 41199 74640b4 41198->41199 41303 7460d50 41199->41303 41307 7460d48 41199->41307 41200 7464a9d 41200->41096 41205 74640b4 41203->41205 41204 7464a9d 41204->41096 41206 7460d50 Wow64SetThreadContext 41205->41206 41207 7460d48 Wow64SetThreadContext 41205->41207 41206->41204 41207->41204 41209 746489c 41208->41209 41210 74647e5 41209->41210 41214 7460fd5 ReadProcessMemory 41209->41214 41215 7460fd8 ReadProcessMemory 41209->41215 41211 7464a5b 41210->41211 41212 7460fd5 ReadProcessMemory 41210->41212 41213 7460fd8 ReadProcessMemory 41210->41213 41211->41096 41212->41210 41213->41210 41214->41210 41215->41210 41218 7460ee0 WriteProcessMemory 41216->41218 41219 7460ee8 WriteProcessMemory 41216->41219 41217 7464424 41217->41096 41218->41217 41219->41217 41221 74640b4 41220->41221 41223 7460d50 Wow64SetThreadContext 41221->41223 41224 7460d48 Wow64SetThreadContext 41221->41224 41222 7464a9d 41222->41096 41223->41222 41224->41222 41227 7460ee0 WriteProcessMemory 41225->41227 41228 7460ee8 WriteProcessMemory 41225->41228 41226 74642ec 41227->41226 41228->41226 41230 74640b4 41229->41230 41232 7460d50 Wow64SetThreadContext 41230->41232 41233 7460d48 Wow64SetThreadContext 41230->41233 41231 7464a9d 41231->41096 41232->41231 41233->41231 41235 7464787 41234->41235 41237 7460ca0 ResumeThread 41235->41237 41238 7460c98 ResumeThread 41235->41238 41236 746479c 41237->41236 41238->41236 41311 7460e21 41239->41311 41315 7460e28 41239->41315 41240 746468c 41244 7464621 41243->41244 41247 74640b4 41243->41247 41250 7460d50 Wow64SetThreadContext 41244->41250 41251 7460d48 Wow64SetThreadContext 41244->41251 41245 746463c 41246 7464a9d 41246->41096 41248 7460d50 Wow64SetThreadContext 41247->41248 41249 7460d48 Wow64SetThreadContext 41247->41249 41248->41246 41249->41246 41250->41245 41251->41245 41254 7460d50 Wow64SetThreadContext 41252->41254 41255 7460d48 Wow64SetThreadContext 41252->41255 41253 746463c 41254->41253 41255->41253 41257 7464348 41256->41257 41258 7464a5b 41257->41258 41259 7460fd5 ReadProcessMemory 41257->41259 41260 7460fd8 ReadProcessMemory 41257->41260 41258->41096 41259->41257 41260->41257 41262 74640b4 41261->41262 41264 7460d50 Wow64SetThreadContext 41262->41264 41265 7460d48 Wow64SetThreadContext 41262->41265 41263 7464a9d 41263->41096 41264->41263 41265->41263 41267 74640b4 41266->41267 41269 7460d50 Wow64SetThreadContext 41267->41269 41270 7460d48 Wow64SetThreadContext 41267->41270 41268 7464a9d 41268->41096 41269->41268 41270->41268 41272 7460ce0 ResumeThread 41271->41272 41274 7460d11 41272->41274 41274->41167 41276 7460ca0 ResumeThread 41275->41276 41278 7460d11 41276->41278 41278->41167 41280 7461170 CreateProcessA 41279->41280 41282 74613bb 41280->41282 41284 74611f9 CreateProcessA 41283->41284 41286 74613bb 41284->41286 41288 7460ee5 WriteProcessMemory 41287->41288 41290 7460f87 41288->41290 41290->41190 41292 7460f30 WriteProcessMemory 41291->41292 41294 7460f87 41292->41294 41294->41190 41296 7460fdc ReadProcessMemory 41295->41296 41298 7461067 41296->41298 41298->41194 41300 7461023 ReadProcessMemory 41299->41300 41302 7461067 41300->41302 41302->41194 41304 7460d95 Wow64SetThreadContext 41303->41304 41306 7460ddd 41304->41306 41306->41200 41308 7460d95 Wow64SetThreadContext 41307->41308 41310 7460ddd 41308->41310 41310->41200 41312 7460e28 VirtualAllocEx 41311->41312 41314 7460ea5 41312->41314 41314->41240 41316 7460e68 VirtualAllocEx 41315->41316 41318 7460ea5 41316->41318 41318->41240

                Executed Functions

                Function 06FF0448 Relevance: 2.6, Instructions: 2603COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2177085424.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6ff0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0aa419406efe647b6b3aa0bcc234b8926b00abe75c157f8f0bf7e4c8cf2c7527
                • Instruction ID: 21a8f20b62c8c0c917d44b1643c23ad1e063c448b8870b64f5dccb82d5502fe9
                • Opcode Fuzzy Hash: 0aa419406efe647b6b3aa0bcc234b8926b00abe75c157f8f0bf7e4c8cf2c7527
                • Instruction Fuzzy Hash: 6843E874E11219CFDB64DF68C898A9DB7B2BF89310F158199E509AB3A1DB30ED81CF50
                Function 06E32278 Relevance: 1.1, Instructions: 1083COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2171383565.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6e30000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c44b3dd8de3f3c1ba05c7c25b4c7b5cef75b4462cccb1522c1b65cc16cea947e
                • Instruction ID: 4209a1e4615f9ab5701667bd7ae7ace0c227fc03477f408aaf255d27b55050a1
                • Opcode Fuzzy Hash: c44b3dd8de3f3c1ba05c7c25b4c7b5cef75b4462cccb1522c1b65cc16cea947e
                • Instruction Fuzzy Hash: 88B2D534A41229CFDB65DB24C898EE9B7B2FF49300F1195E9D5096B361DB32AE85CF00
                Function 06E33008 Relevance: 1.1, Instructions: 1083COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2171383565.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6e30000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 855211669a98149111dc7b356525722daf8b245fb94d09f1eda7d2260d687b89
                • Instruction ID: 58a217636cdec8f505e160b2f27185233aa11cbd2bbbcf4a4ee4b2f9e4203ef6
                • Opcode Fuzzy Hash: 855211669a98149111dc7b356525722daf8b245fb94d09f1eda7d2260d687b89
                • Instruction Fuzzy Hash: 11B2D434A41229CFDB65DB64C898EE9B7B2FF49300F1195E9D5096B361DB32AE85CF00
                Function 06E34ADA Relevance: .6, Instructions: 595COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2171383565.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6e30000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 203a354b23c03854c5b3d707663ecdc9524b0d30f7989dd8a313b3479769d424
                • Instruction ID: ba41859a23b41aa5e9331f0147b53ac73e02cc8fe95237ce2f5687994e96179e
                • Opcode Fuzzy Hash: 203a354b23c03854c5b3d707663ecdc9524b0d30f7989dd8a313b3479769d424
                • Instruction Fuzzy Hash: C7520738A01219CFDB64DF64C984BA9B7B2FF8A300F1185E9D5496B361DB71AE85CF01
                Function 06E32E50 Relevance: .6, Instructions: 593COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2171383565.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6e30000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 551fcab33258c5783069f6d8dd6233791d94ff3f6a9d30a96dfa5aa61f2dfe13
                • Instruction ID: fc3b2aa495eed5e9927b94b2fbf11979d15906b3d3f34d80cc3c53a56f7cb826
                • Opcode Fuzzy Hash: 551fcab33258c5783069f6d8dd6233791d94ff3f6a9d30a96dfa5aa61f2dfe13
                • Instruction Fuzzy Hash: D8520838A01219CFDB64DF64C984BA9B7B2FF8A300F1195E9D5496B361DB70AE85CF01
                Function 07466F20 Relevance: .4, Instructions: 356COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2181733273.0000000007460000.00000040.00000800.00020000.00000000.sdmp, Offset: 07460000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7460000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 1ad9e0efc5c75e14f5cdd12547fa398a8daa320c35a12381f7c76f7fcbc92e1a
                • Instruction ID: a2bc9d878a01fc86e37f9c0f2b91815ed0560d3508b3c0fea196aa59906114e8
                • Opcode Fuzzy Hash: 1ad9e0efc5c75e14f5cdd12547fa398a8daa320c35a12381f7c76f7fcbc92e1a
                • Instruction Fuzzy Hash: CBD1B8B07006118FDB2ADB66C458BAFB7F6AF89704F10846ED146DB790CB35E942CB52
                Function 06FFA2B8 Relevance: .1, Instructions: 79COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2177085424.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6ff0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2ce3e35042612016009a73f05cdbbf10e2e2d3d0c57f8204220c9b23822c245d
                • Instruction ID: 49adb365415f0de7c4984602fa63048ce33e087a56fcb6862e77e30e55cec780
                • Opcode Fuzzy Hash: 2ce3e35042612016009a73f05cdbbf10e2e2d3d0c57f8204220c9b23822c245d
                • Instruction Fuzzy Hash: 61212FB5E147598FEB28CFA7D8007AABBF7AFC9210F08C0BAD50866265DB740545CF51
                Function 06E30C91 Relevance: .1, Instructions: 63COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2171383565.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6e30000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2869e7ff906b9a0dd05aec538556fa2e6cd6d6247f945329084fd2729c2dfc94
                • Instruction ID: 0b5385a6898f27c0a66732f72037e88ba61097690857fb21cba1acd55854d3a3
                • Opcode Fuzzy Hash: 2869e7ff906b9a0dd05aec538556fa2e6cd6d6247f945329084fd2729c2dfc94
                • Instruction Fuzzy Hash: 74110C357542608FD7888B6CD408AE5B7F9EF8A611B0150BBE105EB371CA71DC05C750
                Function 07461164 Relevance: 1.8, APIs: 1, Instructions: 250processCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 770 7461164-7461205 773 7461207-7461211 770->773 774 746123e-746125e 770->774 773->774 775 7461213-7461215 773->775 779 7461297-74612c6 774->779 780 7461260-746126a 774->780 777 7461217-7461221 775->777 778 7461238-746123b 775->778 781 7461225-7461234 777->781 782 7461223 777->782 778->774 790 74612ff-74613b9 CreateProcessA 779->790 791 74612c8-74612d2 779->791 780->779 783 746126c-746126e 780->783 781->781 784 7461236 781->784 782->781 785 7461270-746127a 783->785 786 7461291-7461294 783->786 784->778 788 746127e-746128d 785->788 789 746127c 785->789 786->779 788->788 792 746128f 788->792 789->788 802 74613c2-7461448 790->802 803 74613bb-74613c1 790->803 791->790 793 74612d4-74612d6 791->793 792->786 794 74612d8-74612e2 793->794 795 74612f9-74612fc 793->795 797 74612e6-74612f5 794->797 798 74612e4 794->798 795->790 797->797 799 74612f7 797->799 798->797 799->795 813 746144a-746144e 802->813 814 7461458-746145c 802->814 803->802 813->814 815 7461450 813->815 816 746145e-7461462 814->816 817 746146c-7461470 814->817 815->814 816->817 818 7461464 816->818 819 7461472-7461476 817->819 820 7461480-7461484 817->820 818->817 819->820 821 7461478 819->821 822 7461496-746149d 820->822 823 7461486-746148c 820->823 821->820 824 74614b4 822->824 825 746149f-74614ae 822->825 823->822 827 74614b5 824->827 825->824 827->827
                APIs
                • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 074613A6
                Memory Dump Source
                • Source File: 00000000.00000002.2181733273.0000000007460000.00000040.00000800.00020000.00000000.sdmp, Offset: 07460000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7460000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID: CreateProcess
                • String ID:
                • API String ID: 963392458-0
                • Opcode ID: 534c5676347974d264db2cb095b80b9882861ec119624d6f85e1c471d90c388e
                • Instruction ID: 70fbb4532c07f53590814bc7d580cf614d7bb2c28986e2806048a0702cbcf3de
                • Opcode Fuzzy Hash: 534c5676347974d264db2cb095b80b9882861ec119624d6f85e1c471d90c388e
                • Instruction Fuzzy Hash: 94A16FB1D0065DDFEB10CFA9C8457EEBBB2BF44310F14856AE819A7240DB749985CF92
                Function 07461170 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 828 7461170-7461205 830 7461207-7461211 828->830 831 746123e-746125e 828->831 830->831 832 7461213-7461215 830->832 836 7461297-74612c6 831->836 837 7461260-746126a 831->837 834 7461217-7461221 832->834 835 7461238-746123b 832->835 838 7461225-7461234 834->838 839 7461223 834->839 835->831 847 74612ff-74613b9 CreateProcessA 836->847 848 74612c8-74612d2 836->848 837->836 840 746126c-746126e 837->840 838->838 841 7461236 838->841 839->838 842 7461270-746127a 840->842 843 7461291-7461294 840->843 841->835 845 746127e-746128d 842->845 846 746127c 842->846 843->836 845->845 849 746128f 845->849 846->845 859 74613c2-7461448 847->859 860 74613bb-74613c1 847->860 848->847 850 74612d4-74612d6 848->850 849->843 851 74612d8-74612e2 850->851 852 74612f9-74612fc 850->852 854 74612e6-74612f5 851->854 855 74612e4 851->855 852->847 854->854 856 74612f7 854->856 855->854 856->852 870 746144a-746144e 859->870 871 7461458-746145c 859->871 860->859 870->871 872 7461450 870->872 873 746145e-7461462 871->873 874 746146c-7461470 871->874 872->871 873->874 875 7461464 873->875 876 7461472-7461476 874->876 877 7461480-7461484 874->877 875->874 876->877 878 7461478 876->878 879 7461496-746149d 877->879 880 7461486-746148c 877->880 878->877 881 74614b4 879->881 882 746149f-74614ae 879->882 880->879 884 74614b5 881->884 882->881 884->884
                APIs
                • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 074613A6
                Memory Dump Source
                • Source File: 00000000.00000002.2181733273.0000000007460000.00000040.00000800.00020000.00000000.sdmp, Offset: 07460000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7460000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID: CreateProcess
                • String ID:
                • API String ID: 963392458-0
                • Opcode ID: fb049202bf76b59594941ef78880dca89d84701a1d6eacc274c98761125eb9c9
                • Instruction ID: a68b511b4bf32eb3b1b56a8425f8263b2fc7ded36698965588fbd79f8c1a4df2
                • Opcode Fuzzy Hash: fb049202bf76b59594941ef78880dca89d84701a1d6eacc274c98761125eb9c9
                • Instruction Fuzzy Hash: AB915DB1D0065DCFEB14CFA9C845BEEBBB2BF48310F14856AE809A7240D7749985CF92
                Function 02726004 Relevance: 1.6, APIs: 1, Instructions: 99COMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 885 2726004-27260d1 CreateActCtxA 887 27260d3-27260d9 885->887 888 27260da-2726134 885->888 887->888 895 2726143-2726147 888->895 896 2726136-2726139 888->896 897 2726158 895->897 898 2726149-2726155 895->898 896->895 900 2726159 897->900 898->897 900->900
                APIs
                • CreateActCtxA.KERNEL32(?), ref: 027260C1
                Memory Dump Source
                • Source File: 00000000.00000002.2160477214.0000000002720000.00000040.00000800.00020000.00000000.sdmp, Offset: 02720000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_2720000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID: Create
                • String ID:
                • API String ID: 2289755597-0
                • Opcode ID: 506813f2b6eab169abcfd2e6f18373bffd41d94d996becf79e1585c1da5bd4e7
                • Instruction ID: acc40470be4b7f4d94915443971f312b82a6d610fd431a820f162fca059a6d6a
                • Opcode Fuzzy Hash: 506813f2b6eab169abcfd2e6f18373bffd41d94d996becf79e1585c1da5bd4e7
                • Instruction Fuzzy Hash: DE41D0B0C0062DCFEB24DFA9C844BCEBBB5BF48704F20816AD408AB255D775694ACF90
                Function 02724888 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 901 2724888-27260d1 CreateActCtxA 904 27260d3-27260d9 901->904 905 27260da-2726134 901->905 904->905 912 2726143-2726147 905->912 913 2726136-2726139 905->913 914 2726158 912->914 915 2726149-2726155 912->915 913->912 917 2726159 914->917 915->914 917->917
                APIs
                • CreateActCtxA.KERNEL32(?), ref: 027260C1
                Memory Dump Source
                • Source File: 00000000.00000002.2160477214.0000000002720000.00000040.00000800.00020000.00000000.sdmp, Offset: 02720000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_2720000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID: Create
                • String ID:
                • API String ID: 2289755597-0
                • Opcode ID: b824e0c45d238fe5c557999ef5704ca3c08eff53ffa2709d7d9091c16262a0bd
                • Instruction ID: 8ed438f8b54d232c5204b6c70e0b6af7b8dd2e84a13bfdbaa1674cb59d4695bf
                • Opcode Fuzzy Hash: b824e0c45d238fe5c557999ef5704ca3c08eff53ffa2709d7d9091c16262a0bd
                • Instruction Fuzzy Hash: 0E41B2B0C0072DCFEB24DFA9C844B9EBBB5BF49704F20816AD408AB255D7756949CF90
                Function 07465448 Relevance: 1.6, APIs: 1, Instructions: 78windowCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 918 7465448-746544c 919 746544e-74654ba PostMessageW 918->919 920 74653eb-746541f 918->920 925 74654c3-74654d7 919->925 926 74654bc-74654c2 919->926 923 7465421-7465427 920->923 924 7465428-746543c 920->924 923->924 926->925
                APIs
                • PostMessageW.USER32(?,00000010,00000000,?), ref: 074654AD
                Memory Dump Source
                • Source File: 00000000.00000002.2181733273.0000000007460000.00000040.00000800.00020000.00000000.sdmp, Offset: 07460000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7460000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID: MessagePost
                • String ID:
                • API String ID: 410705778-0
                • Opcode ID: 26ef82bc6a0f006f6d7965ecabc404c37c7e3d831aaacb92ec088cecb574728a
                • Instruction ID: a16e5ec11c661eea12e95763584df3ab88f637629c651e7e64dd7e4abffb68e1
                • Opcode Fuzzy Hash: 26ef82bc6a0f006f6d7965ecabc404c37c7e3d831aaacb92ec088cecb574728a
                • Instruction Fuzzy Hash: 3E3138B5800309DFDB10DF9AD449BEEFBF8EB48310F20845AD559A7210C375A554CFA6
                Function 07460EE0 Relevance: 1.6, APIs: 1, Instructions: 73injectionCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 929 7460ee0-7460f36 933 7460f46-7460f85 WriteProcessMemory 929->933 934 7460f38-7460f44 929->934 936 7460f87-7460f8d 933->936 937 7460f8e-7460fbe 933->937 934->933 936->937
                APIs
                • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 07460F78
                Memory Dump Source
                • Source File: 00000000.00000002.2181733273.0000000007460000.00000040.00000800.00020000.00000000.sdmp, Offset: 07460000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7460000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID: MemoryProcessWrite
                • String ID:
                • API String ID: 3559483778-0
                • Opcode ID: cb495ae6fb4b84d72e106e2e9cc29e8f90fbbcb11a93342243b9bb9ff521de77
                • Instruction ID: 86b45c4a31798c5a86ca046ff24e08bae184122ed5bd2207a3661122a1e26f19
                • Opcode Fuzzy Hash: cb495ae6fb4b84d72e106e2e9cc29e8f90fbbcb11a93342243b9bb9ff521de77
                • Instruction Fuzzy Hash: F42168B59003099FDB10CFAAD885BDEBBF5FF48320F10842AE918A7250C7789940CBA5
                Function 07460EE8 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 941 7460ee8-7460f36 943 7460f46-7460f85 WriteProcessMemory 941->943 944 7460f38-7460f44 941->944 946 7460f87-7460f8d 943->946 947 7460f8e-7460fbe 943->947 944->943 946->947
                APIs
                • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 07460F78
                Memory Dump Source
                • Source File: 00000000.00000002.2181733273.0000000007460000.00000040.00000800.00020000.00000000.sdmp, Offset: 07460000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7460000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID: MemoryProcessWrite
                • String ID:
                • API String ID: 3559483778-0
                • Opcode ID: bac326def022d64be3d1121f53ccb2f672cc46a7e8951ca348c01fa04e149dae
                • Instruction ID: f915d90f37af840f3025c199c6e55b511b58f641912c49e1efd19fee65de18fa
                • Opcode Fuzzy Hash: bac326def022d64be3d1121f53ccb2f672cc46a7e8951ca348c01fa04e149dae
                • Instruction Fuzzy Hash: 3E2146B19003499FDB10CFAAC885BDEBBF5FF48310F10842AE918A7250D7789940CBA5
                Function 07460D48 Relevance: 1.6, APIs: 1, Instructions: 64threadCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 951 7460d48-7460d9b 953 7460d9d-7460da9 951->953 954 7460dab-7460ddb Wow64SetThreadContext 951->954 953->954 956 7460de4-7460e14 954->956 957 7460ddd-7460de3 954->957 957->956
                APIs
                • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 07460DCE
                Memory Dump Source
                • Source File: 00000000.00000002.2181733273.0000000007460000.00000040.00000800.00020000.00000000.sdmp, Offset: 07460000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7460000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID: ContextThreadWow64
                • String ID:
                • API String ID: 983334009-0
                • Opcode ID: 070d7294d2f742ae0cf7a0996ceba4f77d918664d74cea49a9362d96016fd51d
                • Instruction ID: 566da916dc30c0377e84fc1bcf2af8fc85bc3dcf4bbeaf1fd888ed12677f5c1e
                • Opcode Fuzzy Hash: 070d7294d2f742ae0cf7a0996ceba4f77d918664d74cea49a9362d96016fd51d
                • Instruction Fuzzy Hash: BA2138B19003099FDB10DFAAC585BEEBBF4EF88320F14842AD559A7350C778A944CFA5
                Function 07460FD8 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 971 7460fd8-7461065 ReadProcessMemory 974 7461067-746106d 971->974 975 746106e-746109e 971->975 974->975
                APIs
                • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 07461058
                Memory Dump Source
                • Source File: 00000000.00000002.2181733273.0000000007460000.00000040.00000800.00020000.00000000.sdmp, Offset: 07460000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7460000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID: MemoryProcessRead
                • String ID:
                • API String ID: 1726664587-0
                • Opcode ID: 7a32c4b7c12ccfa6b4b9752924cf7e1cdb63bdbf872b3ae8e3004c45b7c2ff0f
                • Instruction ID: b8d6f2d61e0a39c943016d047604205a3427cad80cde7ec4b7041bf8b29dca86
                • Opcode Fuzzy Hash: 7a32c4b7c12ccfa6b4b9752924cf7e1cdb63bdbf872b3ae8e3004c45b7c2ff0f
                • Instruction Fuzzy Hash: A62125B190034DDFDB10DFAAC985AEEBBF5FF48310F10842AE519A7250C7799900CBA5
                Function 07460D50 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 961 7460d50-7460d9b 963 7460d9d-7460da9 961->963 964 7460dab-7460ddb Wow64SetThreadContext 961->964 963->964 966 7460de4-7460e14 964->966 967 7460ddd-7460de3 964->967 967->966
                APIs
                • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 07460DCE
                Memory Dump Source
                • Source File: 00000000.00000002.2181733273.0000000007460000.00000040.00000800.00020000.00000000.sdmp, Offset: 07460000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7460000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID: ContextThreadWow64
                • String ID:
                • API String ID: 983334009-0
                • Opcode ID: 386638e6395caf2888531cf5b0725dc3d9b23511062dd65c00d3fce1ecb4df49
                • Instruction ID: 59bfa868767a2b9f2ba81bf1221b98e79a2a985e815a681d2ed8385d3fa3693d
                • Opcode Fuzzy Hash: 386638e6395caf2888531cf5b0725dc3d9b23511062dd65c00d3fce1ecb4df49
                • Instruction Fuzzy Hash: 762135B19003098FDB10DFAAC485BEEBBF4AF88320F14842AD559A7240C778A944CFA5
                Function 07460FD5 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 979 7460fd5-7461065 ReadProcessMemory 983 7461067-746106d 979->983 984 746106e-746109e 979->984 983->984
                APIs
                • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 07461058
                Memory Dump Source
                • Source File: 00000000.00000002.2181733273.0000000007460000.00000040.00000800.00020000.00000000.sdmp, Offset: 07460000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7460000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID: MemoryProcessRead
                • String ID:
                • API String ID: 1726664587-0
                • Opcode ID: 768dd8ce7d9d93ff2255fb850bf94737c7d578d5f75aba74f8c4a58e2b07811d
                • Instruction ID: 8bb92893c8dfb8ab7380952fbea4d912c708d979a2aeedd12adf9b15ed339d37
                • Opcode Fuzzy Hash: 768dd8ce7d9d93ff2255fb850bf94737c7d578d5f75aba74f8c4a58e2b07811d
                • Instruction Fuzzy Hash: CF2128B1D00349DFDB10DFAAC980AEEBBF5FF48310F14842AE559A7250C7799900CBA5
                Function 07460E21 Relevance: 1.6, APIs: 1, Instructions: 58memoryCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 988 7460e21-7460ea3 VirtualAllocEx 992 7460ea5-7460eab 988->992 993 7460eac-7460ed1 988->993 992->993
                APIs
                • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 07460E96
                Memory Dump Source
                • Source File: 00000000.00000002.2181733273.0000000007460000.00000040.00000800.00020000.00000000.sdmp, Offset: 07460000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7460000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID: AllocVirtual
                • String ID:
                • API String ID: 4275171209-0
                • Opcode ID: 7523aeab8fc7fbf9a5d13f9a233fc7ea08f57e3060d4f707b2839134d621e6f2
                • Instruction ID: 408d02bbe3d9a4d0c898b33742db2cbc35c6b4febde56b024b3363226c326f32
                • Opcode Fuzzy Hash: 7523aeab8fc7fbf9a5d13f9a233fc7ea08f57e3060d4f707b2839134d621e6f2
                • Instruction Fuzzy Hash: EA1167B690024E9FDB10DFAAC845AEFBBF5AF88320F14881AE515A7210C7799540CBA1
                Function 07460E28 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 1006 7460e28-7460ea3 VirtualAllocEx 1009 7460ea5-7460eab 1006->1009 1010 7460eac-7460ed1 1006->1010 1009->1010
                APIs
                • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 07460E96
                Memory Dump Source
                • Source File: 00000000.00000002.2181733273.0000000007460000.00000040.00000800.00020000.00000000.sdmp, Offset: 07460000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7460000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID: AllocVirtual
                • String ID:
                • API String ID: 4275171209-0
                • Opcode ID: f2ec10d1cf5464962c4f1231089e0dde5b2bdaf4b69aac7604313adf61a23b00
                • Instruction ID: 8320cc188041f48fd6cda31400975b2f594489392aa2db7521c60ae5de42f5f8
                • Opcode Fuzzy Hash: f2ec10d1cf5464962c4f1231089e0dde5b2bdaf4b69aac7604313adf61a23b00
                • Instruction Fuzzy Hash: 881156B690024D9FDB10DFAAC844BDFBBF5AF88310F10881AE519A7250C7799900CBA1
                Function 07460C98 Relevance: 1.6, APIs: 1, Instructions: 53threadCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 997 7460c98-7460d0f ResumeThread 1001 7460d11-7460d17 997->1001 1002 7460d18-7460d3d 997->1002 1001->1002
                APIs
                Memory Dump Source
                • Source File: 00000000.00000002.2181733273.0000000007460000.00000040.00000800.00020000.00000000.sdmp, Offset: 07460000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7460000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID: ResumeThread
                • String ID:
                • API String ID: 947044025-0
                • Opcode ID: cafc5ebf09d23209eacaa4eff734586e618f7fb7bb6a3fc23fe4b88e4987a385
                • Instruction ID: f435c51518413d0092459f7191c0660b0edc7d8fbf7ac98015965005edf2ae8e
                • Opcode Fuzzy Hash: cafc5ebf09d23209eacaa4eff734586e618f7fb7bb6a3fc23fe4b88e4987a385
                • Instruction Fuzzy Hash: 5A116DB1D003498FDB10DFAAD845BEFFBF4AF88310F24841AD519A7250C779A940CBA5
                Function 07460CA0 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 1014 7460ca0-7460d0f ResumeThread 1017 7460d11-7460d17 1014->1017 1018 7460d18-7460d3d 1014->1018 1017->1018
                APIs
                Memory Dump Source
                • Source File: 00000000.00000002.2181733273.0000000007460000.00000040.00000800.00020000.00000000.sdmp, Offset: 07460000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7460000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID: ResumeThread
                • String ID:
                • API String ID: 947044025-0
                • Opcode ID: e4cfb1f1ca88400b3658c07aad3b89be6dc22ca8e936e38e1bbeb327076a2d6a
                • Instruction ID: 140705eca8c140d24e0b0757be9fb8ba554b53f8160a6585e8335c5999baa3a2
                • Opcode Fuzzy Hash: e4cfb1f1ca88400b3658c07aad3b89be6dc22ca8e936e38e1bbeb327076a2d6a
                • Instruction Fuzzy Hash: 4C113AB1D003498FDB10DFAAD445BDFFBF4AF88710F24841AD519A7250C779A944CBA5
                Function 07464DC8 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                Download Yara Rule
                APIs
                • PostMessageW.USER32(?,00000010,00000000,?), ref: 074654AD
                Memory Dump Source
                • Source File: 00000000.00000002.2181733273.0000000007460000.00000040.00000800.00020000.00000000.sdmp, Offset: 07460000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7460000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID: MessagePost
                • String ID:
                • API String ID: 410705778-0
                • Opcode ID: 9507b3e7ad5bb6945247442834171cfc366ba882318d1f4aac5ae6d8c4628f38
                • Instruction ID: 73b15b839f75da85c6fb38f533dbd1b0daae67d77ba13d23dcd37976a5ac67c8
                • Opcode Fuzzy Hash: 9507b3e7ad5bb6945247442834171cfc366ba882318d1f4aac5ae6d8c4628f38
                • Instruction Fuzzy Hash: C311E0B58003499FDB10DF9AD948BDEFBF8EB48324F20845AE958A7210C375A954CFA5
                Function 06E32640 Relevance: .4, Instructions: 377COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2171383565.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6e30000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 54aa7bdb7c3fbf08c2d4d257da3b8bf42178709f8c7791b070b561f3939533c7
                • Instruction ID: a0593b12b1c61a63e654f45b531989fe69ca02b515e30a463adf3729510e8538
                • Opcode Fuzzy Hash: 54aa7bdb7c3fbf08c2d4d257da3b8bf42178709f8c7791b070b561f3939533c7
                • Instruction Fuzzy Hash: 58D1A534F00359CFEB949B78C85867E7BB6BF89600F505069C786DB3A5DE208E42CB65
                Function 06E31910 Relevance: .3, Instructions: 282COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2171383565.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6e30000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: caa8022227ce65d7703b90bc582262615857835de9fd9d022ad4ed6e75dd3e94
                • Instruction ID: eb4e7c5ae1b87da9888ccf32c171d79793029770102be96db79a233deca4d5e5
                • Opcode Fuzzy Hash: caa8022227ce65d7703b90bc582262615857835de9fd9d022ad4ed6e75dd3e94
                • Instruction Fuzzy Hash: 2891A734F04329CFEB949A39845C6BA36E66FC574571560ADC547CF3A9EE20CC02CB66
                Function 06E3A3A0 Relevance: .2, Instructions: 219COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2171383565.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6e30000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2c5b88fba34c6b2395836c3bc2d05fd95008cdb4ded55af943c93251a016771a
                • Instruction ID: 6b9e8d40cf25dfe40c25c0dd9e54a926d3a9e93569aee6149d8d7fa7e599015f
                • Opcode Fuzzy Hash: 2c5b88fba34c6b2395836c3bc2d05fd95008cdb4ded55af943c93251a016771a
                • Instruction Fuzzy Hash: 2A81F3387106108FCB44EF28D598D697BF6BF89B05B1591A9E902CB376DB72EC41CB80
                Function 06E3B980 Relevance: .2, Instructions: 214COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2171383565.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6e30000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 36f83d3b16c1c776cb9021cc281d82939b5349ac67260b383122bb150e37c3bf
                • Instruction ID: 255aa12e5e8b8a0dff3a15062f04d98cb6ace32ae6593cbea4c9db74610c83ed
                • Opcode Fuzzy Hash: 36f83d3b16c1c776cb9021cc281d82939b5349ac67260b383122bb150e37c3bf
                • Instruction Fuzzy Hash: 87816C70E003199FDB54DFA9D894AEEBBF6BF88300F14852AE405EB350DB349905CBA1
                Function 06FF3678 Relevance: .2, Instructions: 203COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2177085424.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6ff0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: cf5ba3593451cce03503544d43ba7c81c196067c972609b697a428a853ba82ba
                • Instruction ID: 1846de804ae4a26a39977577bb0fdd9c1fd987bb4d9531a4d4a23a055ec195c9
                • Opcode Fuzzy Hash: cf5ba3593451cce03503544d43ba7c81c196067c972609b697a428a853ba82ba
                • Instruction Fuzzy Hash: F1813674600605CFD745EF78D894AAABBE6FF89300B1089ACE51ACB361DF30AD45CB91
                Function 06FF3688 Relevance: .2, Instructions: 198COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2177085424.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6ff0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7e672c7f5743edef16d2734e5238ecb48523f3b014b675cc9aa2496214d93fbe
                • Instruction ID: bcb277afbbc39b9b9d277e013fdb7ecb4d8d87a2027ffc8fba431c4fccd37d01
                • Opcode Fuzzy Hash: 7e672c7f5743edef16d2734e5238ecb48523f3b014b675cc9aa2496214d93fbe
                • Instruction Fuzzy Hash: D8812574600605CFD745EF78D894AAABBE6FF89300B1089ACE51ACB361DF31AD45CB91
                Function 06E39EB8 Relevance: .2, Instructions: 198COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2171383565.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6e30000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 878cc0989756b5fb853392434bf9590563108486a07bf3aae76a58729661eddb
                • Instruction ID: 8cb9361f34c4bef81de2a8360ccf07b7e230800b3edcac0d51d9fa511abfca23
                • Opcode Fuzzy Hash: 878cc0989756b5fb853392434bf9590563108486a07bf3aae76a58729661eddb
                • Instruction Fuzzy Hash: 5A715C34B002188FDB54EBA9C4589AD77F6EF89315B2044A9D806EB3A1DB36EC41CF61
                Function 06E3A268 Relevance: .2, Instructions: 186COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2171383565.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6e30000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8da37d0def0843a062bfa15c93cc9e06c577e2ecbb711a2ca855dbe4a2391339
                • Instruction ID: b32ef3bc76f25409d7653a5fea25597b6ded6d512c885d98ddffc22b0a37260a
                • Opcode Fuzzy Hash: 8da37d0def0843a062bfa15c93cc9e06c577e2ecbb711a2ca855dbe4a2391339
                • Instruction Fuzzy Hash: A151CC307006208FCB58EB7DD85896EBBE6EF8961471545ADE906CB361EF32DC02CB90
                Function 06E3B0B4 Relevance: .2, Instructions: 179COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2171383565.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6e30000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 83b33615852cd2c857135f1245578f4915610bfd61bee198338365fe533b90b8
                • Instruction ID: e3367ee3a81832025d8326f3cae82e4bb03b833fa54ffa37ce1002450f54c579
                • Opcode Fuzzy Hash: 83b33615852cd2c857135f1245578f4915610bfd61bee198338365fe533b90b8
                • Instruction Fuzzy Hash: 8051F430E11328DFCB54DFB0E8585AEBBB6EF85705F20859AE452B7351DB309915CB50
                Function 06FFAC40 Relevance: .2, Instructions: 177COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2177085424.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6ff0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4bfdedb9a49a1d3a31767d36946e1575c0f901c6472b4637c04f66d6faa85ea5
                • Instruction ID: 1e8c13f64776d39366605855b897fe794f977d7ba9ff595654c7aabb7e536557
                • Opcode Fuzzy Hash: 4bfdedb9a49a1d3a31767d36946e1575c0f901c6472b4637c04f66d6faa85ea5
                • Instruction Fuzzy Hash: E061E575E14208CFDB44CFAAD884AEDFBB6BF89300F109029D919AB365DB305945CF90
                Function 06E3CF1C Relevance: .2, Instructions: 176COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2171383565.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6e30000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e00b71cb871a8cae98c96ea08fabac9da7ca8b37233611b4ae8e0837dd7d0c54
                • Instruction ID: c9eab40fd124ee32c8e2e4d67489ca7bfdd3f58379bca1dd547692a024a306d8
                • Opcode Fuzzy Hash: e00b71cb871a8cae98c96ea08fabac9da7ca8b37233611b4ae8e0837dd7d0c54
                • Instruction Fuzzy Hash: 56515430E04218DFEB219FA5D9985ADFFB2FF88300F218559D441BB295CB7198A2CF81
                Function 06FF512C Relevance: .2, Instructions: 172COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2177085424.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6ff0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 046ac32804750a02ac915dc14ede48fbe4cd0f472503c6afc674b5c45c245909
                • Instruction ID: ec965aa73c3de2d24d53f95cc24f44526abd7f71ad1e7f2d738f87c5d19c47a5
                • Opcode Fuzzy Hash: 046ac32804750a02ac915dc14ede48fbe4cd0f472503c6afc674b5c45c245909
                • Instruction Fuzzy Hash: B761C075E25229CFDBA0CFA8C884AEDBBF5BF19304F20A159E519E7261D770A941CF40
                Function 06E30040 Relevance: .2, Instructions: 168COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2171383565.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6e30000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9dbcf3e344c1887aec9441eb798d35245fb4cf34f9357f71168f3cba82ed57e1
                • Instruction ID: 25a13b1d6429ec9605638239d6d0fb3c51c504e9c550d17c727e52d5092b6124
                • Opcode Fuzzy Hash: 9dbcf3e344c1887aec9441eb798d35245fb4cf34f9357f71168f3cba82ed57e1
                • Instruction Fuzzy Hash: 45719D74A11218AFCB54DFA8D888DAEBBB6FF48724B114498F901AB361D731E881CB50
                Function 06FF6C38 Relevance: .2, Instructions: 167COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2177085424.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6ff0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ffd17bdff4526d4396fab5a09e74bf45f63f4b01369bae9f43a3ae5687339076
                • Instruction ID: 18d771e24ee7456346839750bb5b0cbc8a51af5d227eb14a41706cc033c32368
                • Opcode Fuzzy Hash: ffd17bdff4526d4396fab5a09e74bf45f63f4b01369bae9f43a3ae5687339076
                • Instruction Fuzzy Hash: F5611835E10609DFCB54DFA9C894A9DBBB2FF88310F208159E509EB361DB71AD81CB50
                Function 06E3F488 Relevance: .2, Instructions: 166COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2171383565.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6e30000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4032b9acb2f241920910a4c23570e82b611faa5940432f463ca97900c1df423d
                • Instruction ID: aa4e060afc47ce365d8f9e67d131d5de4c4f05a447d22354a216a68693065f66
                • Opcode Fuzzy Hash: 4032b9acb2f241920910a4c23570e82b611faa5940432f463ca97900c1df423d
                • Instruction Fuzzy Hash: D951AE31E003299FDBA5DFA9D8486AEB7F6EF88304F10552AC109E7240DB359945CB92
                Function 06E3B328 Relevance: .2, Instructions: 158COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2171383565.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6e30000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f2f7a3dfd657fd2bd06c723a9855ecb4ffb7f1bca49d5ce8e0cf1ccf601c9a61
                • Instruction ID: 0904ba4afb435a0c32ff225d7895d54f15534cdf8f8a901ae2da70cb372d0235
                • Opcode Fuzzy Hash: f2f7a3dfd657fd2bd06c723a9855ecb4ffb7f1bca49d5ce8e0cf1ccf601c9a61
                • Instruction Fuzzy Hash: AC514275E083548FCB14CBB9D8486AABFF5EF85610F24846AE445E7780D738D805CBA1
                Function 06FF6C28 Relevance: .2, Instructions: 155COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2177085424.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6ff0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6e9adbaf58cb1e8389cbc933fc10b1dc1576441e2c6fb2a2fb8ce9ef2cbcb0ea
                • Instruction ID: 52812b33ba1d2c89276ae5720761e9b5463a4286403d4f7727b6971e5806248c
                • Opcode Fuzzy Hash: 6e9adbaf58cb1e8389cbc933fc10b1dc1576441e2c6fb2a2fb8ce9ef2cbcb0ea
                • Instruction Fuzzy Hash: 3B611675E10609DFDB54DFA8C894A9DBBF2FF88310F208159E509AB364DB71AD81CB80
                Function 06E36D60 Relevance: .2, Instructions: 154COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2171383565.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6e30000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9ba9753e936445e4eb2313c5a6caa4b8655d343e8d675d9e927419a64edc1b95
                • Instruction ID: 7057710feb63e2da4b896ec32bfa1b84656bb89d015d722609d0e7cb8e11fed7
                • Opcode Fuzzy Hash: 9ba9753e936445e4eb2313c5a6caa4b8655d343e8d675d9e927419a64edc1b95
                • Instruction Fuzzy Hash: 7261C775A01218EFDB44DFA5D998BADBBF2BF48304F209058E915AB3A1DB319D41CF60
                Function 06FF5F64 Relevance: .2, Instructions: 153COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2177085424.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6ff0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: fc3fc001f1c971093e4987bf4eeeafe22eff45da59fb97bcbb7715865a24b862
                • Instruction ID: 54026944882f13571667a3ca7b9d2afef81a0565254863947cb8cbc0649b8e4a
                • Opcode Fuzzy Hash: fc3fc001f1c971093e4987bf4eeeafe22eff45da59fb97bcbb7715865a24b862
                • Instruction Fuzzy Hash: D451CF31B102058FCB41DB79DC589AEBBF6FFC9220B148969E119D73A1EF309D058750
                Function 06E30007 Relevance: .2, Instructions: 151COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2171383565.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6e30000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ebec9fcb50cb835a58a9db3ec3b407e4d9b44ac0f7649b6252a2604e057e1421
                • Instruction ID: a95f08712429c06b7103f2d707b2929e90953e20d90a823db5934b1dfc03a31f
                • Opcode Fuzzy Hash: ebec9fcb50cb835a58a9db3ec3b407e4d9b44ac0f7649b6252a2604e057e1421
                • Instruction Fuzzy Hash: E551F478A01254EFCB55CFA8D898D9A7BB1FF49724B1104A9F9029B362D731EC82CF50
                Function 06E36D70 Relevance: .1, Instructions: 146COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2171383565.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6e30000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ed3a245640a1e473d1035851104574bc7c12f7a473e1b68b79f4ebba12fd3ac4
                • Instruction ID: 051ef6ef579e0872225c6c692dc8ce617bee7c4a2c45464de9acfc1afee531ff
                • Opcode Fuzzy Hash: ed3a245640a1e473d1035851104574bc7c12f7a473e1b68b79f4ebba12fd3ac4
                • Instruction Fuzzy Hash: 7861CA75A01218EFDB44DFA5D998BADBBF2BF48304F209058E915A7360DB319D41CF60
                Function 06E30B20 Relevance: .1, Instructions: 127COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2171383565.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6e30000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5a92159766a3671f972d5e9a8b8ee0eccbd02b8499390d0350e9760e681b57e5
                • Instruction ID: 9baed73591e223bc38038f95f21623083d50842719d6485df8b00a9a2b603b1d
                • Opcode Fuzzy Hash: 5a92159766a3671f972d5e9a8b8ee0eccbd02b8499390d0350e9760e681b57e5
                • Instruction Fuzzy Hash: A5413C30B142689FDB94DF69D898EADBBF6BF49708F1550A9E501EB361CB71D800CB50
                Function 06E3A7C8 Relevance: .1, Instructions: 124COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2171383565.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6e30000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: afa18dd57e40b9560767701216fd69bf156ac9e2c38721fc8cf11fc714b95749
                • Instruction ID: df35aaffa5581709282de745e7ae86d6535a28b85a7220e207b847c28dc7eda3
                • Opcode Fuzzy Hash: afa18dd57e40b9560767701216fd69bf156ac9e2c38721fc8cf11fc714b95749
                • Instruction Fuzzy Hash: 9E419D70E00369CFEB94EB69D45C3EDBAB2EF88214F146839C506B7391DB758981CB91
                Function 06FF4561 Relevance: .1, Instructions: 122COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2177085424.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6ff0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a1ad587372dc71589871b5f5af922f12ef35ae7ecfb785222c5e295999e3ae9e
                • Instruction ID: 6ec91a551654e77d5f366b0633daebfb10312d4edb71cc993c201ae37d7155f4
                • Opcode Fuzzy Hash: a1ad587372dc71589871b5f5af922f12ef35ae7ecfb785222c5e295999e3ae9e
                • Instruction Fuzzy Hash: B7417B71D28619CFE784CF69C4848BABBF9BF4E300B459890E1299F233CB319815CB40
                Function 06FF786B Relevance: .1, Instructions: 122COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2177085424.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6ff0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 61329b4f8b586ab906f2cdc1754035ab570ab19567f72451a41f30c3c723acdf
                • Instruction ID: 0174f0ecc68f1e27a4a6fb807af18011511b82ae70a637db7b7f7afb475d4103
                • Opcode Fuzzy Hash: 61329b4f8b586ab906f2cdc1754035ab570ab19567f72451a41f30c3c723acdf
                • Instruction Fuzzy Hash: 1F4122B2E143459FDB51DFA8DC40AEEBFF1EF88210F24445AD514E7262C7349A05CBA1
                Function 06FF47C0 Relevance: .1, Instructions: 121COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2177085424.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6ff0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 303a7f52118e956e42b261e029a03db928e689e31e0ff3b77539f4c7af4be3b7
                • Instruction ID: 81ceb7f333b3d12b620d1c8fce33ed815e6ce67a2f1ed00b336444b6f78f098c
                • Opcode Fuzzy Hash: 303a7f52118e956e42b261e029a03db928e689e31e0ff3b77539f4c7af4be3b7
                • Instruction Fuzzy Hash: 16411A75E292499FDB40CFA8D840AEEBBF9FF49310F005525EA05E7262D6309940CF90
                Function 06FF3B2C Relevance: .1, Instructions: 121COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2177085424.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6ff0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: acee046d665fb11cf77467014ce7b1b7d90e896ce05f1eda35a98e6127237620
                • Instruction ID: e5924bc5479f64bbded376c536b77f1ae022b2601f1214422e40f56bf15a997d
                • Opcode Fuzzy Hash: acee046d665fb11cf77467014ce7b1b7d90e896ce05f1eda35a98e6127237620
                • Instruction Fuzzy Hash: 6A418430B10208CFEB549B79D86576E7BE6EF88710F248469F606DB3A5CE309C01CB94
                Function 06E32991 Relevance: .1, Instructions: 121COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2171383565.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6e30000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8d01fac491575e930b4cdbfe625c65f58951e000c6d9abeaf466136071351cb9
                • Instruction ID: 6200012f04e02925e98b93e7a1452e88bdde3f3f643f5202fb0ab03f99760d80
                • Opcode Fuzzy Hash: 8d01fac491575e930b4cdbfe625c65f58951e000c6d9abeaf466136071351cb9
                • Instruction Fuzzy Hash: FF417F34D0034ACFDB45EBA4C895AEEBBB2AF89300F019165D604773A1DB346996CBA1
                Function 06FF4570 Relevance: .1, Instructions: 114COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2177085424.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6ff0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 033ec48625ad4651919a084e36373ee5d820eab1c3c3ffd2813748b1f1faaa95
                • Instruction ID: 73f4ce434f01664eee0990a59bee0128acfbe95b0838bd3fdf655b1cad0a4c03
                • Opcode Fuzzy Hash: 033ec48625ad4651919a084e36373ee5d820eab1c3c3ffd2813748b1f1faaa95
                • Instruction Fuzzy Hash: 12414B75D28519CFE784DF69D5849BABBF9BF8E300B459894E1299B236DB30D410CB40
                Function 06FF62BC Relevance: .1, Instructions: 111COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2177085424.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6ff0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 516b43e8341bcd6fbba107c11a380cdad72eab6eb6f913795b32b692a7da77fb
                • Instruction ID: aed8f785a658b39ff0fc8ae34d0ad59c76331d62aca3bcd368bed4fc48dbecfc
                • Opcode Fuzzy Hash: 516b43e8341bcd6fbba107c11a380cdad72eab6eb6f913795b32b692a7da77fb
                • Instruction Fuzzy Hash: EE41AB72E143499FCF50DFA9E884ADEBFF5EF49310F14846AE609A7211D735A804CBA0
                Function 06FF620C Relevance: .1, Instructions: 110COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2177085424.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6ff0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d0dcaed55dd3f9a1ae69dd1222ccef99a560c2fe656463bcb25905981ba56c30
                • Instruction ID: 3878dbd500cb0bb10678ecdc94b0b29ac28c4efd313bcc6ba3e97b7fd60b61f7
                • Opcode Fuzzy Hash: d0dcaed55dd3f9a1ae69dd1222ccef99a560c2fe656463bcb25905981ba56c30
                • Instruction Fuzzy Hash: CC416771D1074A8BCB50DFAAC8446EEFBF4EF89310F10851AE559B3600EB74A584CBA1
                Function 06E3F5F8 Relevance: .1, Instructions: 108COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2171383565.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6e30000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0d4f8bfdb3e5c1014f06a9017604460dab16ddf15cbec3e57d3da67118332570
                • Instruction ID: e38b2b2ac562621d8ef2d2879ecfc41b5adc485fea87b1737c3bad4babcf8ab0
                • Opcode Fuzzy Hash: 0d4f8bfdb3e5c1014f06a9017604460dab16ddf15cbec3e57d3da67118332570
                • Instruction Fuzzy Hash: 7B413371E04218DBDB659FA5D9989ADFFB6FF88304F218158D4417B255CB3188A2CF40
                Function 06E3AC28 Relevance: .1, Instructions: 105COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2171383565.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6e30000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8a501bde92d08c130f96dd4736ab2d95c91f855fa96762bb019748f85aa7b63a
                • Instruction ID: 964c8685b0c713fd5742f5e46492748e094e909742ddca19a163bb0237498276
                • Opcode Fuzzy Hash: 8a501bde92d08c130f96dd4736ab2d95c91f855fa96762bb019748f85aa7b63a
                • Instruction Fuzzy Hash: 7E31E335E00249AFDB089FA4E8649DEBBB6EFC9314F148529E402AB354DF35A845DB90
                Function 06E3DD50 Relevance: .1, Instructions: 99COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2171383565.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6e30000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e5ab4d542fe97f997dbc4c0ad0238265056f97abae15a94bdd7efb2f5356afcc
                • Instruction ID: 33b6d238f3ff40cbd8026dc4580346d3d70795c3429154fd14bdece79f6128d8
                • Opcode Fuzzy Hash: e5ab4d542fe97f997dbc4c0ad0238265056f97abae15a94bdd7efb2f5356afcc
                • Instruction Fuzzy Hash: 6631CF70B042449FDB88EBB8D8647AE3BB6AFC5310F108269D0159B395CE344D02C7A6
                Function 06FF7D31 Relevance: .1, Instructions: 97COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2177085424.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6ff0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c9e0794664014eaa7bc7ce256e88a649ccd0618ba88c20871b66a1fb84201ad9
                • Instruction ID: 7a03ec384b046e55d69897280bc7bec2089bff44797dc6f307e1d4b23529c90c
                • Opcode Fuzzy Hash: c9e0794664014eaa7bc7ce256e88a649ccd0618ba88c20871b66a1fb84201ad9
                • Instruction Fuzzy Hash: CD31A432E14215CFEB94ABA0AD416FEF7B3AF88300F50442AD712A6265D6314901CBD1
                Function 06E3B014 Relevance: .1, Instructions: 95COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2171383565.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6e30000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5ab9bb79c3ab7ca1f7dd3032b6e05afba88653b56b265457f46e2b7da9693ba6
                • Instruction ID: f11e1cd1e136b6b289488a441df0f0acfdd65c24c962414a2b261c1fccf1df6d
                • Opcode Fuzzy Hash: 5ab9bb79c3ab7ca1f7dd3032b6e05afba88653b56b265457f46e2b7da9693ba6
                • Instruction Fuzzy Hash: E141ADB0D007599FDB14CF9AD888A9EFBB5BF88710F20812AE419AB214DB746845CF91
                Function 06E3EB38 Relevance: .1, Instructions: 92COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2171383565.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6e30000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2ed80d80242486db74d156258887c506acf220d29aa93116374ab45fa2896982
                • Instruction ID: 40e1c2e45bad08ae8784e5923e07b2666601a32ea8ffe613b29d1332eee15d84
                • Opcode Fuzzy Hash: 2ed80d80242486db74d156258887c506acf220d29aa93116374ab45fa2896982
                • Instruction Fuzzy Hash: 17315C31A102588FCB55DFA8C949AEDBBF1EF49304F2541AAD505EB261DB35DE00CF60
                Function 06FF46B0 Relevance: .1, Instructions: 90COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2177085424.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6ff0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d153d116956c711b7276f108362c05eecef96e20b9a232a1f7250d44e9c79ae2
                • Instruction ID: 6a5d92b8caa663d7d37dc5268c87a03b3cb831a6ffd642029b815babf65923b4
                • Opcode Fuzzy Hash: d153d116956c711b7276f108362c05eecef96e20b9a232a1f7250d44e9c79ae2
                • Instruction Fuzzy Hash: A3310B75D2420ACFDB90CFA9D5849BFBBF8AF0A300B515490E509E7226EB30D920CB51
                Function 06FF7D40 Relevance: .1, Instructions: 90COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2177085424.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6ff0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7025d716f7da1a3d6cf2f972c1f5d3e94d8a57b047002ed9f8036b93a43428cf
                • Instruction ID: 83ff71f3a986fa55a9a84ff1e792b23ca8419b1b9295cde80a9d708b648cddd4
                • Opcode Fuzzy Hash: 7025d716f7da1a3d6cf2f972c1f5d3e94d8a57b047002ed9f8036b93a43428cf
                • Instruction Fuzzy Hash: 0B217532E14215DFEBD4AFA5AC40AFFF6B7AF88310F50442AD716A6254DA714D01CBD1
                Function 06E3A7BE Relevance: .1, Instructions: 88COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2171383565.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6e30000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0a92778df0f136910cb0dc7ce1cf368ed3a334791eaf53823ced5e1924944bce
                • Instruction ID: 520d96aa87568681a8bf54caea5fe4ba04e220976f6aa81425481807beb16274
                • Opcode Fuzzy Hash: 0a92778df0f136910cb0dc7ce1cf368ed3a334791eaf53823ced5e1924944bce
                • Instruction Fuzzy Hash: 4B31AF70E00365CFEB98EB79D45C3EDB6B2DF88214F10A839C505A7291EB758982CBD1
                Function 06E30BA6 Relevance: .1, Instructions: 88COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2171383565.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6e30000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4633fbaba3c2f21c85f9d1238d56cbf99677007c0b850fdd8da53cbc87fa19da
                • Instruction ID: 342220468461c7339274cab0adaa839c29012856001eeeb1c12809111d57ea80
                • Opcode Fuzzy Hash: 4633fbaba3c2f21c85f9d1238d56cbf99677007c0b850fdd8da53cbc87fa19da
                • Instruction Fuzzy Hash: BF312534B202248FDB90DF69C888AAD7BF6BF49709F5510A9E501EB7A1CB71DC04CB60
                Function 06E376A8 Relevance: .1, Instructions: 86COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2171383565.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6e30000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f67a0dbce73f5850d041ae5605e5583e5d4e3c4a56af17175d96483301c51440
                • Instruction ID: 70082b24005c5c8702b84d0310185fec1c274a24ec2c8cef79c7d0e7c7bf4db3
                • Opcode Fuzzy Hash: f67a0dbce73f5850d041ae5605e5583e5d4e3c4a56af17175d96483301c51440
                • Instruction Fuzzy Hash: F5219075B106248FDF48EB2DD45896E37EAEF8866571540AAE505CB3B0EE31DC01CB94
                Function 06FFACAF Relevance: .1, Instructions: 83COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2177085424.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6ff0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7bed7c626af80f22d7c98dccfd4fe9532e709add2e5edcecf3e2eb544daba32d
                • Instruction ID: 7c47599887915d77e3f9e54d2718cad8dfb0495b39ba0e6561bc1469291ed615
                • Opcode Fuzzy Hash: 7bed7c626af80f22d7c98dccfd4fe9532e709add2e5edcecf3e2eb544daba32d
                • Instruction Fuzzy Hash: 7331C275E05209CFDB44CFE4D9859EDBBB6FF89301F209029EA09AB365C731A905CB50
                Function 06E3CEDC Relevance: .1, Instructions: 82COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2171383565.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6e30000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ee865caf7e3d66e7cab8c8057cf23d8b5871608872574e719ecb02ad81e20a32
                • Instruction ID: b0a5ececbed9adbdb318b7a55cecc7762b2e27d3ec57100f96a7d52944ab8f3d
                • Opcode Fuzzy Hash: ee865caf7e3d66e7cab8c8057cf23d8b5871608872574e719ecb02ad81e20a32
                • Instruction Fuzzy Hash: CA2127B1E00326CBDB516B64E88C1FABBB0EF41310F606569D44AB7246EB31D818CBD0
                Function 06E32510 Relevance: .1, Instructions: 81COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2171383565.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6e30000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b9949875abe95026a0b24de940e4aa55555a38a1e5a3258e3318d3be63a59d00
                • Instruction ID: d673add56a58de8335f7832067c0da3b0532c388d9c4263367a6b5f5171f2b12
                • Opcode Fuzzy Hash: b9949875abe95026a0b24de940e4aa55555a38a1e5a3258e3318d3be63a59d00
                • Instruction Fuzzy Hash: 81315034E00248AFDB09DB98E494BEEFBB5EF48300F0480AAE955B7360DF706845CB50
                Function 06E34241 Relevance: .1, Instructions: 79COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2171383565.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6e30000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0adcb0dbd71863a1d0485b51a9eaac3398050c4e812a80b33f15aafe29428219
                • Instruction ID: 8b4349d317b363d5e399885cba8427955a0a6c8a45ab659cc9c9b03d3fdcaf9d
                • Opcode Fuzzy Hash: 0adcb0dbd71863a1d0485b51a9eaac3398050c4e812a80b33f15aafe29428219
                • Instruction Fuzzy Hash: 5F31A035E01248AFCB09DBA4E894FEDFBB1AF58300F0480AAE855B7361DF706945CB91
                Function 06E3B96C Relevance: .1, Instructions: 76COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2171383565.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6e30000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: fc6246155fc0a456abed7ac6bd914c4167a4bfe51028effb9bb0e49193935be3
                • Instruction ID: ec8754626b2a33370115ffb74065c9f340211f12bb7e0a2cfe19a43ea8934d40
                • Opcode Fuzzy Hash: fc6246155fc0a456abed7ac6bd914c4167a4bfe51028effb9bb0e49193935be3
                • Instruction Fuzzy Hash: 1521D175E0021A8FDF85DBA9D8505EEBBB7EF88200B14452AD506E7351EB309A01CBA1
                Function 00CCD53C Relevance: .1, Instructions: 75COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2160058570.0000000000CCD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CCD000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_ccd000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4a45111ad71f3baeed084322c8bf7117643d189e534cfe792a1794eb9b1ebe0c
                • Instruction ID: 1b139708c790894890b4284324972a70a1bbb3be34b603c1a1300bf6947d0fe0
                • Opcode Fuzzy Hash: 4a45111ad71f3baeed084322c8bf7117643d189e534cfe792a1794eb9b1ebe0c
                • Instruction Fuzzy Hash: E32137B2504204EFDB05DF14D9C0F26BF65FB98318F20857DE90A4B246C336D956CBA2
                Function 06E30AD1 Relevance: .1, Instructions: 74COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2171383565.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6e30000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e786e521668180522f92288ddcdb8dbbacedd25622e2b46fd9e9ec2149691e46
                • Instruction ID: acdd49592c55d02c10dea61e5625da2a6741a17bf4d9681423e5874bacc722da
                • Opcode Fuzzy Hash: e786e521668180522f92288ddcdb8dbbacedd25622e2b46fd9e9ec2149691e46
                • Instruction Fuzzy Hash: 8C21D27191E3D88FD796CB64CC549DABFB5AF0B304B1540D7E480EB3A2C6258905CB61
                Function 06FFAC3E Relevance: .1, Instructions: 73COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2177085424.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6ff0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 64318b320d59a004bc1153371f10d5094b58396b59a5c2cdd43dccca0bd73084
                • Instruction ID: be07bf76784543b5300fbfa0025a88fe86247f420966b1e464f6048500c6de42
                • Opcode Fuzzy Hash: 64318b320d59a004bc1153371f10d5094b58396b59a5c2cdd43dccca0bd73084
                • Instruction Fuzzy Hash: A321F5B4D10258CBDB58DFAAD8446EEFBF6AF88300F00C02AC519AB358EB741806CF50
                Function 00DED0EC Relevance: .1, Instructions: 72COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2160143647.0000000000DED000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DED000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_ded000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e15664172a8a945e051741079c7dd70c1803cc4657dfc40dd6658b1e84698f37
                • Instruction ID: e4d28384e9498eb20aea2f9941e023e5450f0b609ab5ea949a10c3639b6dff4c
                • Opcode Fuzzy Hash: e15664172a8a945e051741079c7dd70c1803cc4657dfc40dd6658b1e84698f37
                • Instruction Fuzzy Hash: 35214671504380EFDB04EF14D9C0B16BB66FB84314F24C5ADE8494B282CB36D806CAB1
                Function 00DED1D4 Relevance: .1, Instructions: 72COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2160143647.0000000000DED000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DED000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_ded000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3573cb7f92bef214c333ee8e97c77bc192e258d729df93f1f578c163b4ee4dcc
                • Instruction ID: 122d36b97756bb725d5ed702b4851317019a4f58c7a5b9fab60aaac4f60cdac2
                • Opcode Fuzzy Hash: 3573cb7f92bef214c333ee8e97c77bc192e258d729df93f1f578c163b4ee4dcc
                • Instruction Fuzzy Hash: 93214671504380EFDB04EF15D9C0B26BBA6FB84314F34C5ADEA494B282CB36D806CA75
                Function 06FF6617 Relevance: .1, Instructions: 67COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2177085424.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6ff0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e314307c8e19195fcc6170a894d9a76823d5fad62869ec77c70dbb1f12a6f3a6
                • Instruction ID: dd4ad3d92d54a3657637a1c94634bcfe8d1bc429ebda1e6eb739f990c99e8bc4
                • Opcode Fuzzy Hash: e314307c8e19195fcc6170a894d9a76823d5fad62869ec77c70dbb1f12a6f3a6
                • Instruction Fuzzy Hash: 2E31E0B1D11218DFDB20CFA9C588BCEBBF4AF08314F24845AE504BB250D7B95885CFA5
                Function 06FF0428 Relevance: .1, Instructions: 67COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2177085424.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6ff0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c193a5f52512bbf0876839da76f7c3dd21731a81d64c7ef865f0eb7adaea2f39
                • Instruction ID: fe0f8e15edcfecdd1fa74b18403c94ddee92e09694c3535dec26fca2bb72de8e
                • Opcode Fuzzy Hash: c193a5f52512bbf0876839da76f7c3dd21731a81d64c7ef865f0eb7adaea2f39
                • Instruction Fuzzy Hash: 4D31F2B0D11218DFDB60CF99C588B8EBBF4AF49714F20806AE508BB350DBB59845CFA5
                Function 06E3CECC Relevance: .1, Instructions: 65COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2171383565.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6e30000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 437c0676be9f4a7929482cb2e83f50bf02ff6fc02233459188b9398cfdbae4e9
                • Instruction ID: 0a42317c2e9b9b1eca12176f63847dee67b0b6fc499783d06a19c25f16aecc09
                • Opcode Fuzzy Hash: 437c0676be9f4a7929482cb2e83f50bf02ff6fc02233459188b9398cfdbae4e9
                • Instruction Fuzzy Hash: E511C172F0022AEFDB916B95D94C1EDBFB0EB80354B7058A6C189B6284E2318534CBD5
                Function 06E30890 Relevance: .1, Instructions: 65COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2171383565.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6e30000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 695fa1afa8eb472e573ed65c2781e065e7c45cd8e218647d0eac49683d7c9bd2
                • Instruction ID: c1ccdbe9b5da1265a48251b297d947a9ca4bfe19a8892f020581567e2a766b49
                • Opcode Fuzzy Hash: 695fa1afa8eb472e573ed65c2781e065e7c45cd8e218647d0eac49683d7c9bd2
                • Instruction Fuzzy Hash: 56213E71E0020A9FCB45DFA9C9448EFFBF5FF88300B11865AE514E7215E7B4A956CB90
                Function 06FF5F55 Relevance: .1, Instructions: 63COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2177085424.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6ff0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c2ec07912468b8858d531739b2daf70d19c1b1ce4de010bf3474845ad3e2c30d
                • Instruction ID: f9034de323018146f3c9255f5f00f411f2ec862149db1352245f50597b321f9f
                • Opcode Fuzzy Hash: c2ec07912468b8858d531739b2daf70d19c1b1ce4de010bf3474845ad3e2c30d
                • Instruction Fuzzy Hash: C71127B5F102499F8B51EB799C5497FBBFAFFC5210714892DE525D3341EE3089018360
                Function 06FF3A40 Relevance: .1, Instructions: 63COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2177085424.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6ff0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8af40b16666104e28c0c37853673a44524d4c5ee25ffc2d1e5e931d3274447bf
                • Instruction ID: 7a902566ca3b3c9fd744e813591d52ce5fc2cf69fccdb55ef505222e430899c7
                • Opcode Fuzzy Hash: 8af40b16666104e28c0c37853673a44524d4c5ee25ffc2d1e5e931d3274447bf
                • Instruction Fuzzy Hash: 5421383AA54244DFEB80DF6AD498B697BF1EF48701F2540A9E206DB3B1DA709C41CBC1
                Function 06E308A0 Relevance: .1, Instructions: 59COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2171383565.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6e30000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e615d8c77811e7a7c8b89518fe5dbb2504b8cc1aa45bb321fd2bbeb8c855b67c
                • Instruction ID: fc68b3e990c00519f6ff8c55b47ca67ec97186f41396f9e90f076585c2070ad3
                • Opcode Fuzzy Hash: e615d8c77811e7a7c8b89518fe5dbb2504b8cc1aa45bb321fd2bbeb8c855b67c
                • Instruction Fuzzy Hash: 1021CC71E1021A9FCB44DFADC8448AFFBF9FF98310B10855AE518E7215E770A956CB90
                Function 06FF6460 Relevance: .1, Instructions: 58COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2177085424.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6ff0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5393a9662837294e8b494014c82dcba13623774303488d99332624317b209148
                • Instruction ID: f8577135fd07a968eeb5cced01a22008dfb406089bc1653019f43340b43e24ec
                • Opcode Fuzzy Hash: 5393a9662837294e8b494014c82dcba13623774303488d99332624317b209148
                • Instruction Fuzzy Hash: 3011A0B6E103465F8B51DB789C505BFBBFAFFC82607188929D525E7351EF3089018760
                Function 06FF6390 Relevance: .1, Instructions: 58COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2177085424.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6ff0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: aaf8e78b4b2c4569965f32cc6ae4fd6174e281acb08349bf5d3615dc2bbee169
                • Instruction ID: 33304294c84c2579f8067fa93e53c336a38f0205db6ae32041223479b32697be
                • Opcode Fuzzy Hash: aaf8e78b4b2c4569965f32cc6ae4fd6174e281acb08349bf5d3615dc2bbee169
                • Instruction Fuzzy Hash: 28115E31F1065A8BCB94EBB998515EEB7F6BF89311B100079C604E7348EF318E01CB91
                Function 06FFBA88 Relevance: .1, Instructions: 58COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2177085424.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6ff0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 268f6e31916f7078ef9afbbf8cfbe2247f73dd3a7b709e6008f801fa50089e4e
                • Instruction ID: b6a432ccc6f465ef8557eda043e5dbec30b5ed0fd100f6677d6722f4419c2806
                • Opcode Fuzzy Hash: 268f6e31916f7078ef9afbbf8cfbe2247f73dd3a7b709e6008f801fa50089e4e
                • Instruction Fuzzy Hash: 9121D6B1D006189BEB28CFA7D8557DEBBF6EF88300F14C06AD508A6264DB741945CFA0
                Function 06E30D58 Relevance: .1, Instructions: 57COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2171383565.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6e30000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 30c856b245263433fad3ae8b3efa1178e4dee9e4adead523d9f00176f04390af
                • Instruction ID: bcc50e6053bb21bbffd2e4331a2d5807464554a39468fc71e4b9fd0d7a175447
                • Opcode Fuzzy Hash: 30c856b245263433fad3ae8b3efa1178e4dee9e4adead523d9f00176f04390af
                • Instruction Fuzzy Hash: 12118B70D003968FD705EBA4C854BFEBBB1BF82304F0545AAD454AB3A1DB706948CB21
                Function 06FF62CC Relevance: .1, Instructions: 56COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2177085424.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6ff0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b8ca0a285963cae18ee054b65e9aaf7f9e452a933d748f7290afd8344588586e
                • Instruction ID: a021edb2d02faf5a6c6d60f1aec6536a57db50b2f37c5b143929c698a888eabc
                • Opcode Fuzzy Hash: b8ca0a285963cae18ee054b65e9aaf7f9e452a933d748f7290afd8344588586e
                • Instruction Fuzzy Hash: B321F2B6D042499FDB50DF9AD884ADEBBF4EB48310F108429E919A7210C375A954CFA5
                Function 00CCD537 Relevance: .1, Instructions: 56COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2160058570.0000000000CCD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CCD000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_ccd000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c4163f8a738b895e3a03195f577c6e99c6dcd9217d130c51c8e43b8f667961e3
                • Instruction ID: c74c712cad89127be1806dabedc488275aafeca68eae1eba1675a8609719b79a
                • Opcode Fuzzy Hash: c4163f8a738b895e3a03195f577c6e99c6dcd9217d130c51c8e43b8f667961e3
                • Instruction Fuzzy Hash: 2511E6B6504244CFCB06CF10D5C4B16BF72FB94314F24C5ADD80A4B656C33AD956CBA2
                Function 06FF83D0 Relevance: .1, Instructions: 55COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2177085424.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6ff0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 988c4abe75fd0fec726ab69d64b61e1094a3dfabcd7ee2fcb813ab097a1791e3
                • Instruction ID: 7ab4289ef6b6bedf5ec0921a36a193bd38035c6db72abe01ce95dba937234783
                • Opcode Fuzzy Hash: 988c4abe75fd0fec726ab69d64b61e1094a3dfabcd7ee2fcb813ab097a1791e3
                • Instruction Fuzzy Hash: 86113C31A68244CFE3998B29C855B263B79BF42784F5580D6E3278F6B2CA21DC06CB55
                Function 00DED1CF Relevance: .1, Instructions: 53COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2160143647.0000000000DED000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DED000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_ded000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 266c387f8ae13a1d97c860eeb2b613950a144f769af30e4a24cccb1e8c5eac3e
                • Instruction ID: 7f3e29a8207e5dcdbc920c1d03848a43bbb7e4bdcf841495f1c944f4bc10975f
                • Opcode Fuzzy Hash: 266c387f8ae13a1d97c860eeb2b613950a144f769af30e4a24cccb1e8c5eac3e
                • Instruction Fuzzy Hash: 0B11DD75904280DFCB05DF10D5C0B15FBB2FB84314F28C6ADD9494B296C33AD80ACB61
                Function 00DED0E7 Relevance: .1, Instructions: 53COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2160143647.0000000000DED000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DED000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_ded000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 266c387f8ae13a1d97c860eeb2b613950a144f769af30e4a24cccb1e8c5eac3e
                • Instruction ID: 2c15cdce8e79775ea530fb205efba612b0bd61131482e9f0b7be27fd4b8c5064
                • Opcode Fuzzy Hash: 266c387f8ae13a1d97c860eeb2b613950a144f769af30e4a24cccb1e8c5eac3e
                • Instruction Fuzzy Hash: A111DD75504380DFDB05DF10D9C4B15BBB2FB84314F28C6A9D8094B256C33AD80ACFA1
                Function 06E3B3B0 Relevance: .1, Instructions: 52COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2171383565.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6e30000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6820a0a76a2afa9a3a8fa064bb0754d65153f80047d10beb5502d77b52ed1103
                • Instruction ID: 5d74faeda2b86bf426a21d0c390d6939937aa87605b466aacaffd44c4b5f4b88
                • Opcode Fuzzy Hash: 6820a0a76a2afa9a3a8fa064bb0754d65153f80047d10beb5502d77b52ed1103
                • Instruction Fuzzy Hash: 0A1134B5900359CFDB20DF9AD984BDEBBF4EF48324F20841AD559A7200C335A544CFA9
                Function 06E3B30C Relevance: .1, Instructions: 52COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2171383565.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6e30000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 16465fb60dd309dea260ddc3bdda9e4ab3bc274bf26fc251301224278ecbbe0f
                • Instruction ID: 69254174f86e8f4dbef546096adba28d090bb23acfe45ed143a49ea51b2c214c
                • Opcode Fuzzy Hash: 16465fb60dd309dea260ddc3bdda9e4ab3bc274bf26fc251301224278ecbbe0f
                • Instruction Fuzzy Hash: 2C017631B093281FDB4596795C189AE3FA9CF85610B1488EAE41ADB341D9348C028394
                Function 06E3B31C Relevance: .1, Instructions: 51COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2171383565.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6e30000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ed10e4b27dd50faf026abaff29f12e6faa230e6fc91a025fa63d4cff0a7df14f
                • Instruction ID: 101b124fdd001106092789a8b490bb55cb75bdd3bf4aebcab08b531c435cd6f0
                • Opcode Fuzzy Hash: ed10e4b27dd50faf026abaff29f12e6faa230e6fc91a025fa63d4cff0a7df14f
                • Instruction Fuzzy Hash: 091123B5D047488FDB10DF9AD848A9EFBF4EB88210F10801AE819B7310D378A904CFA1
                Function 06E3B054 Relevance: .1, Instructions: 51COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2171383565.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6e30000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 424b9eba6620370b59409d9574183d1b5ce18a3739b884941253e1fb590a5848
                • Instruction ID: a701a32b709c02e997d6f77620feec5c204b32a4fce7521cd33bd31229666431
                • Opcode Fuzzy Hash: 424b9eba6620370b59409d9574183d1b5ce18a3739b884941253e1fb590a5848
                • Instruction Fuzzy Hash: 901104B5D047088FDB50DF9AD848A9EFBF4EB98314F10846AE559B7310D378A904CFA5
                Function 06E37F90 Relevance: .1, Instructions: 51COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2171383565.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6e30000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6e36cbe524ef5b36c6a5094cf17509169da4565d8a9dabb394ae8b86856da0e7
                • Instruction ID: aa9da7929a226cecdb269e8a4f88480245b09fb40a6c46675ad6ce86c979da4a
                • Opcode Fuzzy Hash: 6e36cbe524ef5b36c6a5094cf17509169da4565d8a9dabb394ae8b86856da0e7
                • Instruction Fuzzy Hash: FC11C23490928A9FDB16DBB8E85958C3F71EB42304B1441DAD441EF296DA311945CB42
                Function 06FFBA98 Relevance: .0, Instructions: 50COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2177085424.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6ff0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d1706bb264707df7222d365fbe5576cf65880f9ea3971ce8beefe4b229781b69
                • Instruction ID: 6146470459b796bc16fd55278c62600f31aa2db4d4b7d09deb839e7a4a53ff5e
                • Opcode Fuzzy Hash: d1706bb264707df7222d365fbe5576cf65880f9ea3971ce8beefe4b229781b69
                • Instruction Fuzzy Hash: 9611A2B1D006189BEB18CFABD8457DEFAF6AFC8304F14C06AD50876264DB75194ACFA0
                Function 06E3EC5F Relevance: .0, Instructions: 50COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2171383565.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6e30000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ccff30a97860f2be7eb1df829bd4c6918fda6c5708a1784f9da259c82d68f934
                • Instruction ID: 4220b6627a2539c99d73bf6758dd07209bb497563b55e05839b71f33997b4b65
                • Opcode Fuzzy Hash: ccff30a97860f2be7eb1df829bd4c6918fda6c5708a1784f9da259c82d68f934
                • Instruction Fuzzy Hash: B401F272E043A2AFD7922B64D9180ED7FB0EB81244724A863C04AFB290E1308515C7C1
                Function 06E3AD88 Relevance: .0, Instructions: 50COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2171383565.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6e30000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 10409ad8da48e4ab2919d0a05bd1f468207d46cefcc3d0ef72808188b56fa16d
                • Instruction ID: f476bc09c69e9d7bad3aebc3cbfaaead582d63419fe96789ac391fcf7a01d5f8
                • Opcode Fuzzy Hash: 10409ad8da48e4ab2919d0a05bd1f468207d46cefcc3d0ef72808188b56fa16d
                • Instruction Fuzzy Hash: 3701213A90A394AFD7421BA4EC208C83F66EF17300B0941A3E180CB172EA258616DB62
                Function 06E30D68 Relevance: .0, Instructions: 50COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2171383565.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6e30000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: cfc1117a5ce9b7e67a9c73de8fb5a0ce54b544810642874ef21e34b414f3e2c9
                • Instruction ID: 4f608698f766e21d0d43d7dc7dd4f6fbb603b41337a3a1db94a233dfe0fd568e
                • Opcode Fuzzy Hash: cfc1117a5ce9b7e67a9c73de8fb5a0ce54b544810642874ef21e34b414f3e2c9
                • Instruction Fuzzy Hash: 7F115A30E0026ACFDB04EBA8C848BFEB7B1FF86304F0555A8D4146B391DB716948CB61
                Function 06FFE167 Relevance: .0, Instructions: 49COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2177085424.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6ff0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: bc24317bbc565a58a39f84d84262a694f57defa8a88132d5941b73405e174ef6
                • Instruction ID: 3e6bfc1f3f9e9caaf1500a91773cfe1f660d9389fa5e86044f685040a49d7a12
                • Opcode Fuzzy Hash: bc24317bbc565a58a39f84d84262a694f57defa8a88132d5941b73405e174ef6
                • Instruction Fuzzy Hash: 0E1149B4E25244CFDB40CFA8E64A5ADBBB5FF48305B00916AD4469B322DB34A901CF44
                Function 06E3C1C0 Relevance: .0, Instructions: 48COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2171383565.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6e30000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ccad5c488604915c401368bcd30ab4b92cbc1dd7a1e97f5c4f59ff8bdc1addf9
                • Instruction ID: bde44d7157fa95e5e820d629a1971ae60b45fb1428c97c8bc3a4471343f663f8
                • Opcode Fuzzy Hash: ccad5c488604915c401368bcd30ab4b92cbc1dd7a1e97f5c4f59ff8bdc1addf9
                • Instruction Fuzzy Hash: 2F01D671B05364DB8F86A7A95D145BEBBBE9FC5210B040069D626A7380EB314E01C7A2
                Function 06E3BEE2 Relevance: .0, Instructions: 48COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2171383565.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6e30000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: fa0c9e629333d61d55e036c8255f0b717e866521f25adef090665f36e0417fcf
                • Instruction ID: ba9a7efc0f1ce50d2c2df968ae8dc22d0899d6886c61b50d1229c94c06ee8638
                • Opcode Fuzzy Hash: fa0c9e629333d61d55e036c8255f0b717e866521f25adef090665f36e0417fcf
                • Instruction Fuzzy Hash: 8E11F0B5D006098FDB50DFAAD944A9EFBF4AB48210F24841AD459A7310D378A505CFA1
                Function 06E3A852 Relevance: .0, Instructions: 48COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2171383565.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6e30000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: aa5708844b22f574afbc5af6b7bfbb37a79478267665ed4a8d253a29f5e55c66
                • Instruction ID: cdb713f14b6ba77292f457017be92390a783527e4da0609a1060d17221a315cf
                • Opcode Fuzzy Hash: aa5708844b22f574afbc5af6b7bfbb37a79478267665ed4a8d253a29f5e55c66
                • Instruction Fuzzy Hash: 19117070E00769CFEB98AFA5D45C3ED7AA2EF44354F106438D441A7280DB784981CF95
                Function 06E3B3BC Relevance: .0, Instructions: 47COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2171383565.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6e30000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 93fff5d7123cf8588a694c5f0189a975ef68eabb7c822abf185867b30f8d2f20
                • Instruction ID: 9aff8494d923b67e0fd2f9fae0ff477f02a0c5c83494c7f408aac8a095cafecd
                • Opcode Fuzzy Hash: 93fff5d7123cf8588a694c5f0189a975ef68eabb7c822abf185867b30f8d2f20
                • Instruction Fuzzy Hash: 721125B5900309CFDB60DF9AD948B9EBBF4EB48320F20841AE519A7310D379A944CFA5
                Function 06E3DE98 Relevance: .0, Instructions: 47COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2171383565.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6e30000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 591a2e81e33c76d893fe3a5f683db08bbf4af599e732dbf1a6c800b806a17aa0
                • Instruction ID: 6eb8d596d849636e13672b0ced9c268aadbe33804158adc344e232ae7b187504
                • Opcode Fuzzy Hash: 591a2e81e33c76d893fe3a5f683db08bbf4af599e732dbf1a6c800b806a17aa0
                • Instruction Fuzzy Hash: 3701F935B143708FDBA89A3BCC589797BAE5F61A05309105AD102C7761DF20DC02C391
                Function 06E3CD34 Relevance: .0, Instructions: 47COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2171383565.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6e30000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7c80c904300ded165c9ae658add11702c601f818592b78544ebc7e8333048687
                • Instruction ID: c6d0aa3fdda7b7ae3d418af460501402618f26ba7d1272f7deac4d68db9403ce
                • Opcode Fuzzy Hash: 7c80c904300ded165c9ae658add11702c601f818592b78544ebc7e8333048687
                • Instruction Fuzzy Hash: 411122B5900308CFDB60DF9AD948B9EBBF8EB48324F20841AD519A7300D379A944CFA5
                Function 06E30938 Relevance: .0, Instructions: 47COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2171383565.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6e30000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 00469b6449f6ffabbfdbf96e92ac78ad441d27b128eff44a175218eb0b1797fb
                • Instruction ID: b693f113d401e7872c188a9fcb8120d370857e6bcb826a6279070e12badbc654
                • Opcode Fuzzy Hash: 00469b6449f6ffabbfdbf96e92ac78ad441d27b128eff44a175218eb0b1797fb
                • Instruction Fuzzy Hash: 7D01BC31600310CFEB14DB29D848A66B7B6EFC2224B20D1AED545CB662CB71DC06CB91
                Function 06FF6E7B Relevance: .0, Instructions: 46COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2177085424.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6ff0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: cac7712d9c0e3771dae771bbed37417273a9ffc0ce98468c717c1b09e2deac3d
                • Instruction ID: 835d82d5a5b317d12f67547675ea784d6bc5fd96db37bc4818f40df7694e642e
                • Opcode Fuzzy Hash: cac7712d9c0e3771dae771bbed37417273a9ffc0ce98468c717c1b09e2deac3d
                • Instruction Fuzzy Hash: 7E113C72D1074B9ACB01EFA9C8011E9FBB0FF99310B10965AD558F7500FB70A6D5CB90
                Function 06FFC943 Relevance: .0, Instructions: 46COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2177085424.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6ff0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 216f16a1b6a353270b0ac524eee089e22e9a6f85eccb3ee082fb7ad4bb1ed21a
                • Instruction ID: 298a6626a33bcb751b45a8b099d07367ebaa64913d607bbf61dadab253476f1c
                • Opcode Fuzzy Hash: 216f16a1b6a353270b0ac524eee089e22e9a6f85eccb3ee082fb7ad4bb1ed21a
                • Instruction Fuzzy Hash: 6F01BC39A08208EFC710DBA4C684AAEBFF5AF4D300F54C0D5E5089B366CB309E04DB90
                Function 06E3D0E8 Relevance: .0, Instructions: 46COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2171383565.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6e30000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: df9f578cd090745bea497b89784a8d2b2e52c6e36338165def89b7711de0fc0b
                • Instruction ID: c198804c5e3097885f55062b4e35d086ca4514568fc9f59790d982f31dd9c62d
                • Opcode Fuzzy Hash: df9f578cd090745bea497b89784a8d2b2e52c6e36338165def89b7711de0fc0b
                • Instruction Fuzzy Hash: FE1133B5D00749CFCB10DF99D985BDEBBF4AB48320F24841AD559A7700C338A948CFA6
                Function 06E39890 Relevance: .0, Instructions: 46COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2171383565.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6e30000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d86a5fbda0e2653a28f790deebbb368278917ee7b49d4be968d4664a5e7cf094
                • Instruction ID: ceb47430e4ef11f0caec037ce207995d07ebd6c6dfcab28075ac650d7d67faa0
                • Opcode Fuzzy Hash: d86a5fbda0e2653a28f790deebbb368278917ee7b49d4be968d4664a5e7cf094
                • Instruction Fuzzy Hash: 17014C72A04341DFE745D725D5057847BA1EFC2304F08D4AEC049CB257EB72E846C791
                Function 06FFDFF8 Relevance: .0, Instructions: 45COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2177085424.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6ff0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4e5276a3e4fbfc8317b7e2c0696c8ecbaae26ee83e8dedfdd4c7de43019241e8
                • Instruction ID: f5f15821b22e116d02862118844f0cae6048e2b977f7e8c364c2d25c65a921e7
                • Opcode Fuzzy Hash: 4e5276a3e4fbfc8317b7e2c0696c8ecbaae26ee83e8dedfdd4c7de43019241e8
                • Instruction Fuzzy Hash: 97113974E29245DFDB80DF68E588AADBBF6FF09305B109556E505D7222C730A941CF44
                Function 06FF3D6A Relevance: .0, Instructions: 45COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2177085424.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6ff0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: adc5273da5f7204274d4c1e69be50c06ac7c2b1fb3703c3f5bc86de8831bc0a5
                • Instruction ID: 2ece08d6873186cd1c0574915fbd8a4d5e7109354c19806868a7e127d17bfc52
                • Opcode Fuzzy Hash: adc5273da5f7204274d4c1e69be50c06ac7c2b1fb3703c3f5bc86de8831bc0a5
                • Instruction Fuzzy Hash: 63018433D29249DFEB84ABA4D90496C7B72EF45301B0051D6D743DB378DB3059148BD2
                Function 00CCD759 Relevance: .0, Instructions: 45COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2160058570.0000000000CCD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CCD000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_ccd000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5063e99cd5fa7b332547a29e3fc4d8976ac36b0bbdfa8ac171a00103cefd7245
                • Instruction ID: 435f7f18f9decde2162f23bcc22751f3b3eb443c08f9a1d0a9fb3adb93b46cd7
                • Opcode Fuzzy Hash: 5063e99cd5fa7b332547a29e3fc4d8976ac36b0bbdfa8ac171a00103cefd7245
                • Instruction Fuzzy Hash: 67012B31004344DAF7104B16DD84F67FBD8DF41720F18842EED5A8A28AC3789840C7B1
                Function 06E3CE48 Relevance: .0, Instructions: 44COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2171383565.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6e30000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: de2d0405ba413c62e76067c408791923b098a1ccbbed8026c109a057b396fd9c
                • Instruction ID: cb833bf856474336f4d950e76e5ed3a58cd432f4c82d726f2928933b89413411
                • Opcode Fuzzy Hash: de2d0405ba413c62e76067c408791923b098a1ccbbed8026c109a057b396fd9c
                • Instruction Fuzzy Hash: 06F06235B103318F97A89A3FCC9897A7BEE9F95A15305506AE506C7660DE20DC01C690
                Function 06FF4B9B Relevance: .0, Instructions: 43COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2177085424.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6ff0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: cb6dc1a15bb007e53c0a2fd9a97e8812959489a4ed6ee21e8ae52d9034d6147b
                • Instruction ID: 7cafcec71f404b0d0613c8462dc3c58636f4cba4938daea7e84c8948fb1ad172
                • Opcode Fuzzy Hash: cb6dc1a15bb007e53c0a2fd9a97e8812959489a4ed6ee21e8ae52d9034d6147b
                • Instruction Fuzzy Hash: D3018F75E183198FE718CF65C9153EABBB6BF8A300F0084A6C108A7362DB744A85CF81
                Function 06FFC8D3 Relevance: .0, Instructions: 43COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2177085424.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6ff0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 1f5ec4b6f366563453f89543b3576f9a3c9942139ee0d1f111a1b228376e36b5
                • Instruction ID: fc6ca883dcc94d93848eae7c4163fa2271fa0891cbccdac138e2be7151008c5e
                • Opcode Fuzzy Hash: 1f5ec4b6f366563453f89543b3576f9a3c9942139ee0d1f111a1b228376e36b5
                • Instruction Fuzzy Hash: 95F0D171D1D22CDFE764CF69D1419FEBBB8AF4A304B0091A4C1486B225DB309A45DB80
                Function 06FF6294 Relevance: .0, Instructions: 42COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2177085424.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6ff0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 52bba2c340f026dd01ef21a72c7c1257e2b746251a5ba323ae540052da5746cc
                • Instruction ID: 09c6a9ac4ca8d4f6e01c4b950a0c7cf1cabfe0461304e0ecf50b13089bef5e78
                • Opcode Fuzzy Hash: 52bba2c340f026dd01ef21a72c7c1257e2b746251a5ba323ae540052da5746cc
                • Instruction Fuzzy Hash: DCF0F031B29380AFDB43EBB88C554697FB8DF0B20071048EBE505C7262E93A8D05C322
                Function 06FF83C3 Relevance: .0, Instructions: 42COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2177085424.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6ff0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e96093bdc0bc9d0e7a433ec9fa6eefabdfbc407faf98b4a4d0ee9f6418418bf6
                • Instruction ID: fd60d340d34ed1ee4f59f22d1b3a1d95b7ecc592dacabfd15481e99842abe426
                • Opcode Fuzzy Hash: e96093bdc0bc9d0e7a433ec9fa6eefabdfbc407faf98b4a4d0ee9f6418418bf6
                • Instruction Fuzzy Hash: B3012831A68640CFE799CB14C955F693B76BF41780F5980AAE3278F6B2C721D801CA45
                Function 06E3FEB9 Relevance: .0, Instructions: 42COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2171383565.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6e30000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4b8946a499e978ff2e77dd14a7124b52d8529cc327677e20c87d368465d0afbb
                • Instruction ID: e185198f2de0a12aa3179ac84384b0ab20b036d921144160827ce239319eee78
                • Opcode Fuzzy Hash: 4b8946a499e978ff2e77dd14a7124b52d8529cc327677e20c87d368465d0afbb
                • Instruction Fuzzy Hash: E2F02831E003599BE3447A64D4156EF76FA9B84610F50042DDD42AB340CE755D01CBD5
                Function 06E30948 Relevance: .0, Instructions: 41COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2171383565.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6e30000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7773da54aee838247707fee63492796267df6e1cffd2021f8092a3a6a41f6444
                • Instruction ID: 7a50eaef786a9f8f54bd4637f9ca8f054598ca7077442d628ad3657b2cf835e2
                • Opcode Fuzzy Hash: 7773da54aee838247707fee63492796267df6e1cffd2021f8092a3a6a41f6444
                • Instruction Fuzzy Hash: 90016931610310CFEB54DA2AD848E26B3AAEFC5224B24D5ADD549CB625DB71EC02CB91
                Function 06FFDEC7 Relevance: .0, Instructions: 40COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2177085424.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6ff0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 425d699c8e97320b5374d6a9b62c22064fc41e123589e49f4b42834123184139
                • Instruction ID: 284c1d43580f9d0eac62e70189be3dabaaf566c4ee35a996d3b633cb5ee59b8f
                • Opcode Fuzzy Hash: 425d699c8e97320b5374d6a9b62c22064fc41e123589e49f4b42834123184139
                • Instruction Fuzzy Hash: F21148B4A60318DFDB109B24EA497AAB7BAFF85205F0092D5D58996714DB342EC1CF42
                Function 06FF3D78 Relevance: .0, Instructions: 40COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2177085424.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6ff0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2ed1bcdc2d64d831f27cc5af3e77a39505509d438f94cb615cedd97b7bbece37
                • Instruction ID: 39de8d46ac5ca0938e2dded6c32462fda72597ecdcaec96466ce8db188dee31a
                • Opcode Fuzzy Hash: 2ed1bcdc2d64d831f27cc5af3e77a39505509d438f94cb615cedd97b7bbece37
                • Instruction Fuzzy Hash: DA01813392420DEFEB84AFA5D8049AC7BB6EF44341B0091AAE74397368DB3059448FD2
                Function 06E3C1D0 Relevance: .0, Instructions: 40COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2171383565.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6e30000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7cd478d7320373ce2fa39c94f50c6b94a78a42af253cf17239160a244cb22e4d
                • Instruction ID: 7e5193978f00aaf36e831a3680b5ed0990e87f5b7b2e748d63e3ce365a01784a
                • Opcode Fuzzy Hash: 7cd478d7320373ce2fa39c94f50c6b94a78a42af253cf17239160a244cb22e4d
                • Instruction Fuzzy Hash: E0F09671B00228DB8F95E7A95D545BEBBBEEFC8610B000029D726A7380EA314A01CBD6
                Function 06E36967 Relevance: .0, Instructions: 40COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2171383565.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6e30000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9fc40608c51cb5a6b222568744ae8d0cac31ffcc3c43597baed0658a29833e12
                • Instruction ID: 7d50349acc106ac359c0839776d6f76b2aba22903d4fa39048dd93c6bbb42ddf
                • Opcode Fuzzy Hash: 9fc40608c51cb5a6b222568744ae8d0cac31ffcc3c43597baed0658a29833e12
                • Instruction Fuzzy Hash: 07014074E0425ACFD784EF64C8589AEFBB1BF48304F10859AD815E7355D7749902CF91
                Function 06E36978 Relevance: .0, Instructions: 40COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2171383565.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6e30000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c9cedf1d595cbb33353ddf4a2367764dce4be99546388530cd2f654a903e477e
                • Instruction ID: a9975dc35feacd0f98758f40d2ff7b0b6047056d63857ced56bde31f1fe6a183
                • Opcode Fuzzy Hash: c9cedf1d595cbb33353ddf4a2367764dce4be99546388530cd2f654a903e477e
                • Instruction Fuzzy Hash: 3A010C74E0021ADFCB40EFA8D4549AEBBB1FF48304F10816AD919E7351DB74A902CF91
                Function 06FFC8D8 Relevance: .0, Instructions: 39COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2177085424.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6ff0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 1dc35ee44b418771afee3b49b76a78d4536d0b99aa16b1627852b7b09f967d24
                • Instruction ID: f208be920f5bbfd3fb92580a4aaf35fb837f3f242dcdefbad219eeef424eb04e
                • Opcode Fuzzy Hash: 1dc35ee44b418771afee3b49b76a78d4536d0b99aa16b1627852b7b09f967d24
                • Instruction Fuzzy Hash: E0F0AF71D1C22CDFE754CF69D5459BEBBB8AF8A304F00A1A8C1486B225DB309A44DB80
                Function 06E3BF80 Relevance: .0, Instructions: 39COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2171383565.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6e30000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 24ac42f70c54324aa5f3312f1d509bcc9cf451c327909df1b741754f05a43795
                • Instruction ID: 7b53a0192a0489f1be15b2385b7e8e35f0033c2dfb3fb560479a2a7fa046e15b
                • Opcode Fuzzy Hash: 24ac42f70c54324aa5f3312f1d509bcc9cf451c327909df1b741754f05a43795
                • Instruction Fuzzy Hash: 45F0377211A384AFCB878B60CD55CC13F75EB0730571A86DAE0958F273D2329A1ADB22
                Function 06FF4BA8 Relevance: .0, Instructions: 38COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2177085424.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6ff0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 73c4cfedacf730f1c2ad9af30f00215adeb5ceec91b67445e976052ce46b7b98
                • Instruction ID: 389114870b02792dcd276c0dd04fd5f74de94d191b47d6dfeb84a472339a365a
                • Opcode Fuzzy Hash: 73c4cfedacf730f1c2ad9af30f00215adeb5ceec91b67445e976052ce46b7b98
                • Instruction Fuzzy Hash: 6801FB75E143188FE758CF66C8047ABBBBABF8A300F4090A9D51967361DB745945CE81
                Function 06E3F4EC Relevance: .0, Instructions: 38COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2171383565.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6e30000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9492356d86c653b775125787a77cd5314a0903870d34bebe473a62e6ba1e2977
                • Instruction ID: 156612eb5d0b8522fb990435e87cf0d5134926ff0f8f9a7c04d34eb028baa538
                • Opcode Fuzzy Hash: 9492356d86c653b775125787a77cd5314a0903870d34bebe473a62e6ba1e2977
                • Instruction Fuzzy Hash: 3CF08B32E003699BE3447B68E4142AE76B6DFC5700F50082ED802AB380CEB15D04CBDA
                Function 00CCD758 Relevance: .0, Instructions: 36COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2160058570.0000000000CCD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CCD000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_ccd000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ca2c5e70220c03bf9fea8fc588e2c7d5e859e8e43462b57d43c1204e00f092aa
                • Instruction ID: 0568b087816b3e991a2075bb41f4b8a4964ddfe40bff6f0793a6747895dbff40
                • Opcode Fuzzy Hash: ca2c5e70220c03bf9fea8fc588e2c7d5e859e8e43462b57d43c1204e00f092aa
                • Instruction Fuzzy Hash: 09F0C271405344AEE7108E06DD84B62FBA8EF90724F18C45AED594A286C3799C40CBB1
                Function 06FF774B Relevance: .0, Instructions: 34COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2177085424.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6ff0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: fe04f3cfe486c4f1dc711e64c4ef1e0e74ff9b20fa334ff898c2ac49e781b6c1
                • Instruction ID: bf33532ae36661b51d00749b3a21b630e29075d2490a636703ed25d49a68eaf5
                • Opcode Fuzzy Hash: fe04f3cfe486c4f1dc711e64c4ef1e0e74ff9b20fa334ff898c2ac49e781b6c1
                • Instruction Fuzzy Hash: EAF08272A142056FDF85DFA4DC4199ABFBAEF05214B1481ABE104D7265E7319E118750
                Function 06FFE0D5 Relevance: .0, Instructions: 34COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2177085424.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6ff0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 84260ddbbda3604101741e0e7617c64e4f4198237681751f3a054416eaf4392b
                • Instruction ID: 3065570748b72f81f108198aec901057efd26e8ac967f575d9aa65da83836e03
                • Opcode Fuzzy Hash: 84260ddbbda3604101741e0e7617c64e4f4198237681751f3a054416eaf4392b
                • Instruction Fuzzy Hash: 9001A270D25395CFCB10DFA8D64969DBBB5FF44301B00D16AC4969B71ADA386951CF80
                Function 06E36ED8 Relevance: .0, Instructions: 34COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2171383565.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6e30000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 96dd7afd4ce2b14473b5364c3d991936efe8127b942c0bb5e0cc173606fe42bc
                • Instruction ID: 2ef76dea91e6fb68fba256ea4626758bad42230d382416f806bd3e7c812c1644
                • Opcode Fuzzy Hash: 96dd7afd4ce2b14473b5364c3d991936efe8127b942c0bb5e0cc173606fe42bc
                • Instruction Fuzzy Hash: 7501D231A01218EFDF15CFA4C959BEDBBB2BB48305F248054EA017A2A1CB725990DF64
                Function 06FFE4E4 Relevance: .0, Instructions: 32COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2177085424.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6ff0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7f1313792149cfa0689792ed49b9ae1cab234150e4f83900182a7f1243f4c425
                • Instruction ID: f6e60fb01b7ffaf24e3a0148f1844f71606e1bf4cc999030154d1b505fa0396f
                • Opcode Fuzzy Hash: 7f1313792149cfa0689792ed49b9ae1cab234150e4f83900182a7f1243f4c425
                • Instruction Fuzzy Hash: 26F08CB0E60308CFDB00DFA8D6498DDBBB9FF48300B10A525D4559B754DA702991CF80
                Function 06FFDF67 Relevance: .0, Instructions: 32COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2177085424.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6ff0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c3cf636f522a2ddbbae0a4ca4e337161ab1bc179dd50ce41dd57747086aeaa32
                • Instruction ID: 73174c6d84d940fac5cb3fbe12d4709a00dc8e5959d11c3737a2c7b9b7bcf9da
                • Opcode Fuzzy Hash: c3cf636f522a2ddbbae0a4ca4e337161ab1bc179dd50ce41dd57747086aeaa32
                • Instruction Fuzzy Hash: B5017870910216CFEB50DB68EE49B987BB5FB44209F0063D6E10DA72A9DB301E80CF94
                Function 06E381A0 Relevance: .0, Instructions: 32COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2171383565.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6e30000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e9f8c0c509ca911f12ac6f72f150a142c3af20aa8ebfee3bfd46dfbaf848e14e
                • Instruction ID: 6acff05a8326d408810b24947597a5beb6a32677f0f0f5210f825d778efd2684
                • Opcode Fuzzy Hash: e9f8c0c509ca911f12ac6f72f150a142c3af20aa8ebfee3bfd46dfbaf848e14e
                • Instruction Fuzzy Hash: 4AF0BE76605251CFC716EB78D8449AD3BAABFD63447654AAAE140CF225DA748C01CBA0
                Function 06E37FC0 Relevance: .0, Instructions: 32COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2171383565.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6e30000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c01a98f3c4bd6a502947df84fec986d1f079e71743ad91e6d2b3659a11169998
                • Instruction ID: 5f142e453f690090a6af0c3f0c43225b07e20cb838c20cfc5a037db454c8f384
                • Opcode Fuzzy Hash: c01a98f3c4bd6a502947df84fec986d1f079e71743ad91e6d2b3659a11169998
                • Instruction Fuzzy Hash: 9DF0F234E1124AEFDB58EFA8E56999C7BB5EB84300B1040ADE406EB255EF702A449F45
                Function 06E309C1 Relevance: .0, Instructions: 32COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2171383565.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6e30000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4201192c794295a7343860f0177d290932584dc31ba74da094c67cb692c53670
                • Instruction ID: 6287858da3869d5254b239f4b2913f95295b52bffeee97d84320e8f7ddd0f830
                • Opcode Fuzzy Hash: 4201192c794295a7343860f0177d290932584dc31ba74da094c67cb692c53670
                • Instruction Fuzzy Hash: 68E02B35B043604BD7D9462558187BA37956FC1212F08505AD04BC3250CB209C03C3A2
                Function 06FFF2C8 Relevance: .0, Instructions: 30COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2177085424.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6ff0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ff0bdb10dbb9883f4d2df1acb8f8c7306f541e64c48a0dae666cb4e2546f31a7
                • Instruction ID: 72916e206c4f2ce1325cf1d654697a26ab908a8a1564102ea7a502f4c7747281
                • Opcode Fuzzy Hash: ff0bdb10dbb9883f4d2df1acb8f8c7306f541e64c48a0dae666cb4e2546f31a7
                • Instruction Fuzzy Hash: 78F062B4E14349EFCB22DFB4E5056ADBBB0EB89311F10C0AAE844DA350D7344A16EF41
                Function 06E3BFEE Relevance: .0, Instructions: 30COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2171383565.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6e30000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e7b6bd35c1984c2dae929dd00eeeb1028fca117d0c224c99bf3b48d434e64d5f
                • Instruction ID: 80492a7d669248371e0f43d6315a0de2ae994c6179ff2c1e8b070362c587a42f
                • Opcode Fuzzy Hash: e7b6bd35c1984c2dae929dd00eeeb1028fca117d0c224c99bf3b48d434e64d5f
                • Instruction Fuzzy Hash: 97F0E53AA002289BCF448BD4D8049DDBBB9AF48615F004126E618E7220E7318424CF80
                Function 06E3794E Relevance: .0, Instructions: 30COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2171383565.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6e30000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 973a6578caede485cbb6650ea842198041b27d884027913605f3342a396df726
                • Instruction ID: c4e8880341e39e2b58081b86f70635eb2d29270db56fc1b7b0fb80c3e865198c
                • Opcode Fuzzy Hash: 973a6578caede485cbb6650ea842198041b27d884027913605f3342a396df726
                • Instruction Fuzzy Hash: 06F01DB5A10269CFDF80DE69E44DBE833F4EB0431AF012169D0159B190C7388985CB64
                Function 06FFE29C Relevance: .0, Instructions: 29COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2177085424.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6ff0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a6c3ea1cc380c855eca96696193d87f219f9a31d0acff2a4664f9a040d272054
                • Instruction ID: bdf10b34072a59b806dd7d4c9d786fa7eca3ef70b503e8b4949037b83dc1b454
                • Opcode Fuzzy Hash: a6c3ea1cc380c855eca96696193d87f219f9a31d0acff2a4664f9a040d272054
                • Instruction Fuzzy Hash: 0FF0AF70914306CFE740EF98E289A997BB9FF44304F04A185D049DB635DB309D84CF95
                Function 06FF7EF8 Relevance: .0, Instructions: 29COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2177085424.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6ff0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 86eba323715bd5cc03dacdef185242fa67b64ebf58b480c3b1976090d72f0f55
                • Instruction ID: cfdc749539df1253e9b8c1f206ad27b6128ea50fa6e9c1540776ae6c3cf17354
                • Opcode Fuzzy Hash: 86eba323715bd5cc03dacdef185242fa67b64ebf58b480c3b1976090d72f0f55
                • Instruction Fuzzy Hash: 6DF0A9B191428A8FCB50CF68C4406AABFF0AF09320F104589EA50DB2A1C3388542CB80
                Function 06FF7F08 Relevance: .0, Instructions: 29COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2177085424.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6ff0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 22b1554d36708a71e3b7c3b8f4ee0d3b1f221a2f8ace58e3f528d5340de17dba
                • Instruction ID: 04613de1d28ca54035d1bdbc29030d20269f3d4f575c5dbe429f7f06a00394f6
                • Opcode Fuzzy Hash: 22b1554d36708a71e3b7c3b8f4ee0d3b1f221a2f8ace58e3f528d5340de17dba
                • Instruction Fuzzy Hash: 6BF0DAB4E1420A9FDB84EFA9D841AAEFBF4EF48210F1045A9E918E7350D7749645CBD0
                Function 06E3F4CC Relevance: .0, Instructions: 29COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2171383565.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6e30000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8b98a51067d72c105c4de0163d01fa5871ee70619016ff4ab13e2fc658ed8ce7
                • Instruction ID: 2485fb830222db6d37ea80867ed30ed256bad75dd99b6c9bfd074e8263ef36d7
                • Opcode Fuzzy Hash: 8b98a51067d72c105c4de0163d01fa5871ee70619016ff4ab13e2fc658ed8ce7
                • Instruction Fuzzy Hash: 76F0E530A09311CFD36A9B3888648263BE5EF46300314C8BED19ACB262C635EC45CB45
                Function 06E381B0 Relevance: .0, Instructions: 29COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2171383565.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6e30000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 906dc4161c4789d8969fe403d5864fa4449cc6b149ab6c7a375e08327a427d8e
                • Instruction ID: 344b89014ef99beafffbd9c4f47c21b1ad05409a5884ba01867674d48def994b
                • Opcode Fuzzy Hash: 906dc4161c4789d8969fe403d5864fa4449cc6b149ab6c7a375e08327a427d8e
                • Instruction Fuzzy Hash: AAF0393631121ADFC715AF29D844CAE7BAAFFDA35476046A9F6048F224DB719C01CFA0
                Function 06E3A8AD Relevance: .0, Instructions: 29COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2171383565.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6e30000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8107d2141c2e8f3aaaa10151138c72a21b08c7d8f66cbcb340232f4c1aef4451
                • Instruction ID: 4f7898217f17f660cd1970e64e498465e4c2e6cc4d1c10a8196daebfaff7e2fb
                • Opcode Fuzzy Hash: 8107d2141c2e8f3aaaa10151138c72a21b08c7d8f66cbcb340232f4c1aef4451
                • Instruction Fuzzy Hash: 74F09070A0031A8FEB98AF79D4193AD7AB2AF84704F00943CD001A7280DFB48480CF91
                Function 06E3986F Relevance: .0, Instructions: 29COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2171383565.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6e30000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e83639f47d98048bdb8d0008506957695054af018c7ef8361975c581b1f1a532
                • Instruction ID: 911dfeeb5ea850ec47790f73750dccb70912c5edecfa8127a0f0f1f644d70adc
                • Opcode Fuzzy Hash: e83639f47d98048bdb8d0008506957695054af018c7ef8361975c581b1f1a532
                • Instruction Fuzzy Hash: 9CF05532E003918FCBA2CF32E884588B768EFD1315B1A84FBD2448B552D771D852C380
                Function 06FFE1E1 Relevance: .0, Instructions: 28COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2177085424.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6ff0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8fc9c6bdbd82b7592a1908e151d6a7cbd94049327374250ebef298fabc300412
                • Instruction ID: f0ba36ca2a3dff7e68c20c6c4b43e793ee9a20f272ade51694148fa4e4173508
                • Opcode Fuzzy Hash: 8fc9c6bdbd82b7592a1908e151d6a7cbd94049327374250ebef298fabc300412
                • Instruction Fuzzy Hash: D7F09A74E15318CFEB90DB14EA49BA87BBAFB89204F0091D9D00AA3224DB301E85CF42
                Function 06FF3D1A Relevance: .0, Instructions: 27COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2177085424.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6ff0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b14a4d20ae5daa83a1168e491524991f70c9e28725973827f32e9042ff11e9e6
                • Instruction ID: fc89e35136c92dbe8e2861bb208a12d548bddd3124187c123fcc7b4c49597b95
                • Opcode Fuzzy Hash: b14a4d20ae5daa83a1168e491524991f70c9e28725973827f32e9042ff11e9e6
                • Instruction Fuzzy Hash: AEE06D3323809CDFA3C8ABA9A04882D77BAAF4861431044A1F20BCF234DE70DC00C7D0
                Function 06FFBA38 Relevance: .0, Instructions: 27COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2177085424.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6ff0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 10e3bb5f99346a6d6fe7201c502d54cb6d3c730dbf86d953867f8ed01f6c017e
                • Instruction ID: b6ad5edca0ab749059f560852cadbd8dc2088d6c9756ffc92996cfe16325a0b7
                • Opcode Fuzzy Hash: 10e3bb5f99346a6d6fe7201c502d54cb6d3c730dbf86d953867f8ed01f6c017e
                • Instruction Fuzzy Hash: 61F08C31C04308EFCF16DFA0E90599D7F72FF1A310F5081A9E90416260D736A9A5EFA1
                Function 06E3C6F0 Relevance: .0, Instructions: 27COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2171383565.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6e30000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: bf5e5941689453c0c6eb168e19b1933260c49e8291d154fbd04b8c55730d3392
                • Instruction ID: 35a3bc9c91e2a7a60016495db87617abe3d6ef5ff34b55c3e417f0330382a133
                • Opcode Fuzzy Hash: bf5e5941689453c0c6eb168e19b1933260c49e8291d154fbd04b8c55730d3392
                • Instruction Fuzzy Hash: B8E04F72B002286B9784EAB99C485AFBAEECF84550F509079D509E7240FA709D418390
                Function 06E30CA0 Relevance: .0, Instructions: 27COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2171383565.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6e30000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ab9667396a62f5ec7388eac8ad916d32927dae2263cf5ad9d22d4e997f3e3306
                • Instruction ID: f792cc808fd979ae68ae1a3afe7a61f816fd96d9cc5f3348b376513aaef9ac84
                • Opcode Fuzzy Hash: ab9667396a62f5ec7388eac8ad916d32927dae2263cf5ad9d22d4e997f3e3306
                • Instruction Fuzzy Hash: B4E0E5353605148FC754DB2ED848D55B7E9EF89A2531640BAF209CB372DA71EC01CB90
                Function 06E31C61 Relevance: .0, Instructions: 27COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2171383565.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6e30000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 10838efd08f37dd49fcf5b06fb3ea393c5f09f3476e7f1fe4586869375ac98d4
                • Instruction ID: efac96a27bbc4a18baca7b505c76e1867186a69ad2a95df2c62255a22fca2452
                • Opcode Fuzzy Hash: 10838efd08f37dd49fcf5b06fb3ea393c5f09f3476e7f1fe4586869375ac98d4
                • Instruction Fuzzy Hash: 42D017D3C4E3C01EEB8752206C211A83F20695330031F51D7E481CA663E0150A2ADB63
                Function 06FF3D20 Relevance: .0, Instructions: 26COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2177085424.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6ff0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 096ac7a978205587d4f390e49d8cdb50dfd04c635baf22feed062344c835b1f6
                • Instruction ID: 8aa06a4b357be2615f630a45de6f0d83e60ba669736e663045179440881c1c4d
                • Opcode Fuzzy Hash: 096ac7a978205587d4f390e49d8cdb50dfd04c635baf22feed062344c835b1f6
                • Instruction Fuzzy Hash: C6E0123763845CDFA3C49B69A408929B7FAAF4965531054A5F60BCB374DE709C0187D4
                Function 06FF3A01 Relevance: .0, Instructions: 26COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2177085424.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6ff0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4983887b4edeff2314585bc24ce6f78437cf7515c85b20abebf30bf32a57bcfe
                • Instruction ID: c05b92b515b1005a2fe249dea6614a7add9a6bcb62abde1f5266e1b3cee34ce1
                • Opcode Fuzzy Hash: 4983887b4edeff2314585bc24ce6f78437cf7515c85b20abebf30bf32a57bcfe
                • Instruction Fuzzy Hash: 3EE02677D2122BDBE75C4BA0C5591DD7BBDEB48350F000429E603F3350DB32080682E2
                Function 06E309D0 Relevance: .0, Instructions: 26COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2171383565.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6e30000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 575fb11b8c317fa386b823ad373b11808427682b985f567b5bcc0fcf77330132
                • Instruction ID: f7df1ae3cc0534f6291278d38606324e0341f7888f92ad1b5fb8a2032564c151
                • Opcode Fuzzy Hash: 575fb11b8c317fa386b823ad373b11808427682b985f567b5bcc0fcf77330132
                • Instruction Fuzzy Hash: ACE0863570432987EBA85A6BA818B7B76DAAFC4626F04907DD40BC3240DF60EC01D791
                Function 06FF7EA1 Relevance: .0, Instructions: 25COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2177085424.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6ff0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: dace790ce2095a8a2cb42f820c51c8900ca359809ba0291c472418fbbbc42157
                • Instruction ID: b9e3985b28e2135f4da1e7c93fa9185ccfdc3ac5517e92c7c9d63de3ea965609
                • Opcode Fuzzy Hash: dace790ce2095a8a2cb42f820c51c8900ca359809ba0291c472418fbbbc42157
                • Instruction Fuzzy Hash: 91E092B29801099FC710DFACE5857DABFF1AF18224F64899AD064DB661D77489834B80
                Function 06E38158 Relevance: .0, Instructions: 25COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2171383565.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6e30000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 1b37e190ff2bf8ed3f3ce04d78cc0f5b93e4116665f890b7945f35adf2669c67
                • Instruction ID: 00290783e9fbb8bfa2481ead822f48d6b28014e7fef7b662d5c66991cbe48886
                • Opcode Fuzzy Hash: 1b37e190ff2bf8ed3f3ce04d78cc0f5b93e4116665f890b7945f35adf2669c67
                • Instruction Fuzzy Hash: 8DF06531D0424DAFCB25CBE0C9448CDBF79EB06214F1043DAE826A6292DA351B17DF51
                Function 06FFBEA6 Relevance: .0, Instructions: 24COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2177085424.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6ff0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f5be81a65c43e93469ab200a8a2d710386b6c90d8866a0d8722febfacf459ff3
                • Instruction ID: 681f9d218992e3faf8e8de9ec414240f8c0b9884c9f485579c1bbdf5e8e8e477
                • Opcode Fuzzy Hash: f5be81a65c43e93469ab200a8a2d710386b6c90d8866a0d8722febfacf459ff3
                • Instruction Fuzzy Hash: C9F0A031418328CFC3A49B20D199868333AFF0A31AB1006D9D11F572B6CB36D989CF40
                Function 06E3FA70 Relevance: .0, Instructions: 24COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2171383565.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6e30000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 752e87e3cdfbca852600d555d6959498697f96ccc2ee259aa29cf653575d1341
                • Instruction ID: c081a880941cfcc24429ea57e93d9c3299f1c821b988cba61cc03e68b4cbeaac
                • Opcode Fuzzy Hash: 752e87e3cdfbca852600d555d6959498697f96ccc2ee259aa29cf653575d1341
                • Instruction Fuzzy Hash: D2E0DF71E063108FC39AAB70E6108913BB2AE81306325C6EEC069CF376C636DC46CB40
                Function 06FFF2D8 Relevance: .0, Instructions: 23COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2177085424.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6ff0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4e03517dc3d7c302b180abec7cc0201318e6f8eb218e8a15a971611d6490269e
                • Instruction ID: f3f56fe2948fbdc2d5ff8063ebf2c69f0eab94de1b6a43213eb5a3febf88ae71
                • Opcode Fuzzy Hash: 4e03517dc3d7c302b180abec7cc0201318e6f8eb218e8a15a971611d6490269e
                • Instruction Fuzzy Hash: 57F039B4E1020CEBCB64EFA8D50569DBBB5EB88301F00C0AAE81493350DA345A55EF41
                Function 06E3C69E Relevance: .0, Instructions: 23COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2171383565.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6e30000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b6f6a3304d4f4381045b6724db992d8af0257810feef26ce8806ea29792d4a50
                • Instruction ID: 2543fe4b727a6449c8e344ddede02991d085f2bb412790fe97a9e5e8c7a7d2c9
                • Opcode Fuzzy Hash: b6f6a3304d4f4381045b6724db992d8af0257810feef26ce8806ea29792d4a50
                • Instruction Fuzzy Hash: 0DE09A75D6032CDACB009F80E5087FDBB70EB45E0AF306422D012B1550C7318950CE90
                Function 06E39E6A Relevance: .0, Instructions: 23COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2171383565.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6e30000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0180142bf99b44feef8fafaf447944af5464604cb1656a68d523a57d1d826aaf
                • Instruction ID: b9305c9388837c3cfd9dbb1c85bd9be661675ba2d6ede82cc7401500e25dcea6
                • Opcode Fuzzy Hash: 0180142bf99b44feef8fafaf447944af5464604cb1656a68d523a57d1d826aaf
                • Instruction Fuzzy Hash: 0DE04F3770031497875A9AA4D9148A9736BBFD8261318846EE959AB314DBB6C80BD740
                Function 06E39E70 Relevance: .0, Instructions: 23COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2171383565.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6e30000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 98997fcaefc06627ea44541d87214e4b664af8b8d3680ccfcdcc5672ed55cf55
                • Instruction ID: 00d138da208d0c7cbc9802d63cc6d7b02c510553324c63afda5d8ec6a843e689
                • Opcode Fuzzy Hash: 98997fcaefc06627ea44541d87214e4b664af8b8d3680ccfcdcc5672ed55cf55
                • Instruction Fuzzy Hash: EEE08632700314978765AF65D81486A77AFFFC9261314847EE91557310CFB6DC0AD750
                Function 06E3EAA0 Relevance: .0, Instructions: 23COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2171383565.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6e30000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 035f40b66add6198b8849e5456ceead0e3b5a3a913e251a81d47486beab9a848
                • Instruction ID: a3707785945225521ecb67b6062dcdc4b943d183d91e64fd5080d2f048da3436
                • Opcode Fuzzy Hash: 035f40b66add6198b8849e5456ceead0e3b5a3a913e251a81d47486beab9a848
                • Instruction Fuzzy Hash: 5CE0CD73B052700FDBC967345D5456A3B655F81D5030A41ABD005CF371CD21CC06C381
                Function 06E3DE58 Relevance: .0, Instructions: 22COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2171383565.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6e30000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 930a8aaa0ad83f79ee7718a2d2f7d08e6c5134f39df72ab768d24435b5c8abe4
                • Instruction ID: 4ec68638d0df55fbf1efb29bd6c960f60511b8b376d39edc77205d2e5f3583c5
                • Opcode Fuzzy Hash: 930a8aaa0ad83f79ee7718a2d2f7d08e6c5134f39df72ab768d24435b5c8abe4
                • Instruction Fuzzy Hash: 49D05E57B09B7107CADB32685C292FD1B4A8FA2C1474926ABD43ADB2D1CD094F13C3DA
                Function 06FFBBD0 Relevance: .0, Instructions: 21COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2177085424.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6ff0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: bdae4c3e0a003f8abf25b4e36c2f9169c0824b13b068d2ee1217c03637a77bff
                • Instruction ID: 3fb36b043a83ba5d40bb4590483e05c8eaff4c5735a965a8a75ad42de36002df
                • Opcode Fuzzy Hash: bdae4c3e0a003f8abf25b4e36c2f9169c0824b13b068d2ee1217c03637a77bff
                • Instruction Fuzzy Hash: FEF06C78A192288FDBA0CB24D995BA9BBB5BF19305F1050D5E989A7251DB749E80CF00
                Function 06E3FA20 Relevance: .0, Instructions: 21COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2171383565.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6e30000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 284ba1abec5602c0aaf232d4e9372b406fb3ddde69fe154f8741f9c1a9ffa0c9
                • Instruction ID: 8b2f0ad365c819213aaa511d1cde76c45cb12eb47e7d1525de9fa05a4a89221f
                • Opcode Fuzzy Hash: 284ba1abec5602c0aaf232d4e9372b406fb3ddde69fe154f8741f9c1a9ffa0c9
                • Instruction Fuzzy Hash: FDE08039D06764DFC751F738E45416837959B43620B00B0B5D549CB269DA68CC45CF81
                Function 06FF3A10 Relevance: .0, Instructions: 20COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2177085424.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6ff0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 05437d75d37717dd9664637c39f0391cd999982357ffb0ed9ffa75a0dd04bf60
                • Instruction ID: b4452c70797074a541c258c4598d0af2cdca2bd08f65ca24d2e105f4840a7ce5
                • Opcode Fuzzy Hash: 05437d75d37717dd9664637c39f0391cd999982357ffb0ed9ffa75a0dd04bf60
                • Instruction Fuzzy Hash: F4E01236D2526DEBEB585BA6D41849ABEFD9B8D350F000469EA02B7350DE711C0446E6
                Function 06FFBB4D Relevance: .0, Instructions: 20COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2177085424.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6ff0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f6cad97e448f8a20d766d24408a3c5180f40f7019dd68c29cce3c2f536f9acff
                • Instruction ID: 65fb83feddaad328b779cf8210e1d509e842a83137f3e6ec46a19ed07af4940d
                • Opcode Fuzzy Hash: f6cad97e448f8a20d766d24408a3c5180f40f7019dd68c29cce3c2f536f9acff
                • Instruction Fuzzy Hash: 2EE01235115324CFC3559F60D559969377AFF4A20AB4150D9D00E5B361CB35ED89CF10
                Function 06E37912 Relevance: .0, Instructions: 20COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2171383565.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6e30000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 36a55dba3e970a55ad26c94d26253079747d7b895354b30fce10984c1601abbd
                • Instruction ID: cbd9af642371da8701e3e12ea02e2a8ea7f642b4e3898f66103b63f2f8ad682a
                • Opcode Fuzzy Hash: 36a55dba3e970a55ad26c94d26253079747d7b895354b30fce10984c1601abbd
                • Instruction Fuzzy Hash: 98E04F356101A5CFCF80DF69E848BEC73F5FB4432AF0150A8E019DB1A0CB349985CB10
                Function 06FF693C Relevance: .0, Instructions: 19COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2177085424.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6ff0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 1a1cddff5e839044512c49cedefac546d369fcd595624d88d777efc9fe1a924d
                • Instruction ID: 762ca32807ea2870113373f6a63093dce43601398363331832081097b4781dc3
                • Opcode Fuzzy Hash: 1a1cddff5e839044512c49cedefac546d369fcd595624d88d777efc9fe1a924d
                • Instruction Fuzzy Hash: B8E046B3C0012A8BCB10AFB4D9051AEFB75EF18622B404122E920A7104D3310621CBC0
                Function 06E38168 Relevance: .0, Instructions: 19COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2171383565.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6e30000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 841a095f75603da989620c183eaad8887e155ec63059326a0faebfcd3fcdcd5d
                • Instruction ID: 5a3a54a82d6ad8069a9532fef498737574121f97e4342de182351fe8b199cfac
                • Opcode Fuzzy Hash: 841a095f75603da989620c183eaad8887e155ec63059326a0faebfcd3fcdcd5d
                • Instruction Fuzzy Hash: 62E07E75D0020CEFCB54DFA4D9499DDBBB9EB48200F1082AAA819A2200EA306B159F80
                Function 06FF7EB0 Relevance: .0, Instructions: 18COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2177085424.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6ff0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 23b2f54bcb28e95ebc4683c60cfe427f78802a69d69b153832ef854cd05b16f5
                • Instruction ID: 85260a512c132750c56b0c3c14a819f8d13ce82d5fe5e8896e5c0b1469d0765b
                • Opcode Fuzzy Hash: 23b2f54bcb28e95ebc4683c60cfe427f78802a69d69b153832ef854cd05b16f5
                • Instruction Fuzzy Hash: 27E0BFB1D50209DFD780EF79D505A9EFBF1BF08200F1189AAD115E7221E7B49A048F91
                Function 06E3EAB0 Relevance: .0, Instructions: 18COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2171383565.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6e30000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f657c65d44e5e8ec40196b930de767eeda29a9681ac7eda768f9368b06d891b4
                • Instruction ID: 396f4095e18c257e54cf1c5adb4451464176cc7e14f02d08d064ad6cb05e31a2
                • Opcode Fuzzy Hash: f657c65d44e5e8ec40196b930de767eeda29a9681ac7eda768f9368b06d891b4
                • Instruction Fuzzy Hash: 84D0A7303142340B8B48B63EA85482A77DDAF84924304507AE406CB361CD50DC00C3C0
                Function 06FFA725 Relevance: .0, Instructions: 17COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2177085424.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6ff0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 817178ad2a423bb2079529f2ab22f91ca4e465aed293e799ccb04e72aa352811
                • Instruction ID: 3f88e514fe7d8bb5b7d21e78151c3f919c37e4beb38701d1fc553c18464bf844
                • Opcode Fuzzy Hash: 817178ad2a423bb2079529f2ab22f91ca4e465aed293e799ccb04e72aa352811
                • Instruction Fuzzy Hash: D5E04F70914358DFDB20DBA0C851BDFBBB2BF49300F0041E9D10967651DB305A55CF42
                Function 06FFA360 Relevance: .0, Instructions: 16COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2177085424.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6ff0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 03bada734f8f47a2a71fd2e9b8a6a3ec79009c8a3c97d3a4072be9b50731548c
                • Instruction ID: f480e276011a899979772de13001afc1087470c15d463ad9105e90d96796b070
                • Opcode Fuzzy Hash: 03bada734f8f47a2a71fd2e9b8a6a3ec79009c8a3c97d3a4072be9b50731548c
                • Instruction Fuzzy Hash: A2D05E36949219CFEB10DF18F844BE8BB75FB86218F0191D6D54D93222D7301E59CF52
                Function 06FF6948 Relevance: .0, Instructions: 16COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2177085424.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6ff0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: fcc788c89ca91730e34b729ea8219a5e8389f3dd18a4f57a8284d2c23dda9339
                • Instruction ID: eb3ca4896737b56c95c70c888170a960eca83e37b1b1d05cfcb785ebe8ae2e8b
                • Opcode Fuzzy Hash: fcc788c89ca91730e34b729ea8219a5e8389f3dd18a4f57a8284d2c23dda9339
                • Instruction Fuzzy Hash: 92D05272C0023CAB8B20AFE99C084EFFF79EF08A50F418122EA14AB104D7710A20CBC0
                Function 06E3A788 Relevance: .0, Instructions: 16COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2171383565.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6e30000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: fb015fb5a60f2c5e1bb7d8e2acbd198fde387082498b0940ac66f1a80f7e2303
                • Instruction ID: 4ed7f8c31f645c18a3696cd87cd426f46aa1ec29cd5548387c86fd32c8f3c22c
                • Opcode Fuzzy Hash: fb015fb5a60f2c5e1bb7d8e2acbd198fde387082498b0940ac66f1a80f7e2303
                • Instruction Fuzzy Hash: A1D05EB545A7864FCB83EB60A9948883F24A943228B0411DAD080CB6B7D6A0458A8F41
                Function 06FFC73E Relevance: .0, Instructions: 15COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2177085424.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6ff0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e7b2ea897457a008ed0fa3cfd2b53c4917bb59e7cd1b22f964f9495ab1a69fbc
                • Instruction ID: c3e751471721cbead4d7acee38598b3303d54379c4d803d940a17d2163e3d010
                • Opcode Fuzzy Hash: e7b2ea897457a008ed0fa3cfd2b53c4917bb59e7cd1b22f964f9495ab1a69fbc
                • Instruction Fuzzy Hash: 70E0C2714043489FD7818B60C14E8BA3F38FF46311B2802C0F5695A193DB39C843CF80
                Function 06FF7FA8 Relevance: .0, Instructions: 14COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2177085424.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6ff0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: bfd85cf9f190f18ef555332ff9b8b6df4886d95561849e69787425900ac2614c
                • Instruction ID: a17631d153f5df5df90c7d91e4e9c6ef73cce76b0ee69ed02b4b9288bead8702
                • Opcode Fuzzy Hash: bfd85cf9f190f18ef555332ff9b8b6df4886d95561849e69787425900ac2614c
                • Instruction Fuzzy Hash: 72D0C9361201099A4BC1EB95E840D52B7DDAB186407008422E604CA131E621E424D795
                Function 06FF3CD1 Relevance: .0, Instructions: 13COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2177085424.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6ff0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e5392d813c8578b87fffff227d6ef7a2c675dbfa128dc0fe4abf6b38865b86e6
                • Instruction ID: ae8650a38989340bc380bc80fb01754055452bdd71c3dcdf68c001a8e9e472e7
                • Opcode Fuzzy Hash: e5392d813c8578b87fffff227d6ef7a2c675dbfa128dc0fe4abf6b38865b86e6
                • Instruction Fuzzy Hash: 19C08C3F42217ADEAF99FBF1568A4687EDAAC043B13200159FB02762318A35104089F2
                Function 06E31D68 Relevance: .0, Instructions: 13COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2171383565.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6e30000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: cddc2fc21e9c8fcf6c9f99433640bc3ddd9dea44d00e5a01bcb4d45ca87f008d
                • Instruction ID: 8dac0d125846718719fecbd701db5d361f5a78e0b98c3fe27e2d39a4cda7366c
                • Opcode Fuzzy Hash: cddc2fc21e9c8fcf6c9f99433640bc3ddd9dea44d00e5a01bcb4d45ca87f008d
                • Instruction Fuzzy Hash: F2D0123111C3898EE78753A4A47A0C07F27B91231436916DBE084CB163D56605078706
                Function 06E318D9 Relevance: .0, Instructions: 13COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2171383565.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6e30000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: fa0243efa8aaae33c307f158c23c8caf2ac1291f33023fbd000eeace45dcdedc
                • Instruction ID: 0bf45dbfb9c98784dcf0a775707539dabba3e067cd4f9b7053c2db2d84b31535
                • Opcode Fuzzy Hash: fa0243efa8aaae33c307f158c23c8caf2ac1291f33023fbd000eeace45dcdedc
                • Instruction Fuzzy Hash: B7D080B78053848ED7435B64DED51953F349C2314431551C3E098CF166D325490D8735
                Function 06E3A920 Relevance: .0, Instructions: 13COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2171383565.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6e30000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c4d8bdd11175c2ca2b13d087af81c1384162febff1437bead5660012533cc1ef
                • Instruction ID: 91442b765091c1045e1e1de81898f795c1aac0d5fc979ec4ca7d520fde6b202c
                • Opcode Fuzzy Hash: c4d8bdd11175c2ca2b13d087af81c1384162febff1437bead5660012533cc1ef
                • Instruction Fuzzy Hash: 9BE0E27494020ACFD740CF68E099AADBBB0EB08310F218029E412FB260CB719844CF50
                Function 06FFA246 Relevance: .0, Instructions: 12COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2177085424.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6ff0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 727308df869889079bdf43c436862c7e984c8fd88723cb5ba9d2ad4bbf31e00d
                • Instruction ID: c5346f6899fb2cf0c7af0779175b8b79d6b09e1f1c0355e443b46dfa89b9c308
                • Opcode Fuzzy Hash: 727308df869889079bdf43c436862c7e984c8fd88723cb5ba9d2ad4bbf31e00d
                • Instruction Fuzzy Hash: 68C08C35840A09CBC2342BA1B60F374BB68FB4232BF480021E90C008208B7920A4DE62
                Function 06E3E071 Relevance: .0, Instructions: 12COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2171383565.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6e30000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0cf9895ea36f1315f39cfd14e2c14cf01744695359fa8b71661141b062ac5fc4
                • Instruction ID: 5fb46f3910e7694d7e09d1e44ed4e5ed025759e253faf915b7db2a48347e7898
                • Opcode Fuzzy Hash: 0cf9895ea36f1315f39cfd14e2c14cf01744695359fa8b71661141b062ac5fc4
                • Instruction Fuzzy Hash: AFC012B3A2E3C18FEB87163098162C43F65582320431E04EBC080CA2A7E92A4A46C322
                Function 06E31D40 Relevance: .0, Instructions: 12COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2171383565.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6e30000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b23834bf4095a7f97c561cd13654dd1756cfe8faec83bea8019ed5c72138b2aa
                • Instruction ID: b0eea358e35c4cc48be6ecfdc084a24d9ba876e25d1bca18906dcd5ff94c5f01
                • Opcode Fuzzy Hash: b23834bf4095a7f97c561cd13654dd1756cfe8faec83bea8019ed5c72138b2aa
                • Instruction Fuzzy Hash: 9EC0129280C3C40FEB86926048262C06FB12B23304B2A22D3C040CB253E21A860687A3
                Function 06E3CB60 Relevance: .0, Instructions: 12COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2171383565.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6e30000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b5d9040533a8c0584b8d2c7e618382cd0c207138b9ab67bfaf9486abcfc6b938
                • Instruction ID: 5fc864b32b8035acf2849cac8bc65d136f64bad895cbbcca0d977edcb0c916b0
                • Opcode Fuzzy Hash: b5d9040533a8c0584b8d2c7e618382cd0c207138b9ab67bfaf9486abcfc6b938
                • Instruction Fuzzy Hash: A5B0922272523A13DA48319D6824AEE738E8BC9A60F50007BA61F877858EC69C4102EA
                Function 06E318B0 Relevance: .0, Instructions: 11COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2171383565.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6e30000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4ddf1129bb07677754a9d57d24d592c924be81fcb95e1f0ec7f516957110e771
                • Instruction ID: d863ba81c1f2a9c92e631ca5b223065b71e3a27e5d1a6e646a3e246eb6f985da
                • Opcode Fuzzy Hash: 4ddf1129bb07677754a9d57d24d592c924be81fcb95e1f0ec7f516957110e771
                • Instruction Fuzzy Hash: 83C08C8BC0C7C88FCF13DA30E8EC1E03FA1867320072940E7C8808A66EE0A81809C783
                Function 06FFA248 Relevance: .0, Instructions: 10COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2177085424.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6ff0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 708f91dd4d29725b4be7fd1dc70757d54fad4bee6fcc39944e73c29cb8241e5d
                • Instruction ID: ac6e1bd8043968eb8f04f65e73a1a33486ffa3ca74b0e5fd9ad88355cf382df1
                • Opcode Fuzzy Hash: 708f91dd4d29725b4be7fd1dc70757d54fad4bee6fcc39944e73c29cb8241e5d
                • Instruction Fuzzy Hash: F5C08C30800A09CBC2242BA1B60F324B668FB4231BF480010990C000208B7920A4DE22
                Function 06FFE479 Relevance: .0, Instructions: 9COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2177085424.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6ff0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c379a01cc5a49d880b5c55e9dd13fa199d987458ac40cd32cfd371463c449d4e
                • Instruction ID: 7a35bfe5314eb87537c1bcc87573e0bfc851215783d480350b2c8eba36b9b0c0
                • Opcode Fuzzy Hash: c379a01cc5a49d880b5c55e9dd13fa199d987458ac40cd32cfd371463c449d4e
                • Instruction Fuzzy Hash: EBC012B4531256CFEB50DB64EA14B9876B5FF44219F0027D4D14A93294CA305D81CF40
                Function 06FF0418 Relevance: .0, Instructions: 9COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2177085424.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6ff0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5e01851cbbfcebf724b9982f8817fb5c593b57513226bdb9218a0bb25c9636e5
                • Instruction ID: 2b5ca95015a93ec50f1f519269e177d39e39a1e04cfdb03eeb46f5f5fded07d0
                • Opcode Fuzzy Hash: 5e01851cbbfcebf724b9982f8817fb5c593b57513226bdb9218a0bb25c9636e5
                • Instruction Fuzzy Hash: 6AC09B3A055104EED7C1BB54CD84C157AE5FF55700B40DC95739885070CA36C81CF715
                Function 06FF6358 Relevance: .0, Instructions: 9COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2177085424.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6ff0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: de2579cc10e69b94d43185af18b43f667fe400f0aee13be950bd3ba5636de24b
                • Instruction ID: 5647d8d07722eb5368a7e7cfea8ce5bb9474b60b533afc42d98172112efc565e
                • Opcode Fuzzy Hash: de2579cc10e69b94d43185af18b43f667fe400f0aee13be950bd3ba5636de24b
                • Instruction Fuzzy Hash: D5C012295081809EEB832720CC269003FA0BE2622434990E2A2E40F0B3880C80289719
                Function 06FF41E8 Relevance: .0, Instructions: 9COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2177085424.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6ff0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 42671c24ea2efc0340ae82cc3507a83fb284d176c60a8955a883c9b5d2a7c4e5
                • Instruction ID: 32b2fbafde563e4501e19b18fc62ca72ac7cc9b2ebd7444be71ba6dec71442ee
                • Opcode Fuzzy Hash: 42671c24ea2efc0340ae82cc3507a83fb284d176c60a8955a883c9b5d2a7c4e5
                • Instruction Fuzzy Hash: E1B0920F42C20E9876821389600003B35C82C602242400052170B094735802667101D2
                Function 06E317F0 Relevance: .0, Instructions: 9COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2171383565.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6e30000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: da20624b0a973bc744bb2362cad1bd408ce2016797afcaade8cd96f267a226c6
                • Instruction ID: 7150f405943e204b7733260d5eea638e41a576f9f084682ae869d58db5df09aa
                • Opcode Fuzzy Hash: da20624b0a973bc744bb2362cad1bd408ce2016797afcaade8cd96f267a226c6
                • Instruction Fuzzy Hash: C6C04C6295D3840EEF4766254D1514C3F24594333131987D7D070CA1E3C52845468616
                Function 06E38F91 Relevance: .0, Instructions: 9COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2171383565.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6e30000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 85f3365f10ad06f6cfdad53b353d964d92b76bcc753611f39730ebe499656fc0
                • Instruction ID: 8ca157754a264d614b9fad8f7a176310f6560f65db38de5d399f2621887d87a0
                • Opcode Fuzzy Hash: 85f3365f10ad06f6cfdad53b353d964d92b76bcc753611f39730ebe499656fc0
                • Instruction Fuzzy Hash: 7EC08C326097C28FCB034B30DC061083FA09F63309B1E48FAD1908E097DA298801C212
                Function 06FF6254 Relevance: .0, Instructions: 8COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2177085424.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6ff0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d571194054c5023258f7ea6ea36deb300d244b3ddb16255109650ad8193fed51
                • Instruction ID: 85d2b0889b5614349c0cf79d957cc76c5f84d14fda7cb21194100d9e4c509816
                • Opcode Fuzzy Hash: d571194054c5023258f7ea6ea36deb300d244b3ddb16255109650ad8193fed51
                • Instruction Fuzzy Hash: 3DB0123B675101F566C17BB84CC0A3FB421EFB7B00B408C093358D0070C8235424E16F
                Function 06E32C34 Relevance: .0, Instructions: 8COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2171383565.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6e30000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 652c64cb3935aa1e9a431f638f370f1d5c9c2f8b5ef74a41f50f0e4c64ba1d90
                • Instruction ID: 72939dbf9480588d2475a6e0d8b7ee8f115c480b5479ef4e83cc6770d152b2d2
                • Opcode Fuzzy Hash: 652c64cb3935aa1e9a431f638f370f1d5c9c2f8b5ef74a41f50f0e4c64ba1d90
                • Instruction Fuzzy Hash: B2C09B30211312CBDB045B24819C7753722FB42305F505C6DD145CD545CF374442CA85
                Function 06E32C04 Relevance: .0, Instructions: 8COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2171383565.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6e30000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 01aaa61be66d5b8f4cf87d18c3970f6f8c1c3a8f4dd57154a51cc3673065dd34
                • Instruction ID: 4010895aca00cee1092355d6e1640d3e99cfafb44cf39fbcdaa212a597b08a35
                • Opcode Fuzzy Hash: 01aaa61be66d5b8f4cf87d18c3970f6f8c1c3a8f4dd57154a51cc3673065dd34
                • Instruction Fuzzy Hash: 90C09230621201CBDB049B24A59C16A3B23FBC2309FA49CACF10A8E109CB379806CA59
                Function 06E32C14 Relevance: .0, Instructions: 8COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2171383565.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6e30000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0a3e61526bc13c43c03b10c7c5e3fae4552210c6af1cc25434b2781204ae7925
                • Instruction ID: a27b109e88dd150a9d91e812dd87f57ba4900b51a09c0eb7033f43a6fd9e3137
                • Opcode Fuzzy Hash: 0a3e61526bc13c43c03b10c7c5e3fae4552210c6af1cc25434b2781204ae7925
                • Instruction Fuzzy Hash: D9C09B30616301CBDB045F2485DC1B53732FBC1305F905C6CD1064D105CB778416C655
                Function 06E3A798 Relevance: .0, Instructions: 7COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2171383565.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6e30000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 1f66e89e1ff57fe43e83bef805cac80e44b921756cd3da9db2f4a96f3cf46271
                • Instruction ID: 443bbd84939fe399f27ae04d7db1b2200ad084f10db7979f5341d500ce0bf466
                • Opcode Fuzzy Hash: 1f66e89e1ff57fe43e83bef805cac80e44b921756cd3da9db2f4a96f3cf46271
                • Instruction Fuzzy Hash: 54C04C34812A17CBDF56EB18E548B143764B74132DF003198D0404667CC7F424C4CF80
                Function 06E31D78 Relevance: .0, Instructions: 7COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2171383565.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6e30000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 25f3076f77d9b724bc64e51d67d368b77acacfb9e6a9072a4a051ca8e89aa579
                • Instruction ID: 8a4030e5dbff7d8e1daeefb9f1dac6d65d5866708ed3a1896147bde5ec968259
                • Opcode Fuzzy Hash: 25f3076f77d9b724bc64e51d67d368b77acacfb9e6a9072a4a051ca8e89aa579
                • Instruction Fuzzy Hash: EAB0123002060ECFD6007768F41D5047F1FF540304BC05555F20CCB026EDE569548EC8
                Function 06E318E8 Relevance: .0, Instructions: 7COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2171383565.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6e30000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 1a5b383f553f0a95b1c6b357eeda46b85a5f99e140c36c7881c2be7404f2ed3a
                • Instruction ID: b586d13f46eacef4f862e9bc5c716b7e366d4e48ea99d3841c9e343bd22d5a43
                • Opcode Fuzzy Hash: 1a5b383f553f0a95b1c6b357eeda46b85a5f99e140c36c7881c2be7404f2ed3a
                • Instruction Fuzzy Hash: 7FB0123100060ECFD5007758F41E6047B1DE550305F405154F14D8E815DE7428404ED8
                Function 06FF3CFD Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2177085424.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6ff0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d6ec1e071ea9be98c9a9360046793430fa735daeae02201369847f9a03ad9ea7
                • Instruction ID: d980bde653326726164db9f119aa6e269cca9b4249afdde58019cec0080ced50
                • Opcode Fuzzy Hash: d6ec1e071ea9be98c9a9360046793430fa735daeae02201369847f9a03ad9ea7
                • Instruction Fuzzy Hash: 1A90022B82A0F5DD27E11625054002290D448041D834549D14A07E6361E016480111D5
                Function 06E3A680 Relevance: .0, Instructions: 2COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2171383565.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6e30000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d1ceecb0a48f8d63a26f28f6216268d69bd9503a7bf5be3b40b1769643a95285
                • Instruction ID: 0a3e0e1d569657bd3c5756f91e7282ca3d7c6587f97916b0386d8b91914f3328
                • Opcode Fuzzy Hash: d1ceecb0a48f8d63a26f28f6216268d69bd9503a7bf5be3b40b1769643a95285
                • Instruction Fuzzy Hash:

                Non-executed Functions

                Function 07460478 Relevance: .3, Instructions: 312COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2181733273.0000000007460000.00000040.00000800.00020000.00000000.sdmp, Offset: 07460000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7460000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c7a42bc4237234ffa3a414eb507b072c79d24135da0c4335a0ca21924444efc2
                • Instruction ID: 93756ca98bdb0a360ff8be6958d425f8e4c7e15f137edc2e6bcfa9338d50861e
                • Opcode Fuzzy Hash: c7a42bc4237234ffa3a414eb507b072c79d24135da0c4335a0ca21924444efc2
                • Instruction Fuzzy Hash: 6AE10AB4E0061A8FDB14DF98C584AAEBBB2FF89305F248169D419A7355D7309D42CFA1
                Function 07460040 Relevance: .3, Instructions: 312COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2181733273.0000000007460000.00000040.00000800.00020000.00000000.sdmp, Offset: 07460000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7460000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b784b1a5e3645df009fe9f5eb7aa0f1504783f55af4e0beab3d80d2474392262
                • Instruction ID: 5b4a982c4787959a682c2d4ee39e571dab3d05225fc033a5c48b38acd17969ad
                • Opcode Fuzzy Hash: b784b1a5e3645df009fe9f5eb7aa0f1504783f55af4e0beab3d80d2474392262
                • Instruction Fuzzy Hash: B7E12AB4E1061A8FDB14DF98C584AAEFBF2BF89305F24816AD418A7355D730AD42CF61
                Function 06FFE630 Relevance: .3, Instructions: 312COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2177085424.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6ff0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 24aab1685312093f804a6106f3c33dce4ee21bac76ca4d4b389264a7005f95b0
                • Instruction ID: 73ef1440563cc597db1aec484c0dd932cc70e96888167eedd5bd40e7df875247
                • Opcode Fuzzy Hash: 24aab1685312093f804a6106f3c33dce4ee21bac76ca4d4b389264a7005f95b0
                • Instruction Fuzzy Hash: A2E11A74E106199FDB54DFA8C580AAEFBF2BF89304F248169D518A7365D730AD42CFA0
                Function 06FFEEA0 Relevance: .3, Instructions: 312COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2177085424.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6ff0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 885e8b903c0b70555dfdcd0f160bc6e1a0201c7ac3482a4818363e9105c680f6
                • Instruction ID: e88079423bfbe5e62ee1338d808adcd5fa2608e54eac4984c2c7b2f1e4effdaf
                • Opcode Fuzzy Hash: 885e8b903c0b70555dfdcd0f160bc6e1a0201c7ac3482a4818363e9105c680f6
                • Instruction Fuzzy Hash: C0E11A74E106198FDB14DFA8C580AAEFBF2BF89304F248169D519A7355C731AD42CFA0
                Function 06FFEA68 Relevance: .3, Instructions: 312COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2177085424.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6ff0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 016f2e249b0dbc1aff8a7d39c4664d84164be0c585ada3fbc2c1edf133adba1f
                • Instruction ID: eb3af8cdf209cdd19af0712e233ea292ab78227ce2de355e786ca81c4bb9f66e
                • Opcode Fuzzy Hash: 016f2e249b0dbc1aff8a7d39c4664d84164be0c585ada3fbc2c1edf133adba1f
                • Instruction Fuzzy Hash: 2DE10B74E106199FDB14DF98C580AAEFBF2BF89304F248169D519A7365D7309D42CFA0
                Function 06FF6FCE Relevance: .3, Instructions: 278COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2177085424.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6ff0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 93fc3ed1fb383f81381d95f7a9cb3bc3fabc08f4b175da077bf28a53fc49c189
                • Instruction ID: a5fed9323e85a5d3f19c7d57db67785c105da524a3b2d77259318b394de6aedd
                • Opcode Fuzzy Hash: 93fc3ed1fb383f81381d95f7a9cb3bc3fabc08f4b175da077bf28a53fc49c189
                • Instruction Fuzzy Hash: DBE12A35D20B9ACADB10EB64D890A99B771FF95300F20D79AE0497B211EB706AC4CF91
                Function 06FF6FF8 Relevance: .3, Instructions: 264COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2177085424.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6ff0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 847ba85e8dd5c2887e17deef538b05cac5cbfdf2039725a81890b20af5538d25
                • Instruction ID: bc287eb8bd7afbd7f7f5ed354e7c8ad9b901117db9a4ca360c748d50b13cad26
                • Opcode Fuzzy Hash: 847ba85e8dd5c2887e17deef538b05cac5cbfdf2039725a81890b20af5538d25
                • Instruction Fuzzy Hash: 26D11935D20B5ACADB10EB64D890A99F7B1FF95300F20D79AE1097B211EB706AC4CF91
                Function 07460006 Relevance: .1, Instructions: 142COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2181733273.0000000007460000.00000040.00000800.00020000.00000000.sdmp, Offset: 07460000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_7460000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9db51f74e31b5d6646687de89730de78d9fb852ea70f54e12917c5b20efdfa59
                • Instruction ID: ec4d8e85ead8ff0f5a1782aa32564b9ea4987877f853aee885c2295878888e44
                • Opcode Fuzzy Hash: 9db51f74e31b5d6646687de89730de78d9fb852ea70f54e12917c5b20efdfa59
                • Instruction Fuzzy Hash: 86513DB0E042598FDB14CFA9C5805EEFBF2BF8A304F2481AAD419AB256D7315D42CF61
                Function 06E30CD8 Relevance: .0, Instructions: 32COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2171383565.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6e30000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 549ad165d1e6e178657114cdf9f5587907709289f02165a9adb20ae74214839e
                • Instruction ID: a43da82cd73e6aa5e37d2ee543dd33c7e3942eea24cb25f4b1248c8ca175d650
                • Opcode Fuzzy Hash: 549ad165d1e6e178657114cdf9f5587907709289f02165a9adb20ae74214839e
                • Instruction Fuzzy Hash: 59E0D875E5023487DBCC569894093F8B3B9EB46211F40653AC606FB351DE709455CAD1
                Function 06E30CE8 Relevance: .0, Instructions: 26COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2171383565.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6e30000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: db36fc13f2a67102371e70d9364324e49f3011d181bfb6edf0dc94b3e88babba
                • Instruction ID: 327e725cb29747a13b04280c16230b25cb4acee17eb0b68e18d556763a267393
                • Opcode Fuzzy Hash: db36fc13f2a67102371e70d9364324e49f3011d181bfb6edf0dc94b3e88babba
                • Instruction Fuzzy Hash: 70E02631D0026897CB58199898082E9B3B89B8A210F002036C50477240CBB06414CAE5

                Execution Graph

                Execution Coverage:0.7%
                Dynamic/Decrypted Code Coverage:5.2%
                Signature Coverage:9.5%
                Total number of Nodes:116
                Total number of Limit Nodes:11
                execution_graph 95105 425163 95110 42517c 95105->95110 95106 42520c 95107 4251c7 95113 42eb03 95107->95113 95110->95106 95110->95107 95111 425207 95110->95111 95112 42eb03 RtlFreeHeap 95111->95112 95112->95106 95116 42cdb3 95113->95116 95115 4251d7 95117 42cdcd 95116->95117 95118 42cdde RtlFreeHeap 95117->95118 95118->95115 95119 42fc03 95120 42fc13 95119->95120 95121 42fc19 95119->95121 95124 42ebe3 95121->95124 95123 42fc3f 95127 42cd63 95124->95127 95126 42ebfe 95126->95123 95128 42cd80 95127->95128 95129 42cd91 RtlAllocateHeap 95128->95129 95129->95126 95130 42c023 95131 42c03d 95130->95131 95134 1122df0 LdrInitializeThunk 95131->95134 95132 42c065 95134->95132 95149 424dd3 95150 424def 95149->95150 95151 424e17 95150->95151 95152 424e2b 95150->95152 95154 42ca43 NtClose 95151->95154 95153 42ca43 NtClose 95152->95153 95155 424e34 95153->95155 95156 424e20 95154->95156 95159 42ec23 RtlAllocateHeap 95155->95159 95158 424e3f 95159->95158 95160 42fd33 95161 42fca3 95160->95161 95162 42fd00 95161->95162 95163 42ebe3 RtlAllocateHeap 95161->95163 95164 42fcdd 95163->95164 95165 42eb03 RtlFreeHeap 95164->95165 95165->95162 95166 417b73 95168 417b97 95166->95168 95167 417b9e 95168->95167 95169 417bd3 LdrLoadDll 95168->95169 95170 417bea 95168->95170 95169->95170 95171 414155 95173 4140e3 95171->95173 95176 41415b 95171->95176 95172 41414c 95173->95172 95182 41b7e3 RtlFreeHeap LdrInitializeThunk 95173->95182 95175 414142 95178 4141b3 95176->95178 95179 413ee3 95176->95179 95183 42ccd3 95179->95183 95182->95175 95184 42ccf0 95183->95184 95187 1122c70 LdrInitializeThunk 95184->95187 95185 413f05 95185->95178 95187->95185 95135 424964 95138 424985 95135->95138 95136 4249a3 95139 42ca43 NtClose 95136->95139 95137 4249b8 95146 42ca43 95137->95146 95138->95136 95138->95137 95141 4249ac 95139->95141 95142 4249f8 95143 4249c1 95143->95142 95144 42eb03 RtlFreeHeap 95143->95144 95145 4249ec 95144->95145 95147 42ca5d 95146->95147 95148 42ca6e NtClose 95147->95148 95148->95143 95188 401b58 95189 401b60 95188->95189 95192 4300d3 95189->95192 95195 42e6b3 95192->95195 95196 42e6d9 95195->95196 95205 407713 95196->95205 95198 42e6ef 95204 401c1a 95198->95204 95208 41b4d3 95198->95208 95200 42e723 95219 42ce03 95200->95219 95201 42e70e 95201->95200 95202 42ce03 ExitProcess 95201->95202 95202->95200 95207 407720 95205->95207 95222 416833 95205->95222 95207->95198 95209 41b4ff 95208->95209 95240 41b3c3 95209->95240 95212 41b544 95215 42ca43 NtClose 95212->95215 95216 41b560 95212->95216 95213 41b52c 95214 42ca43 NtClose 95213->95214 95217 41b537 95213->95217 95214->95217 95218 41b556 95215->95218 95216->95201 95217->95201 95218->95201 95220 42ce1d 95219->95220 95221 42ce2e ExitProcess 95220->95221 95221->95204 95223 416850 95222->95223 95225 416869 95223->95225 95226 42d4a3 95223->95226 95225->95207 95228 42d4bd 95226->95228 95227 42d4ec 95227->95225 95228->95227 95233 42c073 95228->95233 95231 42eb03 RtlFreeHeap 95232 42d562 95231->95232 95232->95225 95234 42c08d 95233->95234 95237 1122c0a 95234->95237 95235 42c0b9 95235->95231 95238 1122c11 95237->95238 95239 1122c1f LdrInitializeThunk 95237->95239 95238->95235 95239->95235 95241 41b3dd 95240->95241 95245 41b4b9 95240->95245 95246 42c113 95241->95246 95244 42ca43 NtClose 95244->95245 95245->95212 95245->95213 95247 42c12d 95246->95247 95250 11235c0 LdrInitializeThunk 95247->95250 95248 41b4ad 95248->95244 95250->95248

                Executed Functions

                Function 00417B73 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 32 417b73-417b8f 33 417b97-417b9c 32->33 34 417b92 call 42f803 32->34 35 417ba2-417bb0 call 42fd43 33->35 36 417b9e-417ba1 33->36 34->33 39 417bc0-417bd1 call 42e183 35->39 40 417bb2-417bbd call 42ffe3 35->40 45 417bd3-417be7 LdrLoadDll 39->45 46 417bea-417bed 39->46 40->39 45->46
                APIs
                • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417BE5
                Memory Dump Source
                • Source File: 00000007.00000002.2368050884.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_400000_L3pFsxNFICpBGmi.jbxd
                Yara matches
                Similarity
                • API ID: Load
                • String ID:
                • API String ID: 2234796835-0
                • Opcode ID: 9e173bac9e998f91ec62337e881a10f1564ea79f98b7e9c9f23f537f950374ce
                • Instruction ID: f1a813425829dfc3cc5f35016a9730128de48c9d29fe72e3326ff0938bdf192b
                • Opcode Fuzzy Hash: 9e173bac9e998f91ec62337e881a10f1564ea79f98b7e9c9f23f537f950374ce
                • Instruction Fuzzy Hash: B5015EB5E0420DABDB10EAE5DC42FDEB7789B54308F4081AAE90897240F634EB588B95
                Function 0042CA43 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 57 42ca43-42ca7c call 404a23 call 42dc83 NtClose
                APIs
                • NtClose.NTDLL(?,?,00000000,00000000,0000001F,?,FA0A1F00), ref: 0042CA77
                Memory Dump Source
                • Source File: 00000007.00000002.2368050884.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_400000_L3pFsxNFICpBGmi.jbxd
                Yara matches
                Similarity
                • API ID: Close
                • String ID:
                • API String ID: 3535843008-0
                • Opcode ID: de5ffae0d2ab9afd1ce0f4699812a9bf6bad2eb2f68e067275561a1b7d5a4720
                • Instruction ID: 3f85b738a6fae9cbda61b132b1e202101e12d7a552385ed5f0db283232dff877
                • Opcode Fuzzy Hash: de5ffae0d2ab9afd1ce0f4699812a9bf6bad2eb2f68e067275561a1b7d5a4720
                • Instruction Fuzzy Hash: 62E04F767002147BD520EA6ADC01FDBB75DDBC5714F00441AFA08A7241C6B5790187F4
                Function 01122DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 72 1122df0-1122dfc LdrInitializeThunk
                APIs
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID: InitializeThunk
                • String ID:
                • API String ID: 2994545307-0
                • Opcode ID: b5bd61b1da55638604b28812931f6a04a37d5e5e64c3475905505c7bd36a9322
                • Instruction ID: e1fddb673f2be0ca53276839bd452b7e5ad0cdb08347af23e11e74a71b5f025b
                • Opcode Fuzzy Hash: b5bd61b1da55638604b28812931f6a04a37d5e5e64c3475905505c7bd36a9322
                • Instruction Fuzzy Hash: 1190023120140413D51572584604707101997D0241F95C512B0429558DD7568A53B221
                Function 01122C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 71 1122c70-1122c7c LdrInitializeThunk
                APIs
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID: InitializeThunk
                • String ID:
                • API String ID: 2994545307-0
                • Opcode ID: 510f6348a4ccee0e48eae253c6976a8b75c3c88d2b689bd26606c9c11393122d
                • Instruction ID: c099d50911fa8e872c9bffbfd2fd4f2f1ed6e56d4b24c3ad2f10dfb057adc6d6
                • Opcode Fuzzy Hash: 510f6348a4ccee0e48eae253c6976a8b75c3c88d2b689bd26606c9c11393122d
                • Instruction Fuzzy Hash: 5090023120148802D5147258850474A101597D0301F59C511B4429658DC79589927221
                Function 011235C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 73 11235c0-11235cc LdrInitializeThunk
                APIs
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID: InitializeThunk
                • String ID:
                • API String ID: 2994545307-0
                • Opcode ID: 3045e752591c9302c174fda39f03668ae5ab675ae19d6606bbaf77d6a25a7495
                • Instruction ID: e03dd4fa2bf916ffef11fa46db0b4445a30cf07117a34fe683369122f974121b
                • Opcode Fuzzy Hash: 3045e752591c9302c174fda39f03668ae5ab675ae19d6606bbaf77d6a25a7495
                • Instruction Fuzzy Hash: 7490023160550402D50472584614706201597D0201F65C511B0429568DC7958A5276A2
                Function 0042CD63 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 47 42cd63-42cda7 call 404a23 call 42dc83 RtlAllocateHeap
                APIs
                • RtlAllocateHeap.NTDLL(?,0041E994,?,?,00000000,?,0041E994,?,?,?), ref: 0042CDA2
                Memory Dump Source
                • Source File: 00000007.00000002.2368050884.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_400000_L3pFsxNFICpBGmi.jbxd
                Yara matches
                Similarity
                • API ID: AllocateHeap
                • String ID:
                • API String ID: 1279760036-0
                • Opcode ID: 646d3875ef9c0209508830cdce0a3f807bdd8064bdb556986faadfef02b72d7f
                • Instruction ID: a9755847b8f7fc8936bc71d5921f001ffbe3c154c09595576a594e9ed49cb2cf
                • Opcode Fuzzy Hash: 646d3875ef9c0209508830cdce0a3f807bdd8064bdb556986faadfef02b72d7f
                • Instruction Fuzzy Hash: C7E06DB23002047BD610EE5ADC41FDB73ACEFC9710F40041AFA08A7241C674B9108BB8
                Function 0042CDB3 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 52 42cdb3-42cdf4 call 404a23 call 42dc83 RtlFreeHeap
                APIs
                • RtlFreeHeap.NTDLL(00000000,00000004,00000000,E5153B9E,00000007,00000000,00000004,00000000,004173F8,000000F4), ref: 0042CDEF
                Memory Dump Source
                • Source File: 00000007.00000002.2368050884.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_400000_L3pFsxNFICpBGmi.jbxd
                Yara matches
                Similarity
                • API ID: FreeHeap
                • String ID:
                • API String ID: 3298025750-0
                • Opcode ID: 9a25dd29a00e8cbc58a10105d562df41ab70c1ddf91834659a8815447e955c5a
                • Instruction ID: adfceb79ed4d4921ce0916ab3cdb8f9340cf97b65b0a8bd9bf6e1cfb375efa3c
                • Opcode Fuzzy Hash: 9a25dd29a00e8cbc58a10105d562df41ab70c1ddf91834659a8815447e955c5a
                • Instruction Fuzzy Hash: 38E06DB2604204BBD610EF5AEC41FDB73ACDFC9710F00401AFA08A7241C670B910CBB8
                Function 0042CE03 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 62 42ce03-42ce3c call 404a23 call 42dc83 ExitProcess
                APIs
                Memory Dump Source
                • Source File: 00000007.00000002.2368050884.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_400000_L3pFsxNFICpBGmi.jbxd
                Yara matches
                Similarity
                • API ID: ExitProcess
                • String ID:
                • API String ID: 621844428-0
                • Opcode ID: 7e94c6fcf24ff299485eb4fb0f30250cfb64164ac28c15d7ab8d0965dda76e7f
                • Instruction ID: 9736b9bdb1b5aa7ca958dc2407063ce35edadc7bbde78693628e52dcee4bc416
                • Opcode Fuzzy Hash: 7e94c6fcf24ff299485eb4fb0f30250cfb64164ac28c15d7ab8d0965dda76e7f
                • Instruction Fuzzy Hash: C3E04F722006147BD610EA5ADC01F97775CDBC5714F00401AFA08B7141C674791587E8
                Function 01122C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 67 1122c0a-1122c0f 68 1122c11-1122c18 67->68 69 1122c1f-1122c26 LdrInitializeThunk 67->69
                APIs
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID: InitializeThunk
                • String ID:
                • API String ID: 2994545307-0
                • Opcode ID: 1d856636aabe3af2ce5659c8968ae72e10f1beaad2718cf3e32a47e30b6cb8f3
                • Instruction ID: 26863c7f17c253638e8827030bdf1c7c95de8afc2856a452c68058eab99d2550
                • Opcode Fuzzy Hash: 1d856636aabe3af2ce5659c8968ae72e10f1beaad2718cf3e32a47e30b6cb8f3
                • Instruction Fuzzy Hash: CAB09B719015D5C5DE15E764470871B791077D0701F25C161E2034741F4738C1E1F275

                Non-executed Functions

                Function 01162349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
                • API String ID: 0-2160512332
                • Opcode ID: 484f4a05368055cc714462b8ec982517464df39daf8cb2f78f2a0363e9c11212
                • Instruction ID: f7684150457b6e34ee95daffd9a1ff61cd6c0a4d8fa3ccdd49fe79f2b31f1298
                • Opcode Fuzzy Hash: 484f4a05368055cc714462b8ec982517464df39daf8cb2f78f2a0363e9c11212
                • Instruction Fuzzy Hash: 36928D71604742AFE729CF28C880F6BB7E8BB84754F04492DFA94DB290D775E854CB92
                Function 01118620 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
                Download Yara Rule
                Strings
                • Invalid debug info address of this critical section, xrefs: 011554B6
                • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 0115540A, 01155496, 01155519
                • Critical section debug info address, xrefs: 0115541F, 0115552E
                • corrupted critical section, xrefs: 011554C2
                • Thread identifier, xrefs: 0115553A
                • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 011554E2
                • Thread is in a state in which it cannot own a critical section, xrefs: 01155543
                • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 011554CE
                • 8, xrefs: 011552E3
                • double initialized or corrupted critical section, xrefs: 01155508
                • Address of the debug info found in the active list., xrefs: 011554AE, 011554FA
                • undeleted critical section in freed memory, xrefs: 0115542B
                • Critical section address., xrefs: 01155502
                • Critical section address, xrefs: 01155425, 011554BC, 01155534
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
                • API String ID: 0-2368682639
                • Opcode ID: 0ecf7460d0403c387b596d9eb6a6fb4aca91834cac7d8111468f985bcec43df3
                • Instruction ID: 12cf13c145b5e811ed4c287472b155de9cf42ac40faee1a6d5116db5e231e445
                • Opcode Fuzzy Hash: 0ecf7460d0403c387b596d9eb6a6fb4aca91834cac7d8111468f985bcec43df3
                • Instruction Fuzzy Hash: 2B81B2B0A41358EFDBA8CF99C840BAEBBB5FB08B04F10811EF954BB241D375A941CB54
                Function 011129F9 Relevance: 14.2, Strings: 11, Instructions: 411COMMON
                Download Yara Rule
                Strings
                • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 01152412
                • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 01152624
                • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 011524C0
                • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 01152506
                • RtlpResolveAssemblyStorageMapEntry, xrefs: 0115261F
                • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 011522E4
                • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 01152409
                • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 01152602
                • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 011525EB
                • @, xrefs: 0115259B
                • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 01152498
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
                • API String ID: 0-4009184096
                • Opcode ID: 07b7cdaf2b73e0d24e4c20a11a3a6935ede9415172fa0d5d9161380b47fe48ba
                • Instruction ID: 82125bcbcd40db45198a72ba85f55473e6522a377430422fb4a5d548011f02cf
                • Opcode Fuzzy Hash: 07b7cdaf2b73e0d24e4c20a11a3a6935ede9415172fa0d5d9161380b47fe48ba
                • Instruction Fuzzy Hash: 0F028FB2D00229DBDB69DB54CC80BD9F7B8AB54304F1141EAEB49A7241EB309F84CF59
                Function 01188B42 Relevance: 12.6, Strings: 10, Instructions: 146COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
                • API String ID: 0-2515994595
                • Opcode ID: c60793308c3ce5829545391a3cfbd5b19ea547a89adaba84d67a5a9f185f5780
                • Instruction ID: e8a7f3fcf21322242e366a6dfd931f635b2750d829493bb65a1dd3af09d894d2
                • Opcode Fuzzy Hash: c60793308c3ce5829545391a3cfbd5b19ea547a89adaba84d67a5a9f185f5780
                • Instruction Fuzzy Hash: B251CE715043119BC32DEF18C884BEBBBE8BFD4654F948A2DE999C3284E770D604CB92
                Function 01190274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                • API String ID: 0-1700792311
                • Opcode ID: 0c3c47d3ff68eab170234a4ce036977c075a26d6e0e9d4ddd5f40699a831e06c
                • Instruction ID: 1938bf8db7feaf4a3cb1a44401c12d0379fa9d9f458a4325f59713251b49182d
                • Opcode Fuzzy Hash: 0c3c47d3ff68eab170234a4ce036977c075a26d6e0e9d4ddd5f40699a831e06c
                • Instruction Fuzzy Hash: 90D10B31601682EFDF2ADF68C440AAEBBF5FF4A704F098059F5A59B612C734A980CB55
                Function 011689B3 Relevance: 9.0, Strings: 7, Instructions: 259COMMON
                Download Yara Rule
                Strings
                • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 01168A3D
                • VerifierDebug, xrefs: 01168CA5
                • VerifierDlls, xrefs: 01168CBD
                • HandleTraces, xrefs: 01168C8F
                • AVRF: -*- final list of providers -*- , xrefs: 01168B8F
                • VerifierFlags, xrefs: 01168C50
                • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 01168A67
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
                • API String ID: 0-3223716464
                • Opcode ID: ad25fb909078c9c8929f97223b3dfef63ed3cd373a1d4f9b389940df648abc4a
                • Instruction ID: 1bbd59ec9fe85c30575e6de923fa4cf5ea3eb95d848c7f34c527f31882a554c3
                • Opcode Fuzzy Hash: ad25fb909078c9c8929f97223b3dfef63ed3cd373a1d4f9b389940df648abc4a
                • Instruction Fuzzy Hash: DD914871642716EFD72DDF68C880F9ABBADAB54754F05042CFA80AB240C772DC55CBA2
                Function 010EEA80 Relevance: 8.6, Strings: 6, Instructions: 1073COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T${
                • API String ID: 0-1109411897
                • Opcode ID: 6ba7161115149a05c7fdd654515bca5270e7c308ceefd8b20fc91d978ec9f4c6
                • Instruction ID: e4eb067ab9d73550791769401684b65d20b7d842d6aac992ef11a947ffe9ac8f
                • Opcode Fuzzy Hash: 6ba7161115149a05c7fdd654515bca5270e7c308ceefd8b20fc91d978ec9f4c6
                • Instruction Fuzzy Hash: 53A25774A0562A8FDB68DF19CC987ADBBF1AF49704F1442E9D94DA7690DB309E81CF00
                Function 011163FF Relevance: 7.8, Strings: 6, Instructions: 261COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                • API String ID: 0-792281065
                • Opcode ID: 9ab6fd6cad2f6caa6d319f1774e22078e7f7bb8cf27ac5a11df510b2ce79d82a
                • Instruction ID: 427ab38404745818e2355960028d70d48cf2fd6de9604ba264937ddee60b2679
                • Opcode Fuzzy Hash: 9ab6fd6cad2f6caa6d319f1774e22078e7f7bb8cf27ac5a11df510b2ce79d82a
                • Instruction Fuzzy Hash: F0916B71B42721DBDB7DDF18D884BAD7BB1BF10B58F010138D9206BA84E7B19881C791
                Function 010D645D Relevance: 7.6, Strings: 6, Instructions: 150COMMON
                Download Yara Rule
                Strings
                • Loading the shim user DLL failed with status 0x%08lx, xrefs: 01139A2A
                • Building shim user DLL system32 filename failed with status 0x%08lx, xrefs: 011399ED
                • minkernel\ntdll\ldrinit.c, xrefs: 01139A11, 01139A3A
                • Getting the shim user exports failed with status 0x%08lx, xrefs: 01139A01
                • apphelp.dll, xrefs: 010D6496
                • LdrpInitShimEngine, xrefs: 011399F4, 01139A07, 01139A30
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID: Building shim user DLL system32 filename failed with status 0x%08lx$Getting the shim user exports failed with status 0x%08lx$LdrpInitShimuser$Loading the shim user DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                • API String ID: 0-204845295
                • Opcode ID: 46063abfc57cf4d251eae9bd942a6dc9a12dcb87d8da9adce8801ae97658d768
                • Instruction ID: d137f6a7f659820ca579e6b983b489412f55d1054061b2e8a436c6cfad48d23b
                • Opcode Fuzzy Hash: 46063abfc57cf4d251eae9bd942a6dc9a12dcb87d8da9adce8801ae97658d768
                • Instruction Fuzzy Hash: B751E2712093099FD728DF28C881BAB77E4FB84748F000A2EF5D59B154DB71E945CB92
                Function 01112674 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                Download Yara Rule
                Strings
                • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 01152180
                • RtlGetAssemblyStorageRoot, xrefs: 01152160, 0115219A, 011521BA
                • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 0115219F
                • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 011521BF
                • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 01152178
                • SXS: %s() passed the empty activation context, xrefs: 01152165
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                • API String ID: 0-861424205
                • Opcode ID: 6ceb368f1d862e859f04735f36e822d9789e76b69828465693430a30fc1807b7
                • Instruction ID: 403bd8652226ca9a1c6ee9f52cac8b4edadab00a174fdbb7510c315515401ea2
                • Opcode Fuzzy Hash: 6ceb368f1d862e859f04735f36e822d9789e76b69828465693430a30fc1807b7
                • Instruction Fuzzy Hash: 35310536B40215F7E7298A9A9C81F6FBB68DB65E90F15006DFB14BB144D3709A01CBA1
                Function 0111C6A6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                Download Yara Rule
                Strings
                • LdrpInitializeImportRedirection, xrefs: 01158177, 011581EB
                • Loading import redirection DLL: '%wZ', xrefs: 01158170
                • minkernel\ntdll\ldrinit.c, xrefs: 0111C6C3
                • Unable to build import redirection Table, Status = 0x%x, xrefs: 011581E5
                • minkernel\ntdll\ldrredirect.c, xrefs: 01158181, 011581F5
                • LdrpInitializeProcess, xrefs: 0111C6C4
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
                • API String ID: 0-475462383
                • Opcode ID: 021bdf8390cc2fad61f61b86eb4fe28a63faaecee57f6b3df02869f3e4f19e3f
                • Instruction ID: b8f93b4f4674c6c6d4a67c54c6220f9a66d0f9f009dee6f6665b19ff4d78de33
                • Opcode Fuzzy Hash: 021bdf8390cc2fad61f61b86eb4fe28a63faaecee57f6b3df02869f3e4f19e3f
                • Instruction Fuzzy Hash: 2F312671A457069FC31CEB29D846E2EB7A4AF94B14F05092CF9905B391E720EC04CBA2
                Function 0112096E Relevance: 6.6, APIs: 4, Instructions: 606COMMON
                Download Yara Rule
                APIs
                  • Part of subcall function 01122DF0: LdrInitializeThunk.NTDLL ref: 01122DFA
                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01120BA3
                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01120BB6
                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01120D60
                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01120D74
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
                • String ID:
                • API String ID: 1404860816-0
                • Opcode ID: fe272326a0287352fd7b6be3ca242f5950ad421c10b561c35c613156ab13d133
                • Instruction ID: bf2fccc7ae8edacbe3cc5b9dd7abfbc71ce7c4089e42a0aaba5c490b4d1e8db2
                • Opcode Fuzzy Hash: fe272326a0287352fd7b6be3ca242f5950ad421c10b561c35c613156ab13d133
                • Instruction Fuzzy Hash: AC428E71900729DFDB69CF28C880BAAB7F5FF08314F0445A9E999DB241E770A994CF61
                Function 010EA3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                • API String ID: 0-379654539
                • Opcode ID: e4b5cb13f599018ba79da936ccedc9cf145ede5948f03ddceaf360ba5af3e788
                • Instruction ID: c08d8ac770ca43c7f5b760e61663ea762d8d27a476a54c7bd3bcd6efb89f453f
                • Opcode Fuzzy Hash: e4b5cb13f599018ba79da936ccedc9cf145ede5948f03ddceaf360ba5af3e788
                • Instruction Fuzzy Hash: EFC1ACB5608382CFD715CF5AC048B6ABBE4FF88704F04896AF9D58B251E734CA49CB56
                Function 01118402 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
                Download Yara Rule
                Strings
                • @, xrefs: 01118591
                • minkernel\ntdll\ldrinit.c, xrefs: 01118421
                • LdrpInitializeProcess, xrefs: 01118422
                • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 0111855E
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
                • API String ID: 0-1918872054
                • Opcode ID: 27749f3ebcb4651341629509e66dc69520632d47bd8c173333f872e9c2af8a83
                • Instruction ID: 9592313bb82872362026bbca9a3e799c1ef12de03404d6f1caa016fbafdb180a
                • Opcode Fuzzy Hash: 27749f3ebcb4651341629509e66dc69520632d47bd8c173333f872e9c2af8a83
                • Instruction Fuzzy Hash: 5A919871548345AFD769DF25CC80FAFBAE8FF88688F40492EFA8496154E734D904CB62
                Function 0111273C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
                Download Yara Rule
                Strings
                • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 011521D9, 011522B1
                • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 011522B6
                • SXS: %s() passed the empty activation context, xrefs: 011521DE
                • .Local, xrefs: 011128D8
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                • API String ID: 0-1239276146
                • Opcode ID: 2ef668d92542a1a0bc0307d44e5e811920ee05159f9155643058ed730aad4fbe
                • Instruction ID: ae2fe85fbc247fec0dd63514d609608f72a7bd9a6ed8c62770b76d082ff34597
                • Opcode Fuzzy Hash: 2ef668d92542a1a0bc0307d44e5e811920ee05159f9155643058ed730aad4fbe
                • Instruction Fuzzy Hash: 45A1C03590022EDFDB28CF68C884BA9B7B1BF58354F2541F9D958AB255E7309E80CF91
                Function 010E64AB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
                Download Yara Rule
                Strings
                • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 01140FE5
                • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 01141028
                • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 0114106B
                • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 011410AE
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                • API String ID: 0-1468400865
                • Opcode ID: 044b3583f401c5d5069766835c3ea6b549f9964c4bc5d5c7d88f0381a12082d5
                • Instruction ID: 54167c1df088d67b46889825b90b029139ec80960dc8c477848b634ba294bd9c
                • Opcode Fuzzy Hash: 044b3583f401c5d5069766835c3ea6b549f9964c4bc5d5c7d88f0381a12082d5
                • Instruction Fuzzy Hash: D671D172A043159FCB21DF19D885F9B7FE8AFA4764F000468F9888B146D735D588CBD2
                Function 0110245A Relevance: 5.1, Strings: 4, Instructions: 111COMMON
                Download Yara Rule
                Strings
                • LdrpDynamicShimModule, xrefs: 0114A998
                • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 0114A992
                • minkernel\ntdll\ldrinit.c, xrefs: 0114A9A2
                • apphelp.dll, xrefs: 01102462
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
                • API String ID: 0-176724104
                • Opcode ID: 07ea971934e8cd8e59dfa3be4dcf57ac0a205d103111ad69c05d5501314bcecc
                • Instruction ID: d67e32dd76fb68d841e89038468b29aa4481737bdd22b61fb6796beedaf305f3
                • Opcode Fuzzy Hash: 07ea971934e8cd8e59dfa3be4dcf57ac0a205d103111ad69c05d5501314bcecc
                • Instruction Fuzzy Hash: 86315D76A42301EBD73D9F5DD885AAE77B4FF84F04F170029E521A7245D7B05881C781
                Function 010F29A0 Relevance: 4.7, Strings: 3, Instructions: 966COMMON
                Download Yara Rule
                Strings
                • HEAP: , xrefs: 010F3264
                • Unable to release memory at %p for %Ix bytes - Status == %x, xrefs: 010F327D
                • HEAP[%wZ]: , xrefs: 010F3255
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
                • API String ID: 0-617086771
                • Opcode ID: 9f117da4a85091aeb9ca6e0a03df050bab9eb29dbb9b0bed351423f47c3c94d7
                • Instruction ID: 986fbd5a99947162755ff6e160e587e101ff0c7e38fd00f474f55206f373e2c4
                • Opcode Fuzzy Hash: 9f117da4a85091aeb9ca6e0a03df050bab9eb29dbb9b0bed351423f47c3c94d7
                • Instruction Fuzzy Hash: 9A92CC70A042499FDB29CF68C4417AEBBF1FF48314F1880ADEA95ABB91D734A945CF50
                Function 010F0770 Relevance: 4.2, Strings: 3, Instructions: 414COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                • API String ID: 0-4253913091
                • Opcode ID: 3d1b26081babfdb1e3f5bbb84079bd3daa64b188c923f3ffc78f20b9136c1079
                • Instruction ID: 4910f67db566b6ef38aecf5179ad07b352529197d2a5e7235da37abfaecbd566
                • Opcode Fuzzy Hash: 3d1b26081babfdb1e3f5bbb84079bd3daa64b188c923f3ffc78f20b9136c1079
                • Instruction Fuzzy Hash: 7CF1BF34600606DFEB19CF68C881B6AB7F2FF44704F1481ADE6969B746D734E981CB90
                Function 01106962 Relevance: 4.0, Strings: 2, Instructions: 1492COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID: $@
                • API String ID: 0-1077428164
                • Opcode ID: 11d20c8d87f1c60bd0b7e1113aef2735d23270e48d5f63b050942e5569de940a
                • Instruction ID: 1a40960b5647ee77ce7edc438b15b2904f26ab665c85c11cd7056f7a6fe62b4f
                • Opcode Fuzzy Hash: 11d20c8d87f1c60bd0b7e1113aef2735d23270e48d5f63b050942e5569de940a
                • Instruction Fuzzy Hash: 34C28371A093419FD72ACF28C441BABBBE5AF88754F05892DF9C9C7281D774E805CB92
                Function 010DA197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID: FilterFullPath$UseFilter$\??\
                • API String ID: 0-2779062949
                • Opcode ID: 83fdffeafabee1c7d233435f9eeea1aeb68c55aa483bff895b897b89bca75f7d
                • Instruction ID: fad85ead06308bcf467994d1a3a3e74941b40b1fb3f38ff95bcd47861820c55e
                • Opcode Fuzzy Hash: 83fdffeafabee1c7d233435f9eeea1aeb68c55aa483bff895b897b89bca75f7d
                • Instruction Fuzzy Hash: 4EA16D719016299BDB35DF28CC88BEEB7B8EF44714F1001EAEA09A7250D7359E84CF94
                Function 01100BCB Relevance: 4.0, Strings: 3, Instructions: 210COMMON
                Download Yara Rule
                Strings
                • Failed to allocated memory for shimmed module list, xrefs: 0114A10F
                • LdrpCheckModule, xrefs: 0114A117
                • minkernel\ntdll\ldrinit.c, xrefs: 0114A121
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                • API String ID: 0-161242083
                • Opcode ID: 1a5a9ef58225bb54f92568f1cec2e90167a7dc586d9f5a73dd8ebf93bd75244f
                • Instruction ID: 5b6ef7bcd52770280c7ddc0f0c7a9b5759c2400fbf46c62ff7384b25c0b4edd9
                • Opcode Fuzzy Hash: 1a5a9ef58225bb54f92568f1cec2e90167a7dc586d9f5a73dd8ebf93bd75244f
                • Instruction Fuzzy Hash: 06710E71E012069FDB2EDF68CA81BAEB7F4FF48744F05406DE512AB280E770A981CB51
                Function 010F0A5B Relevance: 3.9, Strings: 3, Instructions: 190COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
                • API String ID: 0-1334570610
                • Opcode ID: 06c0706873e28db5ce257b623ff9d82bfceec74a9793ad72dcedc07a196b9314
                • Instruction ID: 60b335ea7f5292c87ab1245b2a1f82a628d602e5739ad863ae0e315ad99f2835
                • Opcode Fuzzy Hash: 06c0706873e28db5ce257b623ff9d82bfceec74a9793ad72dcedc07a196b9314
                • Instruction Fuzzy Hash: A061D170604305DFDB69CF28C841BAABBE2FF45704F1485ADE5958F68AD770E881CB91
                Function 0111C720 Relevance: 3.9, Strings: 3, Instructions: 141COMMON
                Download Yara Rule
                Strings
                • Failed to reallocate the system dirs string !, xrefs: 011582D7
                • minkernel\ntdll\ldrinit.c, xrefs: 011582E8
                • LdrpInitializePerUserWindowsDirectory, xrefs: 011582DE
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                • API String ID: 0-1783798831
                • Opcode ID: f9fccc3bea8949e22949c83abc9d3126d51930819074d75d214a259cd99d1671
                • Instruction ID: 0df90fbc1aea3e5ace61e40ec523c2d1e26b369eea0bb8b332ea04e2af42935e
                • Opcode Fuzzy Hash: f9fccc3bea8949e22949c83abc9d3126d51930819074d75d214a259cd99d1671
                • Instruction Fuzzy Hash: 33414171546711ABC72DEB68D885B9BBBE8AF48750F00483AF9A4D3294E7B0D840CBD1
                Function 0119C188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
                Download Yara Rule
                Strings
                • @, xrefs: 0119C1F1
                • PreferredUILanguages, xrefs: 0119C212
                • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 0119C1C5
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
                • API String ID: 0-2968386058
                • Opcode ID: b41bb234e9db5e0aac10cb51255c39d2c58fcc95ae22836528d5042e8dcf9cdb
                • Instruction ID: 32c4930e248c7bd146d77d5041c522776f1e24f34602bb52fad9a6abf5feca65
                • Opcode Fuzzy Hash: b41bb234e9db5e0aac10cb51255c39d2c58fcc95ae22836528d5042e8dcf9cdb
                • Instruction Fuzzy Hash: E2419671E00219EBDF19DFD8C891FEEBBB9AB14704F1040AAE659F7280D7749A44CB90
                Function 01174144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
                • API String ID: 0-1373925480
                • Opcode ID: 4dbdfb0e01f2c74510c6a8d55e9d3aa92d29f14d4d6fda8f03189cc341ae2d6f
                • Instruction ID: e32db91446a74d9bf690a2f01c265261a65328e85f659e1f3e7b6524c334837b
                • Opcode Fuzzy Hash: 4dbdfb0e01f2c74510c6a8d55e9d3aa92d29f14d4d6fda8f03189cc341ae2d6f
                • Instruction Fuzzy Hash: 23414532A002598FEB2EEBD8E840BADBBB8FF55340F150459D941EFB91D7349901CB11
                Function 01164755 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                Download Yara Rule
                Strings
                • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 01164888
                • LdrpCheckRedirection, xrefs: 0116488F
                • minkernel\ntdll\ldrredirect.c, xrefs: 01164899
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                • API String ID: 0-3154609507
                • Opcode ID: 78faf95bcd1b8eb3cf1c6535d2060baf9fd728d8ecc233bc123e7120dfccea5b
                • Instruction ID: 0b4fdfcb9fcb995dba96599244d6b3b2ef8e67150569aaa720af140740e52bcd
                • Opcode Fuzzy Hash: 78faf95bcd1b8eb3cf1c6535d2060baf9fd728d8ecc233bc123e7120dfccea5b
                • Instruction Fuzzy Hash: 7C41F732A06A519FCB29CF9CD940A667BECFF89A50F06016DED94D7B51D332D820CB81
                Function 010F0BBE Relevance: 3.8, Strings: 3, Instructions: 70COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                • API String ID: 0-2558761708
                • Opcode ID: 3b75b9d4979b7076e74f407a320f29bfe4a2ea299ffb87c56fe034c323d6177b
                • Instruction ID: 58ef6c56efd5d2fcf728944a6a620f07dedb969140e6cf2e057314f7f8538606
                • Opcode Fuzzy Hash: 3b75b9d4979b7076e74f407a320f29bfe4a2ea299ffb87c56fe034c323d6177b
                • Instruction Fuzzy Hash: 591124303161469FDB5DCB18C842BBAB3A2EF41A1AF19806DF586CF656EB30D840C751
                Function 011620DE Relevance: 3.8, Strings: 3, Instructions: 41COMMON
                Download Yara Rule
                Strings
                • minkernel\ntdll\ldrinit.c, xrefs: 01162104
                • Process initialization failed with status 0x%08lx, xrefs: 011620F3
                • LdrpInitializationFailure, xrefs: 011620FA
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                • API String ID: 0-2986994758
                • Opcode ID: 463ac6f00396cc8aa0a1402fdf9945f13fe315f8dee492a345d5037c6115f070
                • Instruction ID: 66a011b48ba54465f8b8e234771c475ab93c67723714d1c8149c857dbb975df8
                • Opcode Fuzzy Hash: 463ac6f00396cc8aa0a1402fdf9945f13fe315f8dee492a345d5037c6115f070
                • Instruction Fuzzy Hash: 9DF0C275642708ABE72CE74CCC46F9A376CEB40B58F61006DFA507B681D3B1A950CA91
                Function 010F03E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON
                Download Yara Rule
                APIs
                Strings
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID: ___swprintf_l
                • String ID: #%u
                • API String ID: 48624451-232158463
                • Opcode ID: 634cb18ac76d06cea9d69361d394ef68cc40ed11f994e445973074d67d48a009
                • Instruction ID: b4b08065869874a3c9a4e28bfec951c5b8e1ee72c170987ad306fe52fa7b9ff8
                • Opcode Fuzzy Hash: 634cb18ac76d06cea9d69361d394ef68cc40ed11f994e445973074d67d48a009
                • Instruction Fuzzy Hash: 9E715B71A0014A9FDB05DFA8C991FAEB7F8BF18744F144069EA41EB651EB34ED41CB60
                Function 010EA9D0 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
                Download Yara Rule
                Strings
                • LdrResSearchResource Enter, xrefs: 010EAA13
                • LdrResSearchResource Exit, xrefs: 010EAA25
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
                • API String ID: 0-4066393604
                • Opcode ID: 2a4357dff8e5fc12f43e4570a2afd234ef413608019d9f97339ca8222f6282c3
                • Instruction ID: 99c6fdd1ebab5e557ba966d42eda12499799471006848e84260c4e9754eafb46
                • Opcode Fuzzy Hash: 2a4357dff8e5fc12f43e4570a2afd234ef413608019d9f97339ca8222f6282c3
                • Instruction Fuzzy Hash: BEE1AD71F00219EFEF2A8E9AD988BAEBBF9BF08710F144466E951E7241D7349940CB51
                Function 011AA352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID: `$`
                • API String ID: 0-197956300
                • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                • Instruction ID: a312a91aa4ec4bda63d0f4828c02eba8d3a40899bd5bbf09350e92ee9fdaffe4
                • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                • Instruction Fuzzy Hash: 10C1D1352043429BEB29CF28D841B6BBFE5AFC4318F484A2DF69ACB290D775D505CB42
                Function 0115E6F2 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID: InitializeThunk
                • String ID: Legacy$UEFI
                • API String ID: 2994545307-634100481
                • Opcode ID: 2693d0d0ea607aac45a0ee33cd244d94f2647c8a6c656236fb8e657a6c953c95
                • Instruction ID: 6b114ba9a26d48379053a0f82646c38dc114e06a1a0a3e431d319141b141f7f1
                • Opcode Fuzzy Hash: 2693d0d0ea607aac45a0ee33cd244d94f2647c8a6c656236fb8e657a6c953c95
                • Instruction Fuzzy Hash: 93616C72E01619DFDB58DFA8C940BADFBB5FB48704F14406DEA69EB251D731AA00CB50
                Function 011843D4 Relevance: 2.7, Strings: 2, Instructions: 169COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID: @$MUI
                • API String ID: 0-17815947
                • Opcode ID: 580a454495d32028837294277d84315b666c8aee6ece49d7349485103fe67ad0
                • Instruction ID: 14cbc70b0720ea374e8330efb172c6b5cb4a4fb43e1204db7bffe8db49416b2f
                • Opcode Fuzzy Hash: 580a454495d32028837294277d84315b666c8aee6ece49d7349485103fe67ad0
                • Instruction Fuzzy Hash: 67512871D0021EAEDF15DFA9CC90BEEBBB8EB54754F104529E611B7690DB309905CB60
                Function 010E04E5 Relevance: 2.7, Strings: 2, Instructions: 153COMMON
                Download Yara Rule
                Strings
                • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 010E063D
                • kLsE, xrefs: 010E0540
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                • API String ID: 0-2547482624
                • Opcode ID: 5a70e0c8a20e6ecf260a977c1509f76dc0b5b2ee159460c9a022edcf2582b9d1
                • Instruction ID: 86305eb6814813f4e4aa44e1c96393881c9adfb9d1bbc3fbf11faef3092ff0e5
                • Opcode Fuzzy Hash: 5a70e0c8a20e6ecf260a977c1509f76dc0b5b2ee159460c9a022edcf2582b9d1
                • Instruction Fuzzy Hash: 6851BE717007428FD728DF6AC4887A7BBE4AF88304F10883EE6E987245E7B09545CF92
                Function 010EA2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
                Download Yara Rule
                Strings
                • RtlpResUltimateFallbackInfo Exit, xrefs: 010EA309
                • RtlpResUltimateFallbackInfo Enter, xrefs: 010EA2FB
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                • API String ID: 0-2876891731
                • Opcode ID: 4fc8aeb33e9d6c3aac15a213f0122cde96bd5c0b0354beae8eec090483787a6e
                • Instruction ID: 089f7903bf32b539f54d8d636933811fb152863c77de1f0eccd09eae85061d54
                • Opcode Fuzzy Hash: 4fc8aeb33e9d6c3aac15a213f0122cde96bd5c0b0354beae8eec090483787a6e
                • Instruction Fuzzy Hash: 1841AB31B00645DFDB25CF6AD844BAEBBF4BF88B10F1480A9E994DB291E3B5D940CB50
                Function 0111A5D0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID: InitializeThunk
                • String ID: Cleanup Group$Threadpool!
                • API String ID: 2994545307-4008356553
                • Opcode ID: e8936b38cb7a8e777a877ad2d6eb6f58d8130c2e89b6dd8807f9cf58fec4f82b
                • Instruction ID: 284f00bb71c4f34069f0d07890761bea254aa22c4d8deb1cbe762520054a8f95
                • Opcode Fuzzy Hash: e8936b38cb7a8e777a877ad2d6eb6f58d8130c2e89b6dd8807f9cf58fec4f82b
                • Instruction Fuzzy Hash: 160144B2206740EFD315CF14DD45F16BBE8EB80729F008839E258CB180E330E800CB46
                Function 010EC7C0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID: MUI
                • API String ID: 0-1339004836
                • Opcode ID: 5d8c1665f83fa52fc7fefa33b05c4859c4d52aa21f863d2aa9da891e4dd6c002
                • Instruction ID: a8a1b794e1f6a0992df0c118552431446a3cee2b7d0b79136bd75b13090fbd8e
                • Opcode Fuzzy Hash: 5d8c1665f83fa52fc7fefa33b05c4859c4d52aa21f863d2aa9da891e4dd6c002
                • Instruction Fuzzy Hash: A0826D75E002198FEB64CFAAC988BEDBBF1FF44310F1481A9E999AB351D7319941CB50
                Function 01166420 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID: 0-3916222277
                • Opcode ID: 59695963d90d6535fc20852d946f037a21a74320bb718e8717670b9f4d449629
                • Instruction ID: 10b8350390994b620e83b591d38b261c5de79d6e017dc7e2f41e692c73a3b360
                • Opcode Fuzzy Hash: 59695963d90d6535fc20852d946f037a21a74320bb718e8717670b9f4d449629
                • Instruction Fuzzy Hash: F1918372900619AFEB29DF95DD85FEEBBB8EF18754F100025F600AB190D775AD10CBA0
                Function 0118E10E Relevance: 1.5, Strings: 1, Instructions: 255COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID: 0-3916222277
                • Opcode ID: 72ce03d454f352bfd940c7b1a01f581ffc89f512daec5164d222c532ddb61aca
                • Instruction ID: 3d862d0b4fc44682c7a91d89ddd68b8c78a1b6c7fa90b1466a6d562f77f6e534
                • Opcode Fuzzy Hash: 72ce03d454f352bfd940c7b1a01f581ffc89f512daec5164d222c532ddb61aca
                • Instruction Fuzzy Hash: 1F91BF31902609BEDB2AAFA5DC44FEFBBBAEF45754F014029F901A7250DB749901CF91
                Function 0111A660 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID: GlobalTags
                • API String ID: 0-1106856819
                • Opcode ID: 8b9e2e006a9f9b18c84c27ee610b6b1043436533444fec34bc82259929850725
                • Instruction ID: e2c0e4838393d0c454438c39dd224ec45387284f1c9bc927c6e67110fcf28f8f
                • Opcode Fuzzy Hash: 8b9e2e006a9f9b18c84c27ee610b6b1043436533444fec34bc82259929850725
                • Instruction Fuzzy Hash: 9E717CB5E0030ADFDF6CCF98D5906EDBBB2BF48710F54812AE915A7245EB709841CBA0
                Function 01184978 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID: .mui
                • API String ID: 0-1199573805
                • Opcode ID: 7e535ab776a4442ff578c9ceff998856645321655eefc6cb7a17d8de662b2454
                • Instruction ID: 4ea714f0fa9b3f890056da60da048cd6731888955b624d337b71e730a9a9303b
                • Opcode Fuzzy Hash: 7e535ab776a4442ff578c9ceff998856645321655eefc6cb7a17d8de662b2454
                • Instruction Fuzzy Hash: E1518572D00627DBDF18EF99D840BEEFAB4AF14A54F058129E912BB650D7349801CFE4
                Function 010FE627 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID: EXT-
                • API String ID: 0-1948896318
                • Opcode ID: be1edf2094d0af92b2f0285eb7999effde3ea8eb1c0f10f021749c1888062dfb
                • Instruction ID: 03408baf51327244723184326e76513ecc0f13078b8bc915afba0c8fa186dcd0
                • Opcode Fuzzy Hash: be1edf2094d0af92b2f0285eb7999effde3ea8eb1c0f10f021749c1888062dfb
                • Instruction Fuzzy Hash: DD4190725083029BD710DA75C886BAFBBE8BF88B18F05096DF6C4E7590E774D904C796
                Function 0115C730 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID: BinaryHash
                • API String ID: 0-2202222882
                • Opcode ID: b3c40667d3f04f2d5f003111c1bf2fdb9e56fbac0b3d70c81105604b1a2843f5
                • Instruction ID: 82a1836f24bcb713d6bc7d35812d0898bfe4b5716ec96282444850a6f53d563b
                • Opcode Fuzzy Hash: b3c40667d3f04f2d5f003111c1bf2fdb9e56fbac0b3d70c81105604b1a2843f5
                • Instruction Fuzzy Hash: 6F4161B1D0022DEADB25DE50CC80FDEB77CAB55728F0045A5EA18AB140DB709E88CFE4
                Function 01176B40 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID: #
                • API String ID: 0-1885708031
                • Opcode ID: 3b63b3d3b5dd4699fa4deca9ff944663e1d9dabef33bf196c60506e669296147
                • Instruction ID: 020e7b2cfd585b333f6bdd2bd15ef87610cd260e915b54c2d29f0ec1e2d37092
                • Opcode Fuzzy Hash: 3b63b3d3b5dd4699fa4deca9ff944663e1d9dabef33bf196c60506e669296147
                • Instruction Fuzzy Hash: C7313731E00B199BFB2ACF69C850BEE7BB8DF05704F244028EA51AB382DB75D945CB50
                Function 0115CA72 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID: BinaryName
                • API String ID: 0-215506332
                • Opcode ID: 337ab8e57ffa7db41529034038fe5349a13bd9352674f6d00455459f6e94aa43
                • Instruction ID: 9ee43de7ff0dbc6be5dbd944924c24c91d640d3c6ea95bcef30bace63b0cedb3
                • Opcode Fuzzy Hash: 337ab8e57ffa7db41529034038fe5349a13bd9352674f6d00455459f6e94aa43
                • Instruction Fuzzy Hash: 47310536900619EFEB19DF58C851FAFBB78EB807A0F014129ED21A7250D7309E00DBE0
                Function 0116892A Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                Download Yara Rule
                Strings
                • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 0116895E
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
                • API String ID: 0-702105204
                • Opcode ID: 9b3af302c94970a75dff370c6dca8dac8d5fc008e40342ad187490c2903e4d06
                • Instruction ID: ee17b01268b4a36a64c7192d1e45cda33b85c3c30d1f8c5fead2efb622756397
                • Opcode Fuzzy Hash: 9b3af302c94970a75dff370c6dca8dac8d5fc008e40342ad187490c2903e4d06
                • Instruction Fuzzy Hash: 04017B31211306DFEB3C5B1ACD84B9ABF7DEFC1298B04002CF68106111DB2268A4C792
                Function 01182000 Relevance: .8, Instructions: 757COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 50fe5dd745c4225dab7d0586e0955e6f39b4397384b864198c5023d4ca3f2836
                • Instruction ID: c3460158661973a09408b0c93c4913600a167f6e1a80cc156f10ec78276ad572
                • Opcode Fuzzy Hash: 50fe5dd745c4225dab7d0586e0955e6f39b4397384b864198c5023d4ca3f2836
                • Instruction Fuzzy Hash: 3042D6356083419FDB2EEF68C890A6BBBE5BF99304F54892DFA8287250D770D845CF52
                Function 01178158 Relevance: .6, Instructions: 617COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e1b876a5cf0357f86b0c7d864f15b323aa0158c31508266b8f8440d482cbefcd
                • Instruction ID: fee823439d0f6d665bede57efbfbe5e573f9a73afee0b4458aca323c9cd7c1ec
                • Opcode Fuzzy Hash: e1b876a5cf0357f86b0c7d864f15b323aa0158c31508266b8f8440d482cbefcd
                • Instruction Fuzzy Hash: 6A426D75E002199FEB29CF69C885BADBBF5BF88304F158099E949EB341D7349981CF60
                Function 010F2840 Relevance: .6, Instructions: 605COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: da20a92ed70a83aa8ebf23eddc5f448003257d622d0d9e24a96ee35e48892b07
                • Instruction ID: 51dae66eb5e0b2ba5871f81bf030ca3dea3afd84f5e79ea6168f7d993e11184f
                • Opcode Fuzzy Hash: da20a92ed70a83aa8ebf23eddc5f448003257d622d0d9e24a96ee35e48892b07
                • Instruction Fuzzy Hash: 98320F70A007568FEB2DCF69C8447BEBBF2BF86B08F14412DD5869B684D734A842CB50
                Function 0118A118 Relevance: .6, Instructions: 591COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 84da85dabc71a611e1a464887875d2c9497d64c661c653a1a97cff9b93d6728a
                • Instruction ID: c7f50f66b4c64a7dd487fdd15ddf587cc7fffc7c00c1795c43779929bf80d51c
                • Opcode Fuzzy Hash: 84da85dabc71a611e1a464887875d2c9497d64c661c653a1a97cff9b93d6728a
                • Instruction Fuzzy Hash: 4222B2742046518BEB2DEF2DE050372BBF1AF44304F19C45BEA968B286E375E492DF61
                Function 010E6A50 Relevance: .5, Instructions: 548COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6a109e117b909f44da7297aee69e1e49cec765c5919c24bd3ddbfee693f79c43
                • Instruction ID: b734074500a6619d842463ed9e241103696555128bdbc059d6026a102435e595
                • Opcode Fuzzy Hash: 6a109e117b909f44da7297aee69e1e49cec765c5919c24bd3ddbfee693f79c43
                • Instruction Fuzzy Hash: F632EF70A04205DFDB29CFA9D484BAEBBF1FF58310F148569E996AB391D731E881CB50
                Function 01104A35 Relevance: .4, Instructions: 423COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                • Instruction ID: 25369fb816b45c7d971c3f008c6e69c426efd1bf398269633e52f78a4736d0f1
                • Opcode Fuzzy Hash: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                • Instruction Fuzzy Hash: 64F18071E0061A9BDF1ECF99C580BAEBBF5BF48714F058129EA05AB780E7B4D841CB54
                Function 0117892B Relevance: .4, Instructions: 386COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 873b6177fc1aa17c3c4fe36af75045568273dc89001128bd89cc0b7d86fa18ee
                • Instruction ID: 25b47ed6982770f4a5b0a5379b91350cd690185bb1f333f9f9d120783ca8eb20
                • Opcode Fuzzy Hash: 873b6177fc1aa17c3c4fe36af75045568273dc89001128bd89cc0b7d86fa18ee
                • Instruction Fuzzy Hash: 16D1EF71E0060A8BDF0DCF69C845AFEBBF1AF88314F198169D955A7381E735EA05CB60
                Function 010E65D0 Relevance: .4, Instructions: 383COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 75af5aa912c58f00829e9548c709cd3b3f0c7f0382d73437d0b101731f8fa9a2
                • Instruction ID: ac5ba7070b81095188aab3054dc86213748c9b980cd5010d8d665ff8ac1fd6ca
                • Opcode Fuzzy Hash: 75af5aa912c58f00829e9548c709cd3b3f0c7f0382d73437d0b101731f8fa9a2
                • Instruction Fuzzy Hash: 9BE1CF71608342CFC715CF29D084A6ABBE0FF99314F058A6DE9D987351EB32E905CB92
                Function 010D8397 Relevance: .4, Instructions: 380COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ea855052a9ddb49d7a6aec37d23455c237a52801d0ada71a9615b6a3a2315857
                • Instruction ID: 637cfa993cfe1475b13ec64cb7c548328913c82eb8f42eede0f1e2cbcfbf4ece
                • Opcode Fuzzy Hash: ea855052a9ddb49d7a6aec37d23455c237a52801d0ada71a9615b6a3a2315857
                • Instruction Fuzzy Hash: D6D1D0B1A003069BDB18DF29C881ABE77F5BF94314F05822EE995DB285FB30D954CB50
                Function 01168243 Relevance: .3, Instructions: 322COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                • Instruction ID: d1ce132a479afe94aafe6c86d30d5795d8b007000b198e10e8a802451a35e44e
                • Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                • Instruction Fuzzy Hash: 5BB17075A00705AFDF28DF99C940AAFBBBDBF84308F14446DAA4297790DB36E915CB10
                Function 010F0535 Relevance: .3, Instructions: 300COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                • Instruction ID: db729d183cb6381ffab896b57ed24eed6adfd732afc0a61c75d29400fff67146
                • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                • Instruction Fuzzy Hash: C9B12631600646AFDB29DB68C851BBFBBF7AF44704F140199E692DB686D730ED41CB90
                Function 010E83C0 Relevance: .3, Instructions: 281COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c5a26afd12add78ea978b9f38e0e953272dbb1ca63a749970092db15a9a0a2f5
                • Instruction ID: 4ba78261bee20294434542f2b2e50484ceb0435b61a7805eeb36700c25c7390b
                • Opcode Fuzzy Hash: c5a26afd12add78ea978b9f38e0e953272dbb1ca63a749970092db15a9a0a2f5
                • Instruction Fuzzy Hash: ADC18875108341DFE764CF19C488BAAB7E4FF88704F44896EE98987291DB74E948CF92
                Function 010DC427 Relevance: .3, Instructions: 280COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a2a35784a2085b6cb94bb81692a78e6d5c195aef60190d44bb72e934f8188d30
                • Instruction ID: d82b788232f617d5695d9c30be8163432a2a9be5292a2655c4ae4b9ec99a3d93
                • Opcode Fuzzy Hash: a2a35784a2085b6cb94bb81692a78e6d5c195aef60190d44bb72e934f8188d30
                • Instruction Fuzzy Hash: 30B18070A002668BEB68CF58C980BADB7F1EF44704F4485EDD58AE7285EB709DC5CB20
                Function 0110E5E7 Relevance: .3, Instructions: 278COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9012860a16823e41d3a5a216f7d30ca088d23dea15eeb69bc78bde72991139b2
                • Instruction ID: 2ea20a3c99e431c215c9b3e28d07c1e3d4e8d79011760504eb09a3c9c8f6d122
                • Opcode Fuzzy Hash: 9012860a16823e41d3a5a216f7d30ca088d23dea15eeb69bc78bde72991139b2
                • Instruction Fuzzy Hash: ADA13831E026169FEB2EDB5DD844FAEBBB4AB00B14F050525EA10AB3D1D7B49D41CBD1
                Function 01120185 Relevance: .3, Instructions: 276COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0a760ac204efd0652ab3f938020ee2239253b3a2a408a5404f94a4aeb566112c
                • Instruction ID: 278efa1792bbdc188248cbf511ced08c83cc54764250cdf731b1561e88cdeb3a
                • Opcode Fuzzy Hash: 0a760ac204efd0652ab3f938020ee2239253b3a2a408a5404f94a4aeb566112c
                • Instruction Fuzzy Hash: E6A1F570B0162ADFDB2DDF69C590BAAB7B1FF48318F004229EA55D7281DB34E825CB51
                Function 011B4500 Relevance: .3, Instructions: 275COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 798b7ae488d8828054f1185613ea0941401d548ccb1b781b6d8e68c7994e3c3c
                • Instruction ID: 69fee6b88cb5f577483dac3c997aafd4ca855f6f24810f24e2f6b3af11e14780
                • Opcode Fuzzy Hash: 798b7ae488d8828054f1185613ea0941401d548ccb1b781b6d8e68c7994e3c3c
                • Instruction Fuzzy Hash: FBA1D072A056129FD719DF58C980BAAB7E9FF48704F05852CE6869BA52C334EC40CB91
                Function 011B2B57 Relevance: .3, Instructions: 266COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
                • Instruction ID: 413ef52d646ed59f16a08e474c665d16af921ad2ed8e578f0676c1f7302ca2ce
                • Opcode Fuzzy Hash: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
                • Instruction Fuzzy Hash: 98B12771E0061ADFDF29CFA9C880AEDBBB5FF48310F148169E915AB354D730A949CB90
                Function 011660E0 Relevance: .3, Instructions: 264COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e9d13d03b0518055c1ab21e9b126f4c790b40b9199468d6ae3a215ce49b2684b
                • Instruction ID: 23cf4abc8b52a123a30118a9be79a8180c35faae858dd0aa54131c4513bf1747
                • Opcode Fuzzy Hash: e9d13d03b0518055c1ab21e9b126f4c790b40b9199468d6ae3a215ce49b2684b
                • Instruction Fuzzy Hash: 8991A171D0421AAFDB19CFA8D890BAEBFB9AF48710F154169E614EB341D735ED10CBA0
                Function 010FE3F0 Relevance: .3, Instructions: 261COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 879b812bf7665257b5739844a495dcaf720f5cdccda051844578b73d28953606
                • Instruction ID: 972fd2fa8bd580d6d918d8bbe85511e273e2a2dc297f3da2d9faa64705a5b1b6
                • Opcode Fuzzy Hash: 879b812bf7665257b5739844a495dcaf720f5cdccda051844578b73d28953606
                • Instruction Fuzzy Hash: 4F912831A00616CBE728DB5CC445BBE77A1EF84B14F1640ADEB859BB90EB34E941C751
                Function 011AAB40 Relevance: .2, Instructions: 222COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                • Instruction ID: 5a9f6611f5773cd8370e0c4458b13b70603b43e899a20d8a388b6933b1f58f19
                • Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                • Instruction Fuzzy Hash: 33818075A0020A9FDF1DCF98D490AAEBBB6BF84310F598569D9169B385D734E901CB80
                Function 0111E284 Relevance: .2, Instructions: 212COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: de9ce189fe9668280a09ff9020e1a29fb723b3f5612b6d459d4184f702b2765d
                • Instruction ID: 340a75825083188f44607ea6a17e102f6d0bbc9195601169efae85cfba9704b3
                • Opcode Fuzzy Hash: de9ce189fe9668280a09ff9020e1a29fb723b3f5612b6d459d4184f702b2765d
                • Instruction Fuzzy Hash: 4B817F71A05609EFDB2ACFA9C880AEEFBF9FF48314F104429E955A7254D730AC55CB60
                Function 010FC640 Relevance: .2, Instructions: 206COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 284913670f4b5634454d68c7e0cad023784cc5945f49b207af46eed5cbfceb03
                • Instruction ID: c14902e6e721ea84949946ba401dc5f81e646b1533cea0516665fcac0b09b8cf
                • Opcode Fuzzy Hash: 284913670f4b5634454d68c7e0cad023784cc5945f49b207af46eed5cbfceb03
                • Instruction Fuzzy Hash: 5071C175C06669DBDB298F98D551BBDBBB0FF58B10F14412EE991A7750E3309840CBA0
                Function 011947A0 Relevance: .2, Instructions: 202COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 839f2f0f28390db5ad11691ad14e3d3464d6361a7e1b6b89cc4320d813d7c3ef
                • Instruction ID: 8d940b3b374cb5c6511705afac03b0baeedd3de5df3a2d39af8ff58b76aa3e9c
                • Opcode Fuzzy Hash: 839f2f0f28390db5ad11691ad14e3d3464d6361a7e1b6b89cc4320d813d7c3ef
                • Instruction Fuzzy Hash: 47719370902205EFDF2CCF99DB40A9EBBF8FF94304F11816AE661A7658D7398981CB54
                Function 010F260B Relevance: .2, Instructions: 201COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3bbd2b0549119dd555c55938c6baa9ebe82dc7c3db44264d44fd39f08f014ae0
                • Instruction ID: 582a58c49d7805a3187396c0e2ff36597004b6816638cff1705b2e9ebc2147a4
                • Opcode Fuzzy Hash: 3bbd2b0549119dd555c55938c6baa9ebe82dc7c3db44264d44fd39f08f014ae0
                • Instruction Fuzzy Hash: B371EF316042429FD316DF28C481B6AB7E5FF88714F0485AAE998CB752DB38DC46CB91
                Function 0116035C Relevance: .2, Instructions: 198COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                • Instruction ID: 860b3bbf6d74daced0064e43edb6cf5f207c10e1ef8f44a2b0da4eaef6fffff0
                • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                • Instruction Fuzzy Hash: 55717C71A0061AAFCB14DFA9C984ADEBBB8FF48304F104469E605EB250DB34EA11CB90
                Function 011762A0 Relevance: .2, Instructions: 198COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9a5b634d306ea65f3ea58f221349a7a4078089cdec78ef7a4ae8cb0bafa5ddad
                • Instruction ID: c468964b06122c2178ce3ea1592880346dba026d243526db7ed6c12af7155732
                • Opcode Fuzzy Hash: 9a5b634d306ea65f3ea58f221349a7a4078089cdec78ef7a4ae8cb0bafa5ddad
                • Instruction Fuzzy Hash: C071E132200B02AFEB3A9F18C855F6ABBB6EF44724F154528E2568B7A0D775E944CB50
                Function 010E8AA0 Relevance: .2, Instructions: 197COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 050c17b6e85582ee56ba92e52e1262d607d9f14ce5e93b5bed100ef7e821a83e
                • Instruction ID: ad34f1f81713219c67f963324eb5e1d13c1fdad28d16d8494b433ea7136ea1bb
                • Opcode Fuzzy Hash: 050c17b6e85582ee56ba92e52e1262d607d9f14ce5e93b5bed100ef7e821a83e
                • Instruction Fuzzy Hash: 2D81C172A093168FDB2CCF9DD588BAD77F2BF48710F15416AE910AB691C7749D80CB90
                Function 011B8324 Relevance: .2, Instructions: 192COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e720d0df1af7bdf4b337b57bbe98a8c24d74fd58c6ced51900dcd0737d9dbe7b
                • Instruction ID: 60527eb440bb3ae8a4c679a9f64c7e0f5825366fc63b8aeda0ae1028e6db7032
                • Opcode Fuzzy Hash: e720d0df1af7bdf4b337b57bbe98a8c24d74fd58c6ced51900dcd0737d9dbe7b
                • Instruction Fuzzy Hash: 58712B71E0021AAFDF19DF94CC81FEEBBB8FB04764F104129E611A7290D774AA15CBA0
                Function 0119A250 Relevance: .2, Instructions: 184COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 041e0de25104e6c1f9403a141db2154c2c110844a049b75c806445391e006b28
                • Instruction ID: 93351d13231c178dc830a9a914061d1c62b4976644eb2e1473d7c365abe7f3f9
                • Opcode Fuzzy Hash: 041e0de25104e6c1f9403a141db2154c2c110844a049b75c806445391e006b28
                • Instruction Fuzzy Hash: 1151E272504712AFDB19DE68D884E5BBBE8EFC4714F054929FAA0DB150D730ED08CBA2
                Function 01188350 Relevance: .2, Instructions: 161COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ef18db3919f28b0ea9aae33ab8a0caf5cf072ccaa9d4bb1d8ff6219bb2682c84
                • Instruction ID: 8e21604b9edbbce6925612ceeb09881b035f004747a67219d009a459ef19e2bd
                • Opcode Fuzzy Hash: ef18db3919f28b0ea9aae33ab8a0caf5cf072ccaa9d4bb1d8ff6219bb2682c84
                • Instruction Fuzzy Hash: B651CE719007059FD728EF5AC880BABFBF9BF54714F50861ED292576A1C7B0A941CF50
                Function 0111E443 Relevance: .2, Instructions: 158COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a3706bbc668988c0863bbbed95a35271618b9b78dcbd46c66c1811fa232d48e2
                • Instruction ID: e39d160391aabd50c1843ebf974ec7b70bf91f465914c8aff568a8903b950868
                • Opcode Fuzzy Hash: a3706bbc668988c0863bbbed95a35271618b9b78dcbd46c66c1811fa232d48e2
                • Instruction Fuzzy Hash: 5D518F71201619DFCB2ADFA9C980FAAB3F9FF14754F410429EA5197660D734E940CB51
                Function 01184180 Relevance: .2, Instructions: 156COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0e6f99013b0f17b09b1f7628fbde0f38299f118d7a5795b579feeb5d000af61e
                • Instruction ID: c6b16ab4348ac94e72261736d0235a0f3f58ffa9563f9d4ac26bad1ec6e97a46
                • Opcode Fuzzy Hash: 0e6f99013b0f17b09b1f7628fbde0f38299f118d7a5795b579feeb5d000af61e
                • Instruction Fuzzy Hash: 13518C716083129FD758EF29D880A6BBBE5BFD8208F44892DF999C7650EB30D905CF52
                Function 011045B1 Relevance: .2, Instructions: 156COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                • Instruction ID: 3e833ece51edd60b457a3f34d1740c085bb0f5c3add4e49194b620760207fb4f
                • Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                • Instruction Fuzzy Hash: 0951E531D0060AABDF1ACF98C480BEEBBB9EF45714F044069EA00AB280D7B4DD44CB94
                Function 0116E9E0 Relevance: .2, Instructions: 154COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                • Instruction ID: acf31963e9a5ebca444f8ffc39f0ecd649073e238fedafcd6db036fb926842d7
                • Opcode Fuzzy Hash: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                • Instruction Fuzzy Hash: E351D835D0121AEFEF29DF94C884BAEBB7DAF00324F154765D91267190D7329E60CBA1
                Function 011A8B28 Relevance: .2, Instructions: 152COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e818cbd4966da220e24cd2a4c934bf46a210e04538b3c302e56fc86feca92502
                • Instruction ID: 2d1d4e0a4e4d92ea605c0b76db45277b4ee56d9b23ac763902b5b62cba2e0e97
                • Opcode Fuzzy Hash: e818cbd4966da220e24cd2a4c934bf46a210e04538b3c302e56fc86feca92502
                • Instruction Fuzzy Hash: F441F7787016119BE72DDB2DC894BBFBF9AFF90622F848219E955872C4DB30D801CB91
                Function 0116CBF0 Relevance: .1, Instructions: 148COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 91cdf69bbb65eaff3a55b06ea4a1879927dda97ba419828dc8c61e77bd0ff1a5
                • Instruction ID: 9a2c851ef0fd6c4f42e05aea51e1cfd4c686253858ec62d2fff7ec949b833cb0
                • Opcode Fuzzy Hash: 91cdf69bbb65eaff3a55b06ea4a1879927dda97ba419828dc8c61e77bd0ff1a5
                • Instruction Fuzzy Hash: 1951EE75A0121ADFCB28DFA9C880A9EBBB9FF58318B114529D595A3304D732FD51CBD0
                Function 0111A430 Relevance: .1, Instructions: 139COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 78fee9ec9466fbcff4b79d889a63030a2591bc79272269c3d6940507d23129ea
                • Instruction ID: a742187d2031a97f72005a1fe3c1eab327b90c874b061539f2686d6993b7e312
                • Opcode Fuzzy Hash: 78fee9ec9466fbcff4b79d889a63030a2591bc79272269c3d6940507d23129ea
                • Instruction Fuzzy Hash: FC411771747245DBDB2DEF68E881B6ABB75AB55708F41003CEE129B245D7B19840C7A0
                Function 011AA9D3 Relevance: .1, Instructions: 139COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                • Instruction ID: fa84cd01b74dd1de8aa1f62b3a438d13de07bf5eec3077c438a8542065f38ee7
                • Opcode Fuzzy Hash: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                • Instruction Fuzzy Hash: 6B412A356007169FCB2DCF28D994A6ABBE9FF80314B45462EE95287641EB30FC08C7D0
                Function 011101F8 Relevance: .1, Instructions: 138COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c9c09322a90c422b987129f660be5782961db48c3f937b91cf7543db146e1b35
                • Instruction ID: 60471aa8d8db1afff70b84a4a36a046ee70a90530a787e4786575253cca46a59
                • Opcode Fuzzy Hash: c9c09322a90c422b987129f660be5782961db48c3f937b91cf7543db146e1b35
                • Instruction Fuzzy Hash: 7941A536E00229DBDB18DF98C440AEEFBB4AF4C714F15812AF815EB244E7359C81CBA4
                Function 0110EBFC Relevance: .1, Instructions: 138COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9f0ada74a8dd1ee6222a08be67ea6594cef23497d6ed4d5b5cabfc6bc368f0ed
                • Instruction ID: e233ec25ef2b58f22523df2ffe1820209da254aed7745b43f312e9fb87c4fc75
                • Opcode Fuzzy Hash: 9f0ada74a8dd1ee6222a08be67ea6594cef23497d6ed4d5b5cabfc6bc368f0ed
                • Instruction Fuzzy Hash: 7C41F071A053028FD72ADF29C884A5BB7E9FF88224F014C2DE696C3751DB71E845CB51
                Function 01122750 Relevance: .1, Instructions: 137COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                • Instruction ID: 883354cf425e86b461d8dfd6c3422b3797f934da94f8e8120289852370d2b1eb
                • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                • Instruction Fuzzy Hash: D5515D75A40615CFCB59CF98C480AADFBB2FF84714F1882A9D925A7351D770AE41CB90
                Function 010E6154 Relevance: .1, Instructions: 133COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a7042f4c5462baf8d6670393d44ddaabc5b80b65e09a88ed321aabd4952bc67e
                • Instruction ID: 496a6c0cc79681e49a5c84aff238db5158b869f659defa93278029135be111b1
                • Opcode Fuzzy Hash: a7042f4c5462baf8d6670393d44ddaabc5b80b65e09a88ed321aabd4952bc67e
                • Instruction Fuzzy Hash: CB510570900616DFDB298B29DC05BECBBF1EF25314F0482E9D6A9A76D1DB359981CF80
                Function 010E0BCD Relevance: .1, Instructions: 130COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0b06affa4de8b5cc5759a2b2d0625fad48cc7e06cdffc4f02d65fc9ce59add72
                • Instruction ID: d661d9f1bcb341a3ca16538fc84a8fe9bf146bd012d099087d8ce9c9e9c09f99
                • Opcode Fuzzy Hash: 0b06affa4de8b5cc5759a2b2d0625fad48cc7e06cdffc4f02d65fc9ce59add72
                • Instruction Fuzzy Hash: 7A41AE31A013299FDB25DF69C948BEE77B8EF85750F0100A9E948AB245DB74DE80CF91
                Function 011A866E Relevance: .1, Instructions: 129COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                • Instruction ID: 07befae952b3f14350b344246e4a2bf85ce59c6d72818d0d53f02899402c48a1
                • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                • Instruction Fuzzy Hash: 0741A479B00205ABEB19DF99CC85ABFFFBAAF88615F544069E904A7341DB70DD01C760
                Function 010E0887 Relevance: .1, Instructions: 128COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f811e84ad3fc5c433c2a0a4d70134d06ab88212db0fc4697ff56a80908ca8f3f
                • Instruction ID: eacbcfe582f2c39e5ad1f58a4046259d7d282f048bfb01ca6be08380a1f92826
                • Opcode Fuzzy Hash: f811e84ad3fc5c433c2a0a4d70134d06ab88212db0fc4697ff56a80908ca8f3f
                • Instruction Fuzzy Hash: 6C41D1707007029FE329CF2AC584A26B7F9FF89314B108A6DE5D687A54E7B1F845CB90
                Function 0110A470 Relevance: .1, Instructions: 127COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ef88652b2f9b2b6ab318a6d2f89b8c06a8e7e3c369dbf49857e0199c1398b7ac
                • Instruction ID: 2888ddb8fbf3187b8b7a6b19fe47fb18b51852ae8cd0da81fa792883c1ae07bd
                • Opcode Fuzzy Hash: ef88652b2f9b2b6ab318a6d2f89b8c06a8e7e3c369dbf49857e0199c1398b7ac
                • Instruction Fuzzy Hash: D841CC32942305CFDB2EDF6CE4947ED7BB0BF18620F0601A9D425AB6D1DB759940CBA1
                Function 010E8BF0 Relevance: .1, Instructions: 124COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 66d46cb1f4fa2f85f982b4ac8e5f5f1c153f3093def98fc46e3323b47d028dfc
                • Instruction ID: 8111426241364125cff8d6268d8ebd84f626af97caca3f403c30912429141f23
                • Opcode Fuzzy Hash: 66d46cb1f4fa2f85f982b4ac8e5f5f1c153f3093def98fc46e3323b47d028dfc
                • Instruction Fuzzy Hash: 06411731906206CFD7289F4ED888B9EBBF2FB95704F14C06AD5519BA55C335D881CF90
                Function 010D8918 Relevance: .1, Instructions: 123COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: da91f477538198082d3077d956318588b105c28fa5166b277fa5b55c94e01906
                • Instruction ID: dd929e029feded8e84ab46fba63c6b52917b0519f01c619924cac09e3b453a3e
                • Opcode Fuzzy Hash: da91f477538198082d3077d956318588b105c28fa5166b277fa5b55c94e01906
                • Instruction Fuzzy Hash: 58416A315087069ED312DF698880A6BF6E9EF84B54F45092BFA84D7290E771DE048B97
                Function 010DA020 Relevance: .1, Instructions: 122COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                • Instruction ID: 5788d910b96ea98a563438e04250a6a0a838f37e7d38b94554deb0b06b731d26
                • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                • Instruction Fuzzy Hash: 59414C31B08311DBDB19DE6884407BEBF75EBD0764F15806AF9859B244E7368D80CB96
                Function 010E09AD Relevance: .1, Instructions: 122COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6aec63b4fd583ba5527dcfeb1b0c5f15cd2e208322c26332eb2c7a250c2da29c
                • Instruction ID: 33fc578b62716aada6cb8073435adeef042fd091371840ce0979e0d5851d739d
                • Opcode Fuzzy Hash: 6aec63b4fd583ba5527dcfeb1b0c5f15cd2e208322c26332eb2c7a250c2da29c
                • Instruction Fuzzy Hash: 7941BD71600305EFD725CF19C844B6ABBF4FF58314F248A6AE589CB255E7B1E942CB90
                Function 01110710 Relevance: .1, Instructions: 121COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                • Instruction ID: 371ce4d77f79834d94a0f36ebd9aa6a3b3f8225498646cc434f6e2de5a09b004
                • Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                • Instruction Fuzzy Hash: 9F410871E04605EFDB28CF98C990AAABBF4FB18700B11497DE596D7654D330AA84CB50
                Function 010E262C Relevance: .1, Instructions: 119COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 1e402a6ffabff931008bb469e14e77ca3ded996a0b7e4becb87b7f150cda6e38
                • Instruction ID: 1d2f6329634476e2583db0ac07d6987f52da268bab1c2fec0ee8eed871d2468e
                • Opcode Fuzzy Hash: 1e402a6ffabff931008bb469e14e77ca3ded996a0b7e4becb87b7f150cda6e38
                • Instruction Fuzzy Hash: DF4147B0941705CFCB29EF2AC905B69B7F9FF88310F1082AEC4969B2A1DB309941CF51
                Function 0111C8F9 Relevance: .1, Instructions: 116COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 15c13d816c5a544fb8cdf02ef2f209813305deba0a6d66d64aa387c36fbcf661
                • Instruction ID: 72aae4d3a544fc9ada2624ccb32ca446f28c0d2e436e80f529847dd3592d9a4c
                • Opcode Fuzzy Hash: 15c13d816c5a544fb8cdf02ef2f209813305deba0a6d66d64aa387c36fbcf661
                • Instruction Fuzzy Hash: AC319AB2A40255DFDB5ACF58C040799BBF1EB08724F2081AED519DB251E3329902CF90
                Function 011607C3 Relevance: .1, Instructions: 114COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 08a108923f1ee1143d7225e08bfe8e4f63ca8b53e7d8f5e37c9cbb7a64446935
                • Instruction ID: 7c148b86fa709f9b98123b6fd8c025b52404d914ace3535d7f89059702b7680c
                • Opcode Fuzzy Hash: 08a108923f1ee1143d7225e08bfe8e4f63ca8b53e7d8f5e37c9cbb7a64446935
                • Instruction Fuzzy Hash: 1F418C729083059BD764DF29C844B9BBBE8FF88664F004A2EF5A8C7251D7709954CB92
                Function 010D80A0 Relevance: .1, Instructions: 111COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d1bc084b34660b03f55c6cdb32459909985e5e159b4243492e958c40cd530218
                • Instruction ID: 5c9179a7215762f976fd83241c4a89986bb899a8ee3cfbb38bd6945f3b396ecb
                • Opcode Fuzzy Hash: d1bc084b34660b03f55c6cdb32459909985e5e159b4243492e958c40cd530218
                • Instruction Fuzzy Hash: 5241E175A05716AFCB01DF68C880AACB7B9BF44760F14C22AD895A7280DB34ED458BD0
                Function 011605A7 Relevance: .1, Instructions: 111COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 24bd1bc45ad835e97fa06597495ef7aa2b61f3c5bf1081c951048a48dbc55f50
                • Instruction ID: 29b30749adb8440adefb2984a3fa54f6cca1efb19bb214b90b324ff10f550695
                • Opcode Fuzzy Hash: 24bd1bc45ad835e97fa06597495ef7aa2b61f3c5bf1081c951048a48dbc55f50
                • Instruction Fuzzy Hash: 7F41F4726046469FC328DF2CC840A6AB7E9FFC8700F14062DF99487680E731ED24C7A6
                Function 010E4859 Relevance: .1, Instructions: 111COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b4ae75a684fef0380ec0790adef865fb3f9377a3bfb0fac453545f5c86ff4790
                • Instruction ID: 5ca63a4f34a4ca9a21c942e3168c5ad2eac5a5fdd4f6a7e1a04b572e53cae0cf
                • Opcode Fuzzy Hash: b4ae75a684fef0380ec0790adef865fb3f9377a3bfb0fac453545f5c86ff4790
                • Instruction Fuzzy Hash: 4641F1306013068FD725CF2ED888B2ABBE9EF80364F1544ADE6D1DB2A1DB34D841CB91
                Function 010D8B50 Relevance: .1, Instructions: 111COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c4b294164e13e665ae7f2653c99943b10a675a996706c1dd4cea40ecdb59f0f8
                • Instruction ID: cfab9690e3684f986b202c171eb3774968fdb5cf044df758d4d8bc8ab449a717
                • Opcode Fuzzy Hash: c4b294164e13e665ae7f2653c99943b10a675a996706c1dd4cea40ecdb59f0f8
                • Instruction Fuzzy Hash: 5E417D71A01709DFCB15CF69C98099DBBF1FF88324B10C66BD5A6A72A0DB34A941CF40
                Function 010F02E1 Relevance: .1, Instructions: 106COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                • Instruction ID: b2539b00f2fe15c8a71d9866eeab21076d33a80ef4fece3c8e62be815148e4d6
                • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                • Instruction Fuzzy Hash: 8B312531A04245AFDB228B68CC44BDFBFEAEF14350F0481A9F995D7756C3749884CBA4
                Function 0118E3DB Relevance: .1, Instructions: 105COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 20430963743fda0460092def1b4bef2bcad5994a3c110121bf27cf10ff7fe8e0
                • Instruction ID: d29bc358c9352a0800f1c01e195da588bd426b4dc3505ede7d24b20fd6db77da
                • Opcode Fuzzy Hash: 20430963743fda0460092def1b4bef2bcad5994a3c110121bf27cf10ff7fe8e0
                • Instruction Fuzzy Hash: F131BE31741716ABDB2AAF598C41FAB76A4AB58B54F014028F604EB2D1DBA4DD00CBE0
                Function 01194B4B Relevance: .1, Instructions: 104COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 37859a5cea76a861364b778693dab2f438e5488ee0021e79f35a67c86027163b
                • Instruction ID: 1ab9125eafb07d2828bb42a681fcaff2e63952b3451a90981f639614f34ab842
                • Opcode Fuzzy Hash: 37859a5cea76a861364b778693dab2f438e5488ee0021e79f35a67c86027163b
                • Instruction Fuzzy Hash: 3031F2322062018FCB29DF1DD990E6AB7F5FB85320F0A447DE9A58BB55D730E842CB81
                Function 010E4260 Relevance: .1, Instructions: 102COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0fadaa1b544d842111a4814487d221e444c18be07f7c1b492500f9b05ffcb787
                • Instruction ID: 1d1a455eeb6317bec7a814dce9e4c75b25b399ea44dcd312aba58208c3ce202a
                • Opcode Fuzzy Hash: 0fadaa1b544d842111a4814487d221e444c18be07f7c1b492500f9b05ffcb787
                • Instruction Fuzzy Hash: 8B41AD71200B459FD72ACF2AC885FDA7BE5AB48754F01842DF6A9CB290C774E840CB90
                Function 01194BB0 Relevance: .1, Instructions: 101COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c6bc32527bc44602db0d9ff0f7e71ec7f4d6082ffcc33c4e681969708ac8c6f2
                • Instruction ID: 08c0f88dfe19611560c13c4a60bfc514552210d5918af36427f828514b7a53b7
                • Opcode Fuzzy Hash: c6bc32527bc44602db0d9ff0f7e71ec7f4d6082ffcc33c4e681969708ac8c6f2
                • Instruction Fuzzy Hash: 1831CF716053418FDB28DF28D990A2AB7E5FB84720F05456DF9A59BB90E730EC06CB92
                Function 0115EB1D Relevance: .1, Instructions: 100COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c21984e66a9cc8b0c492599a28642932f123c9ead46296142358f6c4aa2aba57
                • Instruction ID: c05cc0e98d5f66c0386d9dd25bea7ead24fde12de1b0782362b80f1415fd7475
                • Opcode Fuzzy Hash: c21984e66a9cc8b0c492599a28642932f123c9ead46296142358f6c4aa2aba57
                • Instruction Fuzzy Hash: 3531D572B42682DBF32E9B5CCD48B65FBD8BB44744F1D00A4AFA59B6D1DB28D940C221
                Function 011A61C3 Relevance: .1, Instructions: 97COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 1ae912a2d13d7b89ccde7ee9ac37b4f04aaca63c6fd638408fe8baacbf8de17a
                • Instruction ID: 9e28f2ac87d7c1e0357bc72c896bf0fb4207f085da29b4cd5a9d13ca1a209532
                • Opcode Fuzzy Hash: 1ae912a2d13d7b89ccde7ee9ac37b4f04aaca63c6fd638408fe8baacbf8de17a
                • Instruction Fuzzy Hash: CD31E779A0021AEBDB19DF98CC40FAEBBB5FB44740F454169E900EB244D770ED40CB94
                Function 0118483A Relevance: .1, Instructions: 96COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 03f33ae4ae7f0e7e672374e23fe29a30f269c31ab9469c99b6493eed8bdeed7a
                • Instruction ID: 9f220d74b12a90686e0944737114eb068ed7dc736150854db00879ee531cbe7c
                • Opcode Fuzzy Hash: 03f33ae4ae7f0e7e672374e23fe29a30f269c31ab9469c99b6493eed8bdeed7a
                • Instruction Fuzzy Hash: 7D315276E4112DABCF35EF54DC84BDEBBB9AB98310F1140A5E508A7250DB309E91CF90
                Function 0110EB20 Relevance: .1, Instructions: 96COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a54b06b3dcaeb46ebfea27f5dcdf3e83b449d8f8982c851c3347b0c0b1649e1b
                • Instruction ID: 94815e7c9dee8fe728adf54fa233e00d6a58ffc569a6db6618a2f489a1c2eb63
                • Opcode Fuzzy Hash: a54b06b3dcaeb46ebfea27f5dcdf3e83b449d8f8982c851c3347b0c0b1649e1b
                • Instruction Fuzzy Hash: 2B31A672E01619AFDB36DEAAC840B9EBBF9EF44750F014825E555D7290D3B09A008BA1
                Function 011A60B8 Relevance: .1, Instructions: 95COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 65c3e1dd48a3f7a5b4468cb708e37cbacc7852872ab6e0a4bd64040571541827
                • Instruction ID: 039f9386bd93906a25971abbd4bf28482b57d9f1d82e8614af5e0c66820d4049
                • Opcode Fuzzy Hash: 65c3e1dd48a3f7a5b4468cb708e37cbacc7852872ab6e0a4bd64040571541827
                • Instruction Fuzzy Hash: AC31E275A00216AFDB1A9FA9C850BAEBFB9AF84714F450069E511DB742DB34EC00CB90
                Function 010E07AF Relevance: .1, Instructions: 95COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 330763e2116ddd7bdce07a902f302c417aa9ab27661a0c243d1c13b135de5ee8
                • Instruction ID: b3d0ea03b6733e33d39f707b80077a7e055bbbaf887e5fc523a1b81c4590fb90
                • Opcode Fuzzy Hash: 330763e2116ddd7bdce07a902f302c417aa9ab27661a0c243d1c13b135de5ee8
                • Instruction Fuzzy Hash: 6231F132B05716DFC712DE2A8984AAFBBE5AFD4260F014529FDD5AB208DB70DC0187E1
                Function 010E8550 Relevance: .1, Instructions: 94COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 97d071776ae6dc6948c91716960601d40704e3b8ed05c86fa5cb420022e45175
                • Instruction ID: a2b021a51792b70dbeaeb5f3ae1a979f4156f81b4544368a48c8a646fc7480b4
                • Opcode Fuzzy Hash: 97d071776ae6dc6948c91716960601d40704e3b8ed05c86fa5cb420022e45175
                • Instruction Fuzzy Hash: 3E3181726093018FE768CF19D844B2BBBE5FB98B00F054AAEF98497351D771E844CB91
                Function 0111A6C7 Relevance: .1, Instructions: 92COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                • Instruction ID: 431e6d6976d8f66d27ede9a25d74b2a905a5efbcde5bab8da5d2741e991584ab
                • Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                • Instruction Fuzzy Hash: 483118B2B05B41AFD769CF69DD41B56BBF8AF08A50F04093DE5AAC3650E731E900CB60
                Function 0118EBD0 Relevance: .1, Instructions: 91COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 465f4dc69daaa23de558a56526a556cbe017e1ab0f950fcccc3a3604efcae84b
                • Instruction ID: cb4f887a9a4924f0f919336cd2042ae83d55056471a4473ddd676909be50046a
                • Opcode Fuzzy Hash: 465f4dc69daaa23de558a56526a556cbe017e1ab0f950fcccc3a3604efcae84b
                • Instruction Fuzzy Hash: 3C31CBB190A742DFCB19EF19C54095ABBF1FF89614F0589AEE4889B311E330E945CF92
                Function 0110438F Relevance: .1, Instructions: 89COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 709ef53d7154828aee6c64442f0f1465717168b6dd04eccaa0449cca9ffc0bb3
                • Instruction ID: e277c516100a766ab512ce27c178015bb63cb3dcb809907912ef485dc6a3b1cb
                • Opcode Fuzzy Hash: 709ef53d7154828aee6c64442f0f1465717168b6dd04eccaa0449cca9ffc0bb3
                • Instruction Fuzzy Hash: 3431F431F00206DFD72DDFA8C9C1AAEBBF9AB84708F018529D645D7A90D770E941CB91
                Function 010DCB7E Relevance: .1, Instructions: 89COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                • Instruction ID: 97a43f55475c3604d1b0dac3127483804b4078eec6aba569542136eaf7dc0fd3
                • Opcode Fuzzy Hash: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                • Instruction Fuzzy Hash: 00210632E0525BAAEB159BB98851BEFBBB5AF54750F058039DE95E7340E370D900C7A0
                Function 010DC156 Relevance: .1, Instructions: 88COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 1141c14c043f9a213451794703c92f91ae6feacdf6efe8b8a02210e63bb930dd
                • Instruction ID: 408327c42feaf05fbfb30db5a0cf0dd01d0f2837efa897b70a50f7362d4109a8
                • Opcode Fuzzy Hash: 1141c14c043f9a213451794703c92f91ae6feacdf6efe8b8a02210e63bb930dd
                • Instruction Fuzzy Hash: CC317DB15002118BDF3AAF68DC41BA977B4EF80318F9481ADDD859B386DF34D985CB90
                Function 0119C3CD Relevance: .1, Instructions: 88COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                • Instruction ID: 7f3db42364f749f92f32a9df4ff89e4b9070a93a6b3a089539e39261c85d4784
                • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                • Instruction Fuzzy Hash: 5F21F736700656A6CF19AB95C800BBEBBB4EF90714F40801AFAE58B691E734D950C3F0
                Function 010DE420 Relevance: .1, Instructions: 88COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 84a2b971fceea9d440a79011775f9756fd50db42880a784c4ccfd4c63818bb3c
                • Instruction ID: 2a320d634e09db0ec61143ac90763c66a40840cc77bd9a375778231557b5b5fe
                • Opcode Fuzzy Hash: 84a2b971fceea9d440a79011775f9756fd50db42880a784c4ccfd4c63818bb3c
                • Instruction Fuzzy Hash: 2D31D431A0122C9BDB35DF18CC41FEE77B9AB15790F0101E5E685AB290DA749E808F90
                Function 01114588 Relevance: .1, Instructions: 87COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                • Instruction ID: 0f2c4e250320282c692f115808a90217faca2c7f24abf9d899ea9aced467461b
                • Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                • Instruction Fuzzy Hash: C3216031A00709EBCB19CF58C980A8EBBB5FF48B58F108479EE159F645D771EA05CB90
                Function 011144B0 Relevance: .1, Instructions: 87COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 070e4df126cefe633e71589ffeec6f637ab0c2d7458542349318457147715403
                • Instruction ID: 3361b0ca7e436f7850bb5cbb377ab38b2db43a0f69d2884dfbaa96a9236af6ec
                • Opcode Fuzzy Hash: 070e4df126cefe633e71589ffeec6f637ab0c2d7458542349318457147715403
                • Instruction Fuzzy Hash: 2021D5726047469BCB2ACF18C840B6BB7E4FF88B60F014529FD549BA45D730E901CBE2
                Function 010DE388 Relevance: .1, Instructions: 86COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                • Instruction ID: 6ea77e5096d0ad1dabaf26c462479fbb423ad75c5eceffb2667493fef3b63de5
                • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                • Instruction Fuzzy Hash: AE316931600705AFDB25DF68C884F6AB7F9EF85354F1445A9E6928B690EB30EE02CB50
                Function 0115E609 Relevance: .1, Instructions: 86COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8d33d0d42723af9b624449ac820d593436a5a8d66aa59a140703e6aa940a5901
                • Instruction ID: 4bcd60c38dcfbb7e3c096cc21bd7b5190ec8bcc78ec4149a8282850d9f7ce901
                • Opcode Fuzzy Hash: 8d33d0d42723af9b624449ac820d593436a5a8d66aa59a140703e6aa940a5901
                • Instruction Fuzzy Hash: CC317C75A01205EFCB5CCF1CC8849AEB7B5EF88344F15445AEC199B391EB71EA50CBA1
                Function 011606F1 Relevance: .1, Instructions: 79COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6904df013db2329b88da6e865e45d540bb8bb46e73706fdc37b0b7936c9e4251
                • Instruction ID: 354f22e9fdc3f49deb7957b41848fb84206df99daf71de38504a79faf03a007a
                • Opcode Fuzzy Hash: 6904df013db2329b88da6e865e45d540bb8bb46e73706fdc37b0b7936c9e4251
                • Instruction Fuzzy Hash: A52180719006299BCF18DF59C881ABEB7F8FF48740B510069F581EB250D779AD51CBA1
                Function 0116019F Relevance: .1, Instructions: 78COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7748f357cadecd452856287efde4608464cd6519c4d4ebf6a0ee4a5990c04f77
                • Instruction ID: 01883a976ab774602f7820fbebcf5ed9fc06c0bf51de3a7756bf32509981690d
                • Opcode Fuzzy Hash: 7748f357cadecd452856287efde4608464cd6519c4d4ebf6a0ee4a5990c04f77
                • Instruction Fuzzy Hash: 38218B71600645ABDB19DB68D840F6AB7A8FF4C740F140069FA44DB690D739ED50CBA8
                Function 01160283 Relevance: .1, Instructions: 74COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a886bfe911e830619a612d7419e20927d455f43fb8428b61a7ad4744a3b79091
                • Instruction ID: 310544e92d702fcc6f3113cfc235df6b5d483083f623a433daff9490b8827607
                • Opcode Fuzzy Hash: a886bfe911e830619a612d7419e20927d455f43fb8428b61a7ad4744a3b79091
                • Instruction Fuzzy Hash: 2921F2729083469FD716EF5DC844B9BBBDCEF98254F08045ABE80CB691D731D914C7A2
                Function 01102835 Relevance: .1, Instructions: 73COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 352d987246ff3094b5bc655d006ba73bed1e96662877f349e20b64b586c273a1
                • Instruction ID: dd6550f25f9c7b5b8a2a5530f46963924f224a27e31ccabcaa7633000168de7e
                • Opcode Fuzzy Hash: 352d987246ff3094b5bc655d006ba73bed1e96662877f349e20b64b586c273a1
                • Instruction Fuzzy Hash: 5E212C31A446819BF32F572C9C08B593BD4BF41B74F1A03A5FAA19F6D2DBB8C801C101
                Function 0111A30B Relevance: .1, Instructions: 70COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a7613aa1351582860d956d8904501133c9289619ff0ab405e2cc1c2eed3eb0c1
                • Instruction ID: 23cbc40abe6970f1ca203e74b998b7697b44f04da04464a124f01960a8266a51
                • Opcode Fuzzy Hash: a7613aa1351582860d956d8904501133c9289619ff0ab405e2cc1c2eed3eb0c1
                • Instruction Fuzzy Hash: 2A21C939251A41DFCB29DF29CC01B42B7F5BF08B48F24846CA959CBB65E330E842CB94
                Function 0119A49A Relevance: .1, Instructions: 70COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: decf4602b570064487b32b94de5f531c9ef48cb33c3950f7d434dd22c22c86c8
                • Instruction ID: 8c7164e31464a4ec86d41f7d7d94d07f1e67ecbdf88cd310626a6fc809365d65
                • Opcode Fuzzy Hash: decf4602b570064487b32b94de5f531c9ef48cb33c3950f7d434dd22c22c86c8
                • Instruction Fuzzy Hash: 78113632380A11BFEB2A5659AC41FAB7A99DFD4B60F110128B768DB290EF70DC048795
                Function 01160946 Relevance: .1, Instructions: 70COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: be921271ccd8483f8134fb3bcee945fa5585cfc563080bf890d82d8e84a750cb
                • Instruction ID: 493d9afc0e6f4ed45dc26a3e701972dd19b85dc84ff8dfbd690bf925819dcd08
                • Opcode Fuzzy Hash: be921271ccd8483f8134fb3bcee945fa5585cfc563080bf890d82d8e84a750cb
                • Instruction Fuzzy Hash: 1121E9B1E41309ABCB24DFAAD9809AEFBF9FF98710F10012EE415A7240DB709941CF54
                Function 011780A8 Relevance: .1, Instructions: 69COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                • Instruction ID: 1a71aaabba8b8dd452fddc3eb974d56ae7305e550c121e16e44c3531964bffde
                • Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                • Instruction Fuzzy Hash: 25218972A0020AEFDF169F98CC44BAEBBBAEF88320F214819F954A7351D734D950CB50
                Function 01110124 Relevance: .1, Instructions: 68COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                • Instruction ID: 04a19e087f8bfdee8744e4bb0436121dfe8193977b59af1e7934efad34a14877
                • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                • Instruction Fuzzy Hash: 2311E272A00609AFD72A9F48CD41F9ABBB8EB88754F104039F6048B180D775ED84CB50
                Function 010E8770 Relevance: .1, Instructions: 68COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e407c91098dc3e5ad957cfb8f73b7dcd0a34f998aa628337ba4f33405880abd5
                • Instruction ID: 35b3c8f333fc3cf17ffdfe1c0c86bb4bb3da6528b4577aa527d969d68bc2c446
                • Opcode Fuzzy Hash: e407c91098dc3e5ad957cfb8f73b7dcd0a34f998aa628337ba4f33405880abd5
                • Instruction Fuzzy Hash: 1611EF357406119FDB55CF4EC584A6ABBE9BF4A710B18C0EEEE889F200D7B2D901C790
                Function 010E80E9 Relevance: .1, Instructions: 66COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ef562ba357b3df87c7d8b04305527b1887c44abd504ad8b96f3efac4695b6e84
                • Instruction ID: 07d96d20252e6d5463e7832f9519642d3c9580f35c64bfa7c439502b72a9884d
                • Opcode Fuzzy Hash: ef562ba357b3df87c7d8b04305527b1887c44abd504ad8b96f3efac4695b6e84
                • Instruction Fuzzy Hash: DA215E75A40205DFCB14CF59C591AAEBBF9FB88314F2481AED145A7311C771ED06CB90
                Function 0111674D Relevance: .1, Instructions: 65COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 462a7b28c2da9971dabad5e1fac2957bf26a25d8e895e245358b39b419878a61
                • Instruction ID: 566aefbfaca08b9a2217e995f4ebfdd072a39c5c3dd8a6edc2fa6c06af5b0ffb
                • Opcode Fuzzy Hash: 462a7b28c2da9971dabad5e1fac2957bf26a25d8e895e245358b39b419878a61
                • Instruction Fuzzy Hash: 11218E71601A01EFD7288F68C881B66B7F8FF44250F04883DE5AAC7650EBB1A850CBA1
                Function 01176870 Relevance: .1, Instructions: 63COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 00bdfed9b51fc594ffe310ce775e46a480ad2e6a9187d3fdee9b66532d167642
                • Instruction ID: aa73c408660dd6a6ee275e20ed69ed067ec4a96099341752129e8daa44122b54
                • Opcode Fuzzy Hash: 00bdfed9b51fc594ffe310ce775e46a480ad2e6a9187d3fdee9b66532d167642
                • Instruction Fuzzy Hash: E511C132240A05EFE72ADB59CD40F9A77B8EB99760F114029F245DB350EB70EC01C7A0
                Function 0110E8C0 Relevance: .1, Instructions: 63COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 33eec403886f59b8a828353625b4e97cb6eed152db0844f1565ba25a87e95de6
                • Instruction ID: 162e73128d3a6c1ed4eefa9d4362c8b3bb27a0b28eb503ae88c50a4b72812a34
                • Opcode Fuzzy Hash: 33eec403886f59b8a828353625b4e97cb6eed152db0844f1565ba25a87e95de6
                • Instruction Fuzzy Hash: BD1148337001159FCB1ECB2DCD81A6B7656EBD1770B268928E9228B380EB309802C791
                Function 011166B0 Relevance: .1, Instructions: 61COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 41064d98c061c7d0126a596c35dbc03399ff3108bff3902cf7d9bd521fb7755f
                • Instruction ID: fd2a46f3106951d20ed69b3deea9c45f955a30edbad01046d567304eaac32ad2
                • Opcode Fuzzy Hash: 41064d98c061c7d0126a596c35dbc03399ff3108bff3902cf7d9bd521fb7755f
                • Instruction Fuzzy Hash: 2311E076A02A09DFCB2DCF59C581A5AFBF9EF94610B02407DDA159B318E7B0DD00CB90
                Function 011AA8E4 Relevance: .1, Instructions: 61COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                • Instruction ID: 9d6b55a4a733711a40160fa007c226d23fdd8772cc676a5c48e445bb93f9f2f7
                • Opcode Fuzzy Hash: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                • Instruction Fuzzy Hash: AF110436A00919AFDB1DCB58C801B9EBBB5EF84314F058269E85597340E735ED41CB80
                Function 0116E7E1 Relevance: .1, Instructions: 59COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                • Instruction ID: bb1d55ae3daca906f6084a53a28532be4879902127fe7dd69e8f29f422e54018
                • Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                • Instruction Fuzzy Hash: 4F11E03A602601EFEB28DF49C844B56BBEDEF45754F058628EA489B164DB32DC50CB90
                Function 011027ED Relevance: .1, Instructions: 58COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 18f9ad2e1933a6e50ffaa1bbdb1e5e028410d705dec81c67d2d705a85de499d7
                • Instruction ID: 2c2200e9b1f3869cc0fbfb0498ae0dfd19f3edacfcbbe9db2b73de6fe21b9c60
                • Opcode Fuzzy Hash: 18f9ad2e1933a6e50ffaa1bbdb1e5e028410d705dec81c67d2d705a85de499d7
                • Instruction Fuzzy Hash: 8A012B766456456FE31F626DE848F6B6BCCEF41768F060075FA418B690DB64DC00C2A1
                Function 010E4690 Relevance: .1, Instructions: 57COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 39f2e59889fcab7978ad0d93632d0787cbd37906c79d3a7b1a1a8341e42a8ab7
                • Instruction ID: db2116bf98c82f73c60b30fe2a5ee28c029685526d65b0288a5ed4f947e8dd5d
                • Opcode Fuzzy Hash: 39f2e59889fcab7978ad0d93632d0787cbd37906c79d3a7b1a1a8341e42a8ab7
                • Instruction Fuzzy Hash: 4D11E036285640AFDB25CF5AD888B567BE4FB85764F004119F9C4CB250C370E840CFA0
                Function 011B4B00 Relevance: .1, Instructions: 57COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 811e41e6ffcddb44a6fceafe1873406d6c429fbf2a4d74230e0712c9c6023906
                • Instruction ID: 0e10ad5f738f158671120b2e3dd61b8eca32f0f610e565cf1aafed316b74f554
                • Opcode Fuzzy Hash: 811e41e6ffcddb44a6fceafe1873406d6c429fbf2a4d74230e0712c9c6023906
                • Instruction Fuzzy Hash: 2D11C6362006119FDB2ADA6DD980FA7BBA5FFC4710F158429E79787A91DB30E802C791
                Function 01116620 Relevance: .1, Instructions: 56COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d926627710ebd97833027d059663d9f15f16a934f26f89fc7a893841265c2e89
                • Instruction ID: 8b69a94d958c6d5b1fd7377b35e4c5f0cd9ab02e6905cfc0d8bad88b669eb5db
                • Opcode Fuzzy Hash: d926627710ebd97833027d059663d9f15f16a934f26f89fc7a893841265c2e89
                • Instruction Fuzzy Hash: 5011C276A00616AFDB25DF59CD80B9EFBB8EF84750F510868DA00A7204D775AD01CB90
                Function 0110EA2E Relevance: .1, Instructions: 56COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 83e0cd83699bda9eeda72c1ec3bb2526893ecb5e9d48dee1c3dfaa8113d6a658
                • Instruction ID: f7a758507eec16dd00908263cc7fb31d5febcb90d563bee44452a8a57d6aad4e
                • Opcode Fuzzy Hash: 83e0cd83699bda9eeda72c1ec3bb2526893ecb5e9d48dee1c3dfaa8113d6a658
                • Instruction Fuzzy Hash: BC019671602109DFC72ADB1AD544F56BBFAEB85314F218579E1058B260C7B09C81CB90
                Function 0110E53E Relevance: .1, Instructions: 55COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                • Instruction ID: 0e6ee6fc9f5e5ced7acfc71c71cfb7ca58350625493c4901aeba16df355e45f1
                • Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                • Instruction Fuzzy Hash: 37114C756026C39FE72B971DD554B6537D4FB00B54F1A08A0EE409B7C2F369C843C211
                Function 0116E75D Relevance: .1, Instructions: 54COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                • Instruction ID: 4c73048a861311b5a86ec3a77ae3472ff9be0a76b66616555a350ff3c474d673
                • Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                • Instruction Fuzzy Hash: CF01263A202905AFE729DF19CC00F967AADEF40B50F058224EA048B160E77BDD60C7D0
                Function 010DA250 Relevance: .1, Instructions: 52COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                • Instruction ID: 09841d8646acd9a79a29962944b52a94c3ce39dcddafba0b4cb070384fd85538
                • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                • Instruction Fuzzy Hash: 9A01C072605B22DBCB618F1E9840A7A7BE5EB59B707008A6DF9D58B681D731D810CBA0
                Function 011B4940 Relevance: .1, Instructions: 52COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 394243339fcb59fae75a5758d5fe2f655daad3edb616bff02cfd9bd178119cb8
                • Instruction ID: f182b743d8748c1fa1e7d3872b766c09523115ed404978890547e3dbde65cec7
                • Opcode Fuzzy Hash: 394243339fcb59fae75a5758d5fe2f655daad3edb616bff02cfd9bd178119cb8
                • Instruction Fuzzy Hash: F3014E324412019FC73ADF1CC880E96B7A8EB89770B158215E5A69B593F730DC01C7C0
                Function 0115E1D0 Relevance: .1, Instructions: 51COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2582a67021e54080d8fcd128d570619acd575d7edef8a5736f3613501354c3f8
                • Instruction ID: 8dd81cfa7377b72af242c875d775bd069334500329eb6291849afe3f81426d35
                • Opcode Fuzzy Hash: 2582a67021e54080d8fcd128d570619acd575d7edef8a5736f3613501354c3f8
                • Instruction Fuzzy Hash: DB118E31641245EFDB19AF19C990F56BBB8FF54B94F100065EA059B661C735ED01CA90
                Function 010E6259 Relevance: .1, Instructions: 51COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2bef51b70a1fe245d2592bf2c201d6c9c842433b30a6a38d9b921fde376a9e13
                • Instruction ID: 493c8dd35c32eb5188fb79de773ad3cde769172ae57079767908c1b0eb3c821e
                • Opcode Fuzzy Hash: 2bef51b70a1fe245d2592bf2c201d6c9c842433b30a6a38d9b921fde376a9e13
                • Instruction Fuzzy Hash: D8115A70541229ABDB69AB64CC52FEDB3B4FB18714F5041D8A318A60E0DB709E91CF84
                Function 01166050 Relevance: .0, Instructions: 50COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e49675a9082933611c53c25106e457381f04c790b4be2eff88fef7efc0a5daea
                • Instruction ID: 1f4155237d8c7df0e2948efd6c11883f4d75de3b471bdf0a277b73369fad45fd
                • Opcode Fuzzy Hash: e49675a9082933611c53c25106e457381f04c790b4be2eff88fef7efc0a5daea
                • Instruction Fuzzy Hash: C4111772900119ABCF19DB94CC80EDFBBBCEF48258F044166E916E7211EB35AA55CBA0
                Function 010E208A Relevance: .0, Instructions: 50COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                • Instruction ID: 9edac0f36915a99852859ea5cb4788e1fa630e2db53308c1f4e41e8ee1508aea
                • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                • Instruction Fuzzy Hash: 8701F5326002018FDF199A6ED884A967BAABFC4700F1545A9FD458F28BDB71C881C390
                Function 01176500 Relevance: .0, Instructions: 50COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c65239d2dfe28ee68886b5d1c95331c168dcb506e5c7b37d374a397ecf40e7ba
                • Instruction ID: 50b17629b57e03461eb2371b5c7eef3d517d95cb32f48bdec5c755b335483bff
                • Opcode Fuzzy Hash: c65239d2dfe28ee68886b5d1c95331c168dcb506e5c7b37d374a397ecf40e7ba
                • Instruction Fuzzy Hash: FC110432640546DFE709CF18D800BA6BBB9FB5A344F088159E848CB315D732EC80DBA0
                Function 0116C810 Relevance: .0, Instructions: 50COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0707e40cd9626278fbcff08b6f3d3fcaa7ac428622fcc6f56a6d08c23cb64646
                • Instruction ID: 59b9e8bad4365f5339218a32865971278427cd0ca3b3850d5a7dd858e276901f
                • Opcode Fuzzy Hash: 0707e40cd9626278fbcff08b6f3d3fcaa7ac428622fcc6f56a6d08c23cb64646
                • Instruction Fuzzy Hash: 0F1118B1E00219ABCB04DFA9D541AAEBBF8FF58350F10406AE905E7351D774EA11CBA4
                Function 0118EA60 Relevance: .0, Instructions: 50COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: dd3c8840de3515fbeb90f4af84791fb6b752e1fcbf86ca08ffdcd64cb33d1451
                • Instruction ID: b3c99129728b5e163a600113b1111d368c67d9d746b2f29e9beaee8cb4f9aa95
                • Opcode Fuzzy Hash: dd3c8840de3515fbeb90f4af84791fb6b752e1fcbf86ca08ffdcd64cb33d1451
                • Instruction Fuzzy Hash: 1B01B1311426119BCB3ABB19844497AFBA9FF91E60B05C42EE6955B611CB31DC42CF91
                Function 010DC020 Relevance: .0, Instructions: 49COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                • Instruction ID: 1ccdb3347442d454573d983d10c1413560619f999b3dd8649200c8a2ad1af784
                • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                • Instruction Fuzzy Hash: 9A01D8321007059FEF26A6A9D940EA77BFDFFC5254F45841DF6868B984DB70E402CB50
                Function 011220F0 Relevance: .0, Instructions: 49COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4593e2036ed96051eb53bd361ae73a7744d8e728bba7f706eb332cbce9e24c4d
                • Instruction ID: b3e1a0856b6a2990f9e931f807a4f32d1e5a8bc824917be36a03a4a654fe088d
                • Opcode Fuzzy Hash: 4593e2036ed96051eb53bd361ae73a7744d8e728bba7f706eb332cbce9e24c4d
                • Instruction Fuzzy Hash: 47116D35A0125DEFCB09EF64D851FAE7BB5EF44354F104059E9119B290DB35AE21CB90
                Function 0111E5CF Relevance: .0, Instructions: 49COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 92aac9daa869309a0f8eb687176a9481743557174ec16bf51649f765e0826bd5
                • Instruction ID: 108d9bcd2aa98f03a6bc6d2fee13da7d3ce3b90cd9054a1cf7826ec232165ed1
                • Opcode Fuzzy Hash: 92aac9daa869309a0f8eb687176a9481743557174ec16bf51649f765e0826bd5
                • Instruction Fuzzy Hash: DE01F271201A0ABFC316AB79CD81E97BBACFF946A4B010629B60983951DB74EC11C6E0
                Function 011769C0 Relevance: .0, Instructions: 49COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 72de707b5f3ce2d07bea1edb447576f42a92b2635518d64bf2deb6cfb644dde0
                • Instruction ID: 2a0bfd42ba213728f6f2bc786250f1b979d13d7a7022890f1d9d611084919add
                • Opcode Fuzzy Hash: 72de707b5f3ce2d07bea1edb447576f42a92b2635518d64bf2deb6cfb644dde0
                • Instruction Fuzzy Hash: C9014C32228612DFD32CEF6DD848DA7BBB8FF98660F114129E969872C0E7309911C7D1
                Function 0116C460 Relevance: .0, Instructions: 48COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c69af7e6641be8394768102acc29078ac22de19490367d2053258b016856febb
                • Instruction ID: 64f8a92e1efe077f38e0613a72dae8337611eabfc9dd9520b0f39f5edc420174
                • Opcode Fuzzy Hash: c69af7e6641be8394768102acc29078ac22de19490367d2053258b016856febb
                • Instruction Fuzzy Hash: 2B115B71A01209ABDB19EF68C844EAE7BB9EB58354F004059F94197380DB35EA21CB90
                Function 0116C97C Relevance: .0, Instructions: 48COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7327e750d000c381bc00b961a0449ea23d35be02bc6d0946709d0f7ef08d24d1
                • Instruction ID: 51485612d47db1633f33766b8c7669cb5205d7bb50d110e4187323ea45f8bc6b
                • Opcode Fuzzy Hash: 7327e750d000c381bc00b961a0449ea23d35be02bc6d0946709d0f7ef08d24d1
                • Instruction Fuzzy Hash: 051179B16193089FC704DF69D442A9BBBE8EF98310F00451EFA98D7390E730E910CBA6
                Function 0116CA11 Relevance: .0, Instructions: 48COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: fa036d5b1b0c36a273c199d1006c61fee27e9029c733d97ff32c0afb8279685a
                • Instruction ID: ea2e930977631cb215dc03c83e68e55bb1491b8fa48f8e8edf8ace2833db2561
                • Opcode Fuzzy Hash: fa036d5b1b0c36a273c199d1006c61fee27e9029c733d97ff32c0afb8279685a
                • Instruction Fuzzy Hash: 681157B16193089FC704DF69D441A9BBBE8AF99350F00851EF998D73A0E630E910CBA6
                Function 011B4A80 Relevance: .0, Instructions: 48COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                • Instruction ID: 120da4107166de25f5242b89e5f19dc6ddd58927b2150ca860a0b4134a64b280
                • Opcode Fuzzy Hash: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                • Instruction Fuzzy Hash: DB01B5362006019FDB29AA69D884ED6B7EAFBC5210F048419E643CBA91DBB0F840C754
                Function 010FE016 Relevance: .0, Instructions: 46COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                • Instruction ID: c4022d90b9255bb3b0e2a031fc6a1d03d6a3c50321d13bf04cd965c953c69d8c
                • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                • Instruction Fuzzy Hash: 4901BC722046849FE32AC62CC908F2A7BD8EB84754F0A00A5FA45CBAA1C778DC80C225
                Function 010D826B Relevance: .0, Instructions: 46COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 177fbd289d74ebe5fc50209c0ab8108585490577b811ea423effe5fc1e7a2487
                • Instruction ID: c820177aa6235d12d3dd1ed7cb46b3f9e949fa9135b9d2628f547acf50008f0c
                • Opcode Fuzzy Hash: 177fbd289d74ebe5fc50209c0ab8108585490577b811ea423effe5fc1e7a2487
                • Instruction Fuzzy Hash: 4D018472B15605EBD71CEB69DD009BE7BB9EF80624F15806AD902A7684EF20D901C691
                Function 0118EB50 Relevance: .0, Instructions: 46COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID: InitializeThunk
                • String ID:
                • API String ID: 2994545307-0
                • Opcode ID: 940501bae8455b0a9f86752110c2304dc418442107fda7d5d9321e2bc23e0458
                • Instruction ID: a826b4f9c66ab1b012e4586c32f723af8494ee45e3f977a700eb4fd322741297
                • Opcode Fuzzy Hash: 940501bae8455b0a9f86752110c2304dc418442107fda7d5d9321e2bc23e0458
                • Instruction Fuzzy Hash: 6F01F2B1242B01AFD3396F59D901F46BAA8EF54B50F02842EF35A9F790C7B0D881CB54
                Function 010E2582 Relevance: .0, Instructions: 45COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e9ac213b44021165a4283c3118eeae151c97c0774c43c4fa32ac6761dd6c300f
                • Instruction ID: 887fc2d7f295afdb7cafe21db1b9b8480d7d282d20e2d7502773ea1c8dccce42
                • Opcode Fuzzy Hash: e9ac213b44021165a4283c3118eeae151c97c0774c43c4fa32ac6761dd6c300f
                • Instruction Fuzzy Hash: 48F0F433A41B25BBC7359F5B8D44F4BBEEDEB84BA0F114028A64697600CA30ED01CBA0
                Function 0110C073 Relevance: .0, Instructions: 43COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                • Instruction ID: 60e7c5b9eba4b49394dc3ffe50dd250bf4474308f617813ed142aaae1575aedf
                • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                • Instruction Fuzzy Hash: BAF0C2B2A00625ABD329CF4DDC41F57FBEEDBD5A80F048168E655C7224EA71ED04CB90
                Function 010DC310 Relevance: .0, Instructions: 43COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                • Instruction ID: b1d0c8632df7cbd585431c6d3161050c4c7c8156804ad2c39d53fccccea326e4
                • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                • Instruction Fuzzy Hash: 48F02B73248B339BF736165D8A40BAFAAD58FD1B64F1A407DF2899B244CE648D02D7D0
                Function 011B634F Relevance: .0, Instructions: 43COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 047a98a2d0d068785c322a6b35790fc83b7550b79a10ae4ab82877d11c649e07
                • Instruction ID: d152752ad218b190460105f98a899623c8b7246a93b08f1e91ad9316cdd99162
                • Opcode Fuzzy Hash: 047a98a2d0d068785c322a6b35790fc83b7550b79a10ae4ab82877d11c649e07
                • Instruction Fuzzy Hash: 5C017171E11209ABCB08DFA9D44199EB7F8FF58304F10402AE914E7350D7349A00CBA4
                Function 011B625D Relevance: .0, Instructions: 43COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 1de9b405dfb69e138a3afc86bfb9981bee6e9cbe1b9675ab9b5f6e8b19cb78cf
                • Instruction ID: 02979a9df8e9edae6c594bf021b81cd61d69cf30c9a7c9f66d7b189bd46b9fb3
                • Opcode Fuzzy Hash: 1de9b405dfb69e138a3afc86bfb9981bee6e9cbe1b9675ab9b5f6e8b19cb78cf
                • Instruction Fuzzy Hash: 4D017171A10219ABDB08DFA9D4419AEB7F8EF58304F10406AF914E7350D7749A00CBA4
                Function 011B62D6 Relevance: .0, Instructions: 43COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 545ad299c6b38bcdce39caccc7b7b0c4624d775cc4dcb043e2976a65ebf7d37d
                • Instruction ID: 10df842b3e4d1de71fe4b02e41358b5e4270fcfcee5c3bbe6a4a0aef4ad493f8
                • Opcode Fuzzy Hash: 545ad299c6b38bcdce39caccc7b7b0c4624d775cc4dcb043e2976a65ebf7d37d
                • Instruction Fuzzy Hash: 93017171A01209ABCB08DFA9D44199EBBF8EF58304F50402AE914E7390D774DA00CBA4
                Function 0111CA6F Relevance: .0, Instructions: 42COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                • Instruction ID: 7a689336ea21ee1d8249f6e3406cb4404341bad26a8c778077f974b70c05498f
                • Opcode Fuzzy Hash: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                • Instruction Fuzzy Hash: AD01F432240685DBD32B971EE805F9ABF98EF41754F0940B5FE548FAA1E779C800C251
                Function 011B61E5 Relevance: .0, Instructions: 41COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7e5f263c42f41bbce09b1bdd2d397763d9f6e73ca539014249aa19823940dc65
                • Instruction ID: 4e9488f7ef88f2478456bf07398831b79d4116881404b169e424873f12720d8d
                • Opcode Fuzzy Hash: 7e5f263c42f41bbce09b1bdd2d397763d9f6e73ca539014249aa19823940dc65
                • Instruction Fuzzy Hash: 8E018F71A01259AFDB08DFA9D441AEEBBF8FF58314F14005AE501AB280D734EA01CBA8
                Function 011663C0 Relevance: .0, Instructions: 41COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                • Instruction ID: 9274ef6349c04b721691702ffdcc58f15ca47d055f29c33091ced284b9cbdd6f
                • Opcode Fuzzy Hash: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                • Instruction Fuzzy Hash: BAF0627220001DBFEF019F94CD80DEF7B7DEB58298B104124FA0092060D731DD21E7A0
                Function 0116A4B0 Relevance: .0, Instructions: 40COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4b416ef1682e678d704ca26be0f6fa44d27dc51eec7562caeb7a268c31fd91b7
                • Instruction ID: 079e3b9db2692f08dce1c7c8357a5b432ff08e231dde669fd15fa90bd341e8ac
                • Opcode Fuzzy Hash: 4b416ef1682e678d704ca26be0f6fa44d27dc51eec7562caeb7a268c31fd91b7
                • Instruction Fuzzy Hash: 91018536111219ABCF169E84EC40EDA7F6AFF4C664F068111FE2866220C332D9B0EB81
                Function 010DC0F0 Relevance: .0, Instructions: 39COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 1ee1ef612bd5932d826d375ab5ee6d7ac41db94ecc60853b79d0cbfa8d08805a
                • Instruction ID: 2155566a169c3047536ef3328fbe1a984f69aea52f6ad4565e2b3586a132adf9
                • Opcode Fuzzy Hash: 1ee1ef612bd5932d826d375ab5ee6d7ac41db94ecc60853b79d0cbfa8d08805a
                • Instruction Fuzzy Hash: B1F02B752043615FF7549629CD41B6232D5E7D1650F25806DE7858B2C1E970DC01C3A4
                Function 0111656A Relevance: .0, Instructions: 39COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8a8577203b1420fb50af032d992efb3bdfd9362ee6e7bfeffcf8ca5283a2480d
                • Instruction ID: f8c4eae6474b9e66051e607a84d38ac3ea856ca0762e777fb3e0bdb401ee6a4f
                • Opcode Fuzzy Hash: 8a8577203b1420fb50af032d992efb3bdfd9362ee6e7bfeffcf8ca5283a2480d
                • Instruction Fuzzy Hash: 8801A970205A81DBE3AE972CDD48B2977A8BB40B44F450164FE118BAEAE779D441C211
                Function 0118437C Relevance: .0, Instructions: 37COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                • Instruction ID: 308636b3987efdf4861ea262b840e2032dc0e136dc8284f79e03d71bb1855fac
                • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                • Instruction Fuzzy Hash: 07F0E935749D3357EB7EBA2F9410B2EBA559FA0A00B05852C9E51CBE80DF60D8008F84
                Function 0116E872 Relevance: .0, Instructions: 36COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                • Instruction ID: 0e19b9d5a2cfd12b1752786f7956216b2ab6f1534f3eb86678ade1c4e44f0f7a
                • Opcode Fuzzy Hash: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                • Instruction Fuzzy Hash: DEF0E9377025129BD739CA4DCC80F16B76CEFD5A60F1A0268AA049F660C361EC11C7D0
                Function 0116C89D Relevance: .0, Instructions: 36COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b3afe121931d6af763eae67fb21a4b12b899834231882be50b50ebaba33b7bf8
                • Instruction ID: 3fbe6ea885e69c86a665ba8a52a16328eae9a060e0e786cf1a6d7b8f59b9d6c6
                • Opcode Fuzzy Hash: b3afe121931d6af763eae67fb21a4b12b899834231882be50b50ebaba33b7bf8
                • Instruction Fuzzy Hash: 94F0A4706193049FC318EF28C441A1BB7E8FF98714F40465EB894DB390E734E910CB96
                Function 01110854 Relevance: .0, Instructions: 35COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                • Instruction ID: ec6dabfd807716f0b14e8c34db6e4b57ca3a006a88d19776bf481f9b1e984271
                • Opcode Fuzzy Hash: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                • Instruction Fuzzy Hash: 7BF09072A14204EEE718DF25CC01F96B6E9EF9C344F158078A945D7164EBB0DD81C754
                Function 0116C912 Relevance: .0, Instructions: 34COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f659f2bb1c407df05656086fb8c70416d86106f5fba70af0c94521c58f7b4073
                • Instruction ID: 1a27a09226f9390e2986ae8946f5f01465e9e2eb378b570a43ccbf927cd61d99
                • Opcode Fuzzy Hash: f659f2bb1c407df05656086fb8c70416d86106f5fba70af0c94521c58f7b4073
                • Instruction Fuzzy Hash: 72F04470A012499FCB08EF69D515A5EB7B4EF18304F404059A955EB385DA38DA11CB94
                Function 010E47FB Relevance: .0, Instructions: 33COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5d96162ccd310e9d3874a1d55679e45ae661ed372d1ed8291dcb43a4c0b118e8
                • Instruction ID: 96df5116d1f380c2fd08763e0a783a01c6f8bb6f33b74be9a903690a1a148c4d
                • Opcode Fuzzy Hash: 5d96162ccd310e9d3874a1d55679e45ae661ed372d1ed8291dcb43a4c0b118e8
                • Instruction Fuzzy Hash: B2F02E319162E58FE7B2CF6EC25CB69BBC49B00A20F0889AAD5C9C3502C338D880C640
                Function 011A0115 Relevance: .0, Instructions: 32COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 77c571539d9a5d5335b198e6f9f3df7fa984e0a62ab1ce158394f2174efed9af
                • Instruction ID: b78c67d356bcb72de88cc9285f57d4afe969a5f8955c7e0deba6c7df90f053f6
                • Opcode Fuzzy Hash: 77c571539d9a5d5335b198e6f9f3df7fa984e0a62ab1ce158394f2174efed9af
                • Instruction Fuzzy Hash: 61F0557E81B6C10ACF3E6B3C78A03D53F64A74A118F8A1099E8B067206C774E8C3C720
                Function 0111C5ED Relevance: .0, Instructions: 31COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ef0a46fd30a94fbd1627efa64cefe3e2d988d44e35d5b650dcef5977927125c0
                • Instruction ID: f1cb54f464c91ee56ed52b74184c3bb56289b44129d138c57c026f5c74337281
                • Opcode Fuzzy Hash: ef0a46fd30a94fbd1627efa64cefe3e2d988d44e35d5b650dcef5977927125c0
                • Instruction Fuzzy Hash: 0AF052714892509FE33A871CC048B55FBE49B807A0F09AC35C40A83B06C334E880CAC1
                Function 01122619 Relevance: .0, Instructions: 31COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                • Instruction ID: 09b2dd244bee9a9298480b7e27388dba713e5de36b5645914138c8c3eb1cef8b
                • Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                • Instruction Fuzzy Hash: 3AE0D8723006112BE7259E599CC0F577B6EDFD6B14F04007DFA045F251CAE6DC2982A4
                Function 01176030 Relevance: .0, Instructions: 29COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                • Instruction ID: 960100257b5d064dfa9f8208d2eea16a2e861c919ae76ba5263b7b93bc4d9834
                • Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                • Instruction Fuzzy Hash: 9CF06572104604DFF72A8F09DD44F52BBF8EB15364F56C029E6099B661D379EC40CBA4
                Function 0040AD92 Relevance: .0, Instructions: 29COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2368050884.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_400000_L3pFsxNFICpBGmi.jbxd
                Yara matches
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c38ce1dd0c07f42bb45fd7ccedfabef34fddec63f21a891ba6680d1266b1b2ec
                • Instruction ID: 31cbab978d5e566f3fe512243cdaaeb165f4d98ec79ddd0593aa2f2a6445fc38
                • Opcode Fuzzy Hash: c38ce1dd0c07f42bb45fd7ccedfabef34fddec63f21a891ba6680d1266b1b2ec
                • Instruction Fuzzy Hash: 6FF0557245D39D0ACB46CB38AD022453FA29C9297077C83EA9E508B3D2E625082783C2
                Function 010E0710 Relevance: .0, Instructions: 28COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                • Instruction ID: 0ac4d6ed598ae01e217fdacb2ffda49b0da24b826fb7cc4b81ee5ea5ac7d1506
                • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                • Instruction Fuzzy Hash: 53F0E539704341DFDB1ADF1AD050A997BE4FB41360B000054F8C28B341D775E982DB50
                Function 011149D0 Relevance: .0, Instructions: 28COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                • Instruction ID: da77727d14050c0c04a73daee74b1f1d38c0de8358006015555551de42f83650
                • Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                • Instruction Fuzzy Hash: 6DE0D833244645ABD3295E59A801B66FBA5DBD4FA0F170439E242CB954DB70DC40C7D8
                Function 011B4164 Relevance: .0, Instructions: 27COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 1349f7063ce16951b8add1227c912b0b5e2e9b8a755b125b360fde4999749f63
                • Instruction ID: a606a3388c9a14687961243f9ae4adba56455b5ffb03a1e328e44819b791c5d3
                • Opcode Fuzzy Hash: 1349f7063ce16951b8add1227c912b0b5e2e9b8a755b125b360fde4999749f63
                • Instruction Fuzzy Hash: 7CF0A035E265918FE77AD72CE1C0BD177E0AB10620F1A8554D44687D13C324EC41C650
                Function 0118678E Relevance: .0, Instructions: 27COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                • Instruction ID: f24c6dc120853a2c688b1e232fb19fb27c5b8c86d3e8d06a259cb9ca35f8bdf5
                • Opcode Fuzzy Hash: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                • Instruction Fuzzy Hash: 7FE0DF32A00510BBDF25A7998D02F9ABEACDBA4FA0F054064B600E70D4E630DE00CAD0
                Function 011B08C0 Relevance: .0, Instructions: 25COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                • Instruction ID: d2b9ecece32218e8c7c9766f27916e8d8190ab9736af6d3eee6ebfca18a5f401
                • Opcode Fuzzy Hash: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                • Instruction Fuzzy Hash: D8E09B31A403509FCB299A1DD180AD3B7F8DF99664F15847DEA0547612C331F942C6D0
                Function 010E25E0 Relevance: .0, Instructions: 23COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 46f8e5503fc61abd9fe3b127cc0960a795852ecb722d8502e2b2c9309fa3d42e
                • Instruction ID: f4a08cd9acac6547d744070ee8025b96db5a1886cfc112dbe8ca340e6cbe0af2
                • Opcode Fuzzy Hash: 46f8e5503fc61abd9fe3b127cc0960a795852ecb722d8502e2b2c9309fa3d42e
                • Instruction Fuzzy Hash: 2AE092321005549FC725BF2ADD05FDA77DAEB64364F014529F155971A0CB34A850C7C4
                Function 0119A456 Relevance: .0, Instructions: 23COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                • Instruction ID: 14a350969e54e3dead944469b18379d477607d24ebbef36dfa73900369df997d
                • Opcode Fuzzy Hash: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                • Instruction Fuzzy Hash: 40E09231010612DFEB3A6F2AD808B52BAE0BF50715F188C2CE1A6034B0C7B498D4CA80
                Function 01164000 Relevance: .0, Instructions: 22COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                • Instruction ID: 1056ae5f6171f8b7342a8b550918178abccdebfe9df98aa4c6e069a74b870083
                • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                • Instruction Fuzzy Hash: F4E0C2343003168FE719CF19C040BA27BBABFD5A10F28C068A9488F705EB33E852CB40
                Function 0111CA38 Relevance: .0, Instructions: 22COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7c98caa7a65ee3b3060465c0ebc98da8c3d86c434bfce13957ee3ce82746fc20
                • Instruction ID: 8f75d7b300c752e7d020142f23506e3e2cfc67493c1aafa096d6228ae93df522
                • Opcode Fuzzy Hash: 7c98caa7a65ee3b3060465c0ebc98da8c3d86c434bfce13957ee3ce82746fc20
                • Instruction Fuzzy Hash: 66D02B334C20306ACB3FF5187C04FD37A599B64360F024870F108D2014E754CCC182C4
                Function 010D823B Relevance: .0, Instructions: 21COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                • Instruction ID: 2e7ad6140a72a177aea004af68be012c4aa317eb7127fe800e357633f3db598e
                • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                • Instruction Fuzzy Hash: 2CE0C231104B25EFDB362F19DC01F6976A5FFA4B20F11882AE0C10A4A48774AC91CB44
                Function 010E2050 Relevance: .0, Instructions: 20COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ed3c6b3c486a126b093954276d617a49149cc0e5976daade93f9a7b72d57b34e
                • Instruction ID: baf911dd16b36f81b45ea4d4ebde4db02ea38e869c93438dd50401dbeb947323
                • Opcode Fuzzy Hash: ed3c6b3c486a126b093954276d617a49149cc0e5976daade93f9a7b72d57b34e
                • Instruction Fuzzy Hash: F9E08C32201454ABC611FA5EDD11F9A739EEBA4260F010225B1909B6A0CA24AC40C794
                Function 01118A90 Relevance: .0, Instructions: 20COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                • Instruction ID: 071411251430566694d7d65c40609c8b598244c5422ed4c44e678b1367f3075d
                • Opcode Fuzzy Hash: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                • Instruction Fuzzy Hash: 5AE08633111A1487C72CDE18D511B72B7A4EF45720F09863EA61347784C634E544C795
                Function 0111E59C Relevance: .0, Instructions: 16COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                • Instruction ID: e37ddcd058f84b4722db3ce0e8c2ebccb389581d4b7d9117c084aabb41fd3dfd
                • Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                • Instruction Fuzzy Hash: E1D0A932204628ABDB72AA1CFC00FC333E8BB88760F060459B018CB050C364AC81CA84
                Function 0115E908 Relevance: .0, Instructions: 16COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                • Instruction ID: e2ab59cc02d9b3b8b47967588d50c7f3e6be7f15f2d9d46357afbcd1a76c1483
                • Opcode Fuzzy Hash: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                • Instruction Fuzzy Hash: E1E08C31900688DFCF56DF59C640F8AFBF4BB84B00F150008A5485B620C324A900CB80
                Function 010DA0E3 Relevance: .0, Instructions: 15COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                • Instruction ID: 395bcd73005e137757e5d8f3c7aa9cd98910a114188b921b5d24905466bd6c89
                • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                • Instruction Fuzzy Hash: 46D02233312031D7CF2856656810FA76D05AF80AA0F0A006C350A93800C0088C82C2E0
                Function 0111A830 Relevance: .0, Instructions: 14COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                • Instruction ID: 2402da1110fdc286e15f019e0990d5a37c9695555a8392d6b804675478a522b8
                • Opcode Fuzzy Hash: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                • Instruction Fuzzy Hash: 0AD012371D054DBBCB119F66DC02F957BA9E764BA0F454020B6048B5A0C63AE950D684
                Function 0111CA24 Relevance: .0, Instructions: 14COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 1dd2895028625c87c8e8b6acb52c5a98da7f85ff6bcc21edd6f4bba454d1dfaf
                • Instruction ID: 29c950299cd5143695fa23c853b79cc0663fb3c989a9298f6af7573ef9eb1112
                • Opcode Fuzzy Hash: 1dd2895028625c87c8e8b6acb52c5a98da7f85ff6bcc21edd6f4bba454d1dfaf
                • Instruction Fuzzy Hash: 7CD05E3164A006CBDF1FCB09C510B6A7A70EB10640B40007CEB5051420E328D801C680
                Function 0111C700 Relevance: .0, Instructions: 12COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                • Instruction ID: bd0f5e60cfe655e4ab0648d5265cf26ad44fb3543e6ddfb2cad8630022cc0ab0
                • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                • Instruction Fuzzy Hash: 33C01232150648AFC7119A95CD01F4177A9E798B50F010021F3044B570C535E810D684
                Function 01100310 Relevance: .0, Instructions: 11COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                • Instruction ID: a09e862bb376ef165799286c96bbd6e5924195090d7cf1f89f1a70845e7be035
                • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                • Instruction Fuzzy Hash: F3D01236100248EFCB06DF41C890E9A772AFBD8750F108019FD190B750CA71ED62DA50
                Function 010E0750 Relevance: .0, Instructions: 9COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                • Instruction ID: e033b41a20641f6fbcad6c5b36cea29eb4a0980f82cc768cbdb77213de22aa9e
                • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                • Instruction Fuzzy Hash: D4C04C757016418FCF15DB19D294F4977E4F744750F150890E945CBB21E724E801CA10
                Function 01124340 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c5cc69c25075c9fa8f7bce03d7a9508cc7091992c66f41b87b3841e4f5f34689
                • Instruction ID: c8d3632fff74ff7d5c712df55252ff86bf7b0536f30fb0c1f84676b7864e1a7e
                • Opcode Fuzzy Hash: c5cc69c25075c9fa8f7bce03d7a9508cc7091992c66f41b87b3841e4f5f34689
                • Instruction Fuzzy Hash: FC900231605800129544725849845465015A7E0301B55C111F0429554CCB148A576361
                Function 01124650 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 95e15a2a2f8c728f0d0b5d37e456aa1870213aa06fbae41fbc1c60473df32aa9
                • Instruction ID: ba7300798770eb82af8684ecd37aabbc84d5ebf7fc76f1f58fe042e73a080b1a
                • Opcode Fuzzy Hash: 95e15a2a2f8c728f0d0b5d37e456aa1870213aa06fbae41fbc1c60473df32aa9
                • Instruction Fuzzy Hash: 17900261601500424544725849044067015A7E1301395C215B0559560CC7188956A369
                Function 01122B60 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 61836e97ad0cbf163ac07236349381f3a9a7d457a9d9acdf7c319f4a461f73a8
                • Instruction ID: 505b9d8c3e52544a30161f268202c9d280ed9e0321c7438c4a947b5a3ed3b874
                • Opcode Fuzzy Hash: 61836e97ad0cbf163ac07236349381f3a9a7d457a9d9acdf7c319f4a461f73a8
                • Instruction Fuzzy Hash: C690026120240003450972584514616501A97E0201B55C121F1019590DC62589927225
                Function 01122B80 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: fe2de2be41359ad52decc957f605d9defb84e7af210e7026f5eabb60b2b6843c
                • Instruction ID: edce89c7b0bd539298b0f26bdd5b46ad4cee2daec7bf18bd07b50208243b737a
                • Opcode Fuzzy Hash: fe2de2be41359ad52decc957f605d9defb84e7af210e7026f5eabb60b2b6843c
                • Instruction Fuzzy Hash: 5090023120140802D50872584904686101597D0301F55C111B6029655ED76589927231
                Function 01122BA0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 1093a9514a90eb479c3c3e4e1c97110d15ecffacc7806a139a20c2a7bf6cb337
                • Instruction ID: a8553cf7e0979ab0907f8f14b5639c00ff5b49db5896a7b18cc6430de55ed54f
                • Opcode Fuzzy Hash: 1093a9514a90eb479c3c3e4e1c97110d15ecffacc7806a139a20c2a7bf6cb337
                • Instruction Fuzzy Hash: 6090023160540802D55472584514746101597D0301F55C111B0029654DC7558B5677A1
                Function 01122BF0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 1a54f745310233c381e2af6e1d6ccc057262e46ef4ed502b4d2a6cd7917bf787
                • Instruction ID: 9002e8d83a9bcfb0b063e707ecfb049778a2d3d92dc55f3767e8f5b2626d153e
                • Opcode Fuzzy Hash: 1a54f745310233c381e2af6e1d6ccc057262e46ef4ed502b4d2a6cd7917bf787
                • Instruction Fuzzy Hash: 4490023120140802D5847258450464A101597D1301F95C115B002A654DCB158B5A77A1
                Function 01122BE0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f37a7fa38c0c62fa80eeed91ce7d3b9f87e998fbdbaa19cc9813825266188f08
                • Instruction ID: f82cb79d8ed7c04eb51f578cebb9ad3c46a3f9bbf5d53a7d01f7216b1286e281
                • Opcode Fuzzy Hash: f37a7fa38c0c62fa80eeed91ce7d3b9f87e998fbdbaa19cc9813825266188f08
                • Instruction Fuzzy Hash: E190023120544842D54472584504A46102597D0305F55C111B0069694DD7258E56B761
                Function 01122AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ed33fe8f617c3330c7433af8ce96222e7294a41fef343f65b9db0f54db52132d
                • Instruction ID: 09b884d827357e036ff21b600d7808bb2a3eb1ef350f52b6031bb3f3dad804c3
                • Opcode Fuzzy Hash: ed33fe8f617c3330c7433af8ce96222e7294a41fef343f65b9db0f54db52132d
                • Instruction Fuzzy Hash: E79002A1201540924904B3588504B0A551597E0201B55C116F1059560CC6258952A235
                Function 01122AD0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 951bb3ed24817e5cc779210af338af8f26589de90b4a5f6fd5dac357d4bfe541
                • Instruction ID: fe9a3c548edc3ba96fd897ef46601e43e0981d593ee60aa457612591398613cc
                • Opcode Fuzzy Hash: 951bb3ed24817e5cc779210af338af8f26589de90b4a5f6fd5dac357d4bfe541
                • Instruction Fuzzy Hash: CD900225211400030509B6580704507105697D5351355C121F101A550CD72189626221
                Function 01122AF0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7a96276282620a7d596092b4a91380ab79f348f705d43dc9e57d3bba4ddbee4b
                • Instruction ID: 791f388acb80579dfb16823327cc5c0fc5ae717e6f987542bf75f7d393099522
                • Opcode Fuzzy Hash: 7a96276282620a7d596092b4a91380ab79f348f705d43dc9e57d3bba4ddbee4b
                • Instruction Fuzzy Hash: 5A900225221400020549B658070450B1455A7D6351395C115F141B590CC72189666321
                Function 01122D10 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a795bc495812bde3e0fc9795c838309abcf81f4cc157675064116cedff123cf8
                • Instruction ID: 8d564a5ad7009dd637767af9d6acd3d7923d19125ebcb3cbbd60065324f6e673
                • Opcode Fuzzy Hash: a795bc495812bde3e0fc9795c838309abcf81f4cc157675064116cedff123cf8
                • Instruction Fuzzy Hash: D890022921340002D5847258550860A101597D1202F95D515B001A558CCA15896A6321
                Function 01122D00 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 54e92b2038cfd0aaf66c15068ca892c3d170c53108376cb0030b78d111f59347
                • Instruction ID: cf9480a6c4990da29c87b83518579bf07b7570f625ed28c1953e99595408b5ad
                • Opcode Fuzzy Hash: 54e92b2038cfd0aaf66c15068ca892c3d170c53108376cb0030b78d111f59347
                • Instruction Fuzzy Hash: FA90022120544442D50476585508A06101597D0205F55D111B1069595DC7358952B231
                Function 01122D30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a5e8a86e94dffcf58d2a839962cd2eafff6a87ceb2078f9ed777b8012163af36
                • Instruction ID: c83016d5564f4a75183b852abcdef8bd209f53bd54884b5223bfe0af94205072
                • Opcode Fuzzy Hash: a5e8a86e94dffcf58d2a839962cd2eafff6a87ceb2078f9ed777b8012163af36
                • Instruction Fuzzy Hash: EC90022130140003D544725855186065015E7E1301F55D111F0419554CDA1589576322
                Function 01122DB0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 30d448eaf55e00fabdf3e1bfd868902564dbd63f02d08b8ab1691f7f02bae438
                • Instruction ID: fc66499530c9f3f3f686a5d950aa9c4fdb9eda602239733b8d1c8ecb13a2960e
                • Opcode Fuzzy Hash: 30d448eaf55e00fabdf3e1bfd868902564dbd63f02d08b8ab1691f7f02bae438
                • Instruction Fuzzy Hash: 1190023124140402D545725845046061019A7D0241F95C112B0429554EC7558B57BB61
                Function 01122DD0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b8adf9a2d0e7ad91bb7b05d03543695bbfc072c0f598a113b1f2492abd4341d7
                • Instruction ID: 2a25d83f32d339427fa11ad794eea1aa375fd95d2761ab462bd092d80b41740f
                • Opcode Fuzzy Hash: b8adf9a2d0e7ad91bb7b05d03543695bbfc072c0f598a113b1f2492abd4341d7
                • Instruction Fuzzy Hash: 73900221242441525949B25845045075016A7E0241795C112B1419950CC6269957E721
                Function 01122C60 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5e512248a5c922da6e032cf67b62ab6e48ee963d3077cd7ba47bd912b79da2b5
                • Instruction ID: ebfde6ba96d2d913593cc40c9a9cbfe777380316116104fbea2a1454fe7863f8
                • Opcode Fuzzy Hash: 5e512248a5c922da6e032cf67b62ab6e48ee963d3077cd7ba47bd912b79da2b5
                • Instruction Fuzzy Hash: F490023120140842D50472584504B46101597E0301F55C116B0129654DC715C9527621
                Function 01122CA0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 50f97da7f2ddfd2e2d54f72ad24b7da44db8fcf68d034c500a1b69be39cc7c55
                • Instruction ID: 713f75fb12a0a64b79bc65ff0bfa875ae95f2e176ba19aed0129c6942c856735
                • Opcode Fuzzy Hash: 50f97da7f2ddfd2e2d54f72ad24b7da44db8fcf68d034c500a1b69be39cc7c55
                • Instruction Fuzzy Hash: 1D90023120140402D50476985508646101597E0301F55D111B5029555EC76589927231
                Function 01122CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 69dd40b7851e268521bbb3429e662fc674155528042e85aeaf7b38ded5c80a9f
                • Instruction ID: 2569e9a48c3650ef838e24831272894dfa19aae212a1611355e92dc4ea9dc95a
                • Opcode Fuzzy Hash: 69dd40b7851e268521bbb3429e662fc674155528042e85aeaf7b38ded5c80a9f
                • Instruction Fuzzy Hash: 2990022160540402D54472585518706102597D0201F55D111B0029554DC7598B5677A1
                Function 01122CF0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d41c16fe4ccc4b2e13dbd56afd0270d7f56183dc28e3fa2d958cb1dc77443e98
                • Instruction ID: 21ea8ae24a102b0dbde3c29e0786a257ffd9d4a72039e317812104b7929131d7
                • Opcode Fuzzy Hash: d41c16fe4ccc4b2e13dbd56afd0270d7f56183dc28e3fa2d958cb1dc77443e98
                • Instruction Fuzzy Hash: 3E90023120140403D50472585608707101597D0201F55D511B0429558DD75689527221
                Function 01122F30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: efa36d3617d63f8221cbc65e6d631fd29ad0513a689b6d97c773f1629720ea35
                • Instruction ID: 383a0bbd69c38f3c9921849085b73a02c8dc928e5529a819e8f329c6d6c90032
                • Opcode Fuzzy Hash: efa36d3617d63f8221cbc65e6d631fd29ad0513a689b6d97c773f1629720ea35
                • Instruction Fuzzy Hash: 7990026134140442D50472584514B061015D7E1301F55C115F1069554DC719CD537226
                Function 01122F60 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 134cefada03e52d3cad42426ed0764cc34e668806a0d3de2fe408b785e2b845e
                • Instruction ID: 71227181ca39ca40eea03106fee76463b4d920534f58fc2fd55f5a1f5bd161d9
                • Opcode Fuzzy Hash: 134cefada03e52d3cad42426ed0764cc34e668806a0d3de2fe408b785e2b845e
                • Instruction Fuzzy Hash: 9690026121140042D50872584504706105597E1201F55C112B2159554CC6298D626225
                Function 01122F90 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5f211320b54e7e7c8453c121357bf925873456074e2bb461925ad2d369ab680c
                • Instruction ID: 9aa3756ae966fd197ef13c09d3569f9e8bca14617e164dba50b3b883d3211ef5
                • Opcode Fuzzy Hash: 5f211320b54e7e7c8453c121357bf925873456074e2bb461925ad2d369ab680c
                • Instruction Fuzzy Hash: CC90023120180402D5047258491470B101597D0302F55C111B1169555DC72589527671
                Function 01122FB0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 98895d2d8b02a5578851adf942847111d155d21a814647727dfc2c9f80a8f43d
                • Instruction ID: cb72f41feaaf53630dbd08be87b5f4c99dcd532bbea32f663734af484f4c9597
                • Opcode Fuzzy Hash: 98895d2d8b02a5578851adf942847111d155d21a814647727dfc2c9f80a8f43d
                • Instruction Fuzzy Hash: 5B900221601400424544726889449065015BBE1211755C221B099D550DC65989666765
                Function 01122FA0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a84bcf77c23056cdf75e8719cbea7e636d4528ad058a701d8434929e8184d888
                • Instruction ID: 7220b99666c90cbff2a6915217fe5954957548a6dcbf91e0e6aac464ef7baef3
                • Opcode Fuzzy Hash: a84bcf77c23056cdf75e8719cbea7e636d4528ad058a701d8434929e8184d888
                • Instruction Fuzzy Hash: F590023120180402D50472584908747101597D0302F55C111B5169555EC765C9927631
                Function 01122FE0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 1628122504cbdfc071e0cd4bcf133a6b7f77c82d1c454cd3a138a3172d2fd93f
                • Instruction ID: bd7970df9662b0d6d222ca49c487562dff2256d72461d0984430c6edb2d3fd5a
                • Opcode Fuzzy Hash: 1628122504cbdfc071e0cd4bcf133a6b7f77c82d1c454cd3a138a3172d2fd93f
                • Instruction Fuzzy Hash: A7900221211C0042D60476684D14B07101597D0303F55C215B0159554CCA1589626621
                Function 01122E30 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c983adfcceb406411874b3f7fe0162f5f1b8af25c73e20319f3eddffe1aaa416
                • Instruction ID: 5687dbda7fbcee2960db96d88cf7c3306c527c3e73d322567bd9750467d2256d
                • Opcode Fuzzy Hash: c983adfcceb406411874b3f7fe0162f5f1b8af25c73e20319f3eddffe1aaa416
                • Instruction Fuzzy Hash: 0E90022130140402D506725845146061019D7D1345F95C112F1429555DC7258A53B232
                Function 01122E80 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a69942340cd2169772523caa9b7f927d17b1414d4b087a13e42272c783958162
                • Instruction ID: 8003b64f0dc9d752dabc93af2f9886fb6f4775165420a7a0cf9a361fa1f4c415
                • Opcode Fuzzy Hash: a69942340cd2169772523caa9b7f927d17b1414d4b087a13e42272c783958162
                • Instruction Fuzzy Hash: DE90022160140502D50572584504616101A97D0241F95C122B1029555ECB258A93B231
                Function 01122EA0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 1ec496814098b1f15d684bda1b39c9045e908d03cf8bb22e11b14d410d793423
                • Instruction ID: a34b08e7fbc540839e25b7cefcb727a7151413a356cd60702d72e7e738594d22
                • Opcode Fuzzy Hash: 1ec496814098b1f15d684bda1b39c9045e908d03cf8bb22e11b14d410d793423
                • Instruction Fuzzy Hash: 1B90027120140402D54472584504746101597D0301F55C111B5069554EC7598ED67765
                Function 01122EE0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 30ca6e966dc458a2916f6d536af1b20f91dd818f6bccf3e4824aff97192afb34
                • Instruction ID: e807342d2a1b8b11a4fca19a2c9a4b18b0509fc8ef8af3204d1d055e024c1cd3
                • Opcode Fuzzy Hash: 30ca6e966dc458a2916f6d536af1b20f91dd818f6bccf3e4824aff97192afb34
                • Instruction Fuzzy Hash: 1190026120180403D54476584904607101597D0302F55C111B2069555ECB298D527235
                Function 01123010 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0b55be87c74bae159a0817de5cee0d97a6d79591f733b944cd6653dc0604dd0a
                • Instruction ID: 604137c19ccb20da6d58de65e8028b590d87d61a9d4b9bace4adf1f947678754
                • Opcode Fuzzy Hash: 0b55be87c74bae159a0817de5cee0d97a6d79591f733b944cd6653dc0604dd0a
                • Instruction Fuzzy Hash: 2D90022120184442D54473584904B0F511597E1202F95C119B415B554CCA1589566721
                Function 01123090 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 85d967234c11fcf6564e4f4c0273f033de02a7ab8591f56f53e617d3d4851241
                • Instruction ID: 34556c01216f848d73309f172040eff93043feb1a1dee33804dcf34bfef0768d
                • Opcode Fuzzy Hash: 85d967234c11fcf6564e4f4c0273f033de02a7ab8591f56f53e617d3d4851241
                • Instruction Fuzzy Hash: 4090022124140802D544725885147071016D7D0601F55C111B0029554DC7168A6677B1
                Function 011239B0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: dcfa0622158bdc18373be59527d0ea22c1039160bc3435ddf0373cc0c399f491
                • Instruction ID: 525b0f1733da42c9c53f71f954c20d27710312d81fd7fe1d10d58e40cae845da
                • Opcode Fuzzy Hash: dcfa0622158bdc18373be59527d0ea22c1039160bc3435ddf0373cc0c399f491
                • Instruction Fuzzy Hash: 1D90022124545102D554725C45046165015B7E0201F55C121B0819594DC65589567321
                Function 01123D10 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d57f8fe117c3b41a6b1ad7d66abcf8ed7735d057733822a4f9c0f4342061abff
                • Instruction ID: 4391c8840cc17950f8bf585dffee1b022dbf6b871abdaffa815e6c243babc7c6
                • Opcode Fuzzy Hash: d57f8fe117c3b41a6b1ad7d66abcf8ed7735d057733822a4f9c0f4342061abff
                • Instruction Fuzzy Hash: D990023120240142994473585904A4E511597E1302B95D515B001A554CCA1489626321
                Function 01123D70 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: fa79d25c18d892a68700167fc2d9c24d6dc84b232b4cf9c69892b01b5b6fec7f
                • Instruction ID: fad826390608d1e0167fe631d3c8683cfb470ff836eab1d5d9857e9b26670fa1
                • Opcode Fuzzy Hash: fa79d25c18d892a68700167fc2d9c24d6dc84b232b4cf9c69892b01b5b6fec7f
                • Instruction Fuzzy Hash: 9890023520140402D91472585904646105697D0301F55D511B0429558DC75489A2B221
                Function 01122C00 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                • Instruction ID: 726dc3782ba95212aeee1c4feb99d10722fa7f8f076b9c77ed02509e58077ced
                • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                • Instruction Fuzzy Hash:
                Function 01122890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                Download Yara Rule
                APIs
                Strings
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID: ___swprintf_l
                • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                • API String ID: 48624451-2108815105
                • Opcode ID: 73f8554a2f80d86eecd88ccfd1e9c1cb3b3e3e86d30db7f6c9506b490d94f51c
                • Instruction ID: 3d1ab1ba42d3431bbace9a878765e3c2ec3461b4770cc69a7c9e42c2311879bf
                • Opcode Fuzzy Hash: 73f8554a2f80d86eecd88ccfd1e9c1cb3b3e3e86d30db7f6c9506b490d94f51c
                • Instruction Fuzzy Hash: 135109B1B00126BFCF29DB9C889097EFBF8BF482447548269F4A5D7641E374DE1087A1
                Function 01192410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                Download Yara Rule
                APIs
                Strings
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID: ___swprintf_l
                • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                • API String ID: 48624451-2108815105
                • Opcode ID: 22f5b67358be5399412d6b3c00cba0a68fb2447cf8282f89a19c25004e090812
                • Instruction ID: 4af8b2a2434a88bb43fca54fa4326a60ac054a9ec30caf1723cb62b906145b03
                • Opcode Fuzzy Hash: 22f5b67358be5399412d6b3c00cba0a68fb2447cf8282f89a19c25004e090812
                • Instruction Fuzzy Hash: 2151F6B1A00645BEDF38DF9DC8909BFB7F8EB48200B048459E5E6C7682D7B4EA008760
                Function 01117630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                Download Yara Rule
                Strings
                • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 01154742
                • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 01154655
                • ExecuteOptions, xrefs: 011546A0
                • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 011546FC
                • Execute=1, xrefs: 01154713
                • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 01154725
                • CLIENT(ntdll): Processing section info %ws..., xrefs: 01154787
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                • API String ID: 0-484625025
                • Opcode ID: b62a733d8bacb3c67bbeb7fd711880aeeaf6f14040fa31e7600235bd2275db53
                • Instruction ID: 0fa7c9ae14c101c3b8694d3a4167c824a32976ab190ba8cbbe49be4c4d372df4
                • Opcode Fuzzy Hash: b62a733d8bacb3c67bbeb7fd711880aeeaf6f14040fa31e7600235bd2275db53
                • Instruction Fuzzy Hash: DD515D31A0021ABAEF1DAB69EC95FADB7A8EF14304F0404BDD605A72C1E7719A51CF51
                Function 011B6940 Relevance: 9.4, APIs: 6, Instructions: 416COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
                • Instruction ID: ca467a4b960a3fa463a4856181c72118d84cf26875d4b8a8350ab5b930d76bb8
                • Opcode Fuzzy Hash: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
                • Instruction Fuzzy Hash: EF021671508342AFD709DF28C590AAFBBE5EFD8704F04892DF9894B2A4DB31E945CB52
                Function 0112B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                Download Yara Rule
                APIs
                Strings
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID: __aulldvrm
                • String ID: +$-$0$0
                • API String ID: 1302938615-699404926
                • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                • Instruction ID: f72e83b349979a8b038303e0979368c591869f61fed0101d9e1838481a82a22d
                • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                • Instruction Fuzzy Hash: 5981E170E096698EEF2DCF6CC8917FEBBB2AF45320F184119D861A72D1C7748860CB59
                Function 011920E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                Download Yara Rule
                APIs
                Strings
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID: ___swprintf_l
                • String ID: %%%u$[$]:%u
                • API String ID: 48624451-2819853543
                • Opcode ID: de887844b1defb5c13ae3e5784e2e8b64c73c9cf2e150cda7c2f61ab0288d8b6
                • Instruction ID: 4f0681a665998c7d34f6e753b86dae1aabe6749c6c7083e80edf2994465f52c3
                • Opcode Fuzzy Hash: de887844b1defb5c13ae3e5784e2e8b64c73c9cf2e150cda7c2f61ab0288d8b6
                • Instruction Fuzzy Hash: 022177BAE00119ABDF14DF79DC40AFEBBF8EF58654F050126E915D7200E730D9118BA1
                Function 0110F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                Download Yara Rule
                Strings
                • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 011502BD
                • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 011502E7
                • RTL: Re-Waiting, xrefs: 0115031E
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                • API String ID: 0-2474120054
                • Opcode ID: 596f54e163a619f22dbc22ffc312e134d04d47a17846073b275aee00aa5527a1
                • Instruction ID: 0e3ca7e340adb57b129b39efdd2025a12675ec487963de9496a22730d85b86da
                • Opcode Fuzzy Hash: 596f54e163a619f22dbc22ffc312e134d04d47a17846073b275aee00aa5527a1
                • Instruction Fuzzy Hash: DDE1A130A08742DFD76ECF68C885B5ABBE0BB88314F144A1DF5A58B2D1D7B4D946CB42
                Function 0111BED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                Download Yara Rule
                Strings
                • RTL: Resource at %p, xrefs: 01157B8E
                • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 01157B7F
                • RTL: Re-Waiting, xrefs: 01157BAC
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                • API String ID: 0-871070163
                • Opcode ID: 041842e0af9738b10ae8564eeeb457c3ace4a25b3530dd156926609255c11026
                • Instruction ID: b8df556e2a93bc6356c54828ee51f75de5279588097722c21b58e25e1c528936
                • Opcode Fuzzy Hash: 041842e0af9738b10ae8564eeeb457c3ace4a25b3530dd156926609255c11026
                • Instruction Fuzzy Hash: F841E3317097039FD728DE29C841B6AB7E5EF98710F000A2DF95ADB680DB31E4058B96
                Function 0111B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                Download Yara Rule
                APIs
                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0115728C
                Strings
                • RTL: Resource at %p, xrefs: 011572A3
                • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 01157294
                • RTL: Re-Waiting, xrefs: 011572C1
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                • API String ID: 885266447-605551621
                • Opcode ID: 9a4dcc55e6b462d43865b238f94d4aad28dd1f7194c8472959f12922367580ef
                • Instruction ID: e5a82a78f0b6df71ded3b4a7bf4f223c29679e8d08e5fa7578a84f63592764e2
                • Opcode Fuzzy Hash: 9a4dcc55e6b462d43865b238f94d4aad28dd1f7194c8472959f12922367580ef
                • Instruction Fuzzy Hash: 17410331744212ABC728CE29CC42B6AB7B5FF94754F10462DFD65EB680DB31E8128BD5
                Function 01192300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                Download Yara Rule
                APIs
                Strings
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID: ___swprintf_l
                • String ID: %%%u$]:%u
                • API String ID: 48624451-3050659472
                • Opcode ID: a370d51291e8b8bf0d479132aef3d422e671239b94eb7c2deaf434db33380f5a
                • Instruction ID: 4a875d2562026139d69b883f7d162896232d4ee1bbed73cbe44902b85593a3e5
                • Opcode Fuzzy Hash: a370d51291e8b8bf0d479132aef3d422e671239b94eb7c2deaf434db33380f5a
                • Instruction Fuzzy Hash: 66316872A00219AFDF24DF2DDC41BEE77F8EB58614F444555E959D3140EB30AA548BA0
                Function 01127D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                Download Yara Rule
                APIs
                Strings
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID: __aulldvrm
                • String ID: +$-
                • API String ID: 1302938615-2137968064
                • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                • Instruction ID: 6edff4a55947dd07c507ca1f02c1e297abcda4f189ef5f39e8c7d466d288e6db
                • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                • Instruction Fuzzy Hash: 7891D771E042369BDB2CDF6DC891ABFBBA5EF54320F14451AE965E72C0D73089608762
                Function 010E9126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID:
                • String ID: $$@
                • API String ID: 0-1194432280
                • Opcode ID: 58cdb5e6479e536e6969b74e1e3850060bc6f05d7ee3880eb5434fc14691d63a
                • Instruction ID: b05b8ee1f58ccb7a8672c7f47d30d6338c30eff4811ba7912c051eba972032e8
                • Opcode Fuzzy Hash: 58cdb5e6479e536e6969b74e1e3850060bc6f05d7ee3880eb5434fc14691d63a
                • Instruction Fuzzy Hash: 02811A71D012699BDB35CB54CC45BEEBBB8AF48754F0041EAEA19B7280D7709E84CFA0
                Function 0116CEA0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 134COMMON
                Download Yara Rule
                APIs
                • @_EH4_CallFilterFunc@8.LIBCMT ref: 0116CFBD
                Strings
                Memory Dump Source
                • Source File: 00000007.00000002.2369047392.00000000010B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010B0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_7_2_10b0000_L3pFsxNFICpBGmi.jbxd
                Similarity
                • API ID: CallFilterFunc@8
                • String ID: @$@4Cw@4Cw
                • API String ID: 4062629308-3101775584
                • Opcode ID: 7731115c55b04d96d53016c21578823bd3081cf9b88d007725b3ec99bc439724
                • Instruction ID: 62598e99d08b40419cc07e79aa87da9e3cd9ab7f26e954fbc6998550b0602748
                • Opcode Fuzzy Hash: 7731115c55b04d96d53016c21578823bd3081cf9b88d007725b3ec99bc439724
                • Instruction Fuzzy Hash: FA41E4B1A01219DFCF299F99D940AADBBB8FF54B00F00402EEA50DB254D775C850CB62

                Execution Graph

                Execution Coverage:9.8%
                Dynamic/Decrypted Code Coverage:100%
                Signature Coverage:0%
                Total number of Nodes:201
                Total number of Limit Nodes:8
                execution_graph 27621 7a844f8 27622 7a84683 27621->27622 27623 7a8451e 27621->27623 27623->27622 27625 7a84058 27623->27625 27626 7a84778 PostMessageW 27625->27626 27627 7a847e4 27626->27627 27627->27623 27374 7a815e9 27375 7a81605 27374->27375 27376 7a816ec 27374->27376 27380 7a82e50 27375->27380 27402 7a82eb6 27375->27402 27425 7a82e41 27375->27425 27381 7a82e6a 27380->27381 27382 7a82e72 27381->27382 27447 7a83587 27381->27447 27452 7a83a64 27381->27452 27457 7a833e4 27381->27457 27462 7a83843 27381->27462 27467 7a83220 27381->27467 27475 7a8376f 27381->27475 27480 7a83ace 27381->27480 27486 7a8352a 27381->27486 27491 7a8380a 27381->27491 27499 7a83889 27381->27499 27507 7a83856 27381->27507 27511 7a83954 27381->27511 27516 7a83453 27381->27516 27521 7a834b0 27381->27521 27525 7a83290 27381->27525 27530 7a832ff 27381->27530 27535 7a83a7e 27381->27535 27543 7a8343e 27381->27543 27548 7a835de 27381->27548 27382->27376 27403 7a82e44 27402->27403 27405 7a82eb9 27402->27405 27404 7a82e72 27403->27404 27406 7a83889 2 API calls 27403->27406 27407 7a8380a 2 API calls 27403->27407 27408 7a8352a 2 API calls 27403->27408 27409 7a83ace 2 API calls 27403->27409 27410 7a8376f 2 API calls 27403->27410 27411 7a83220 4 API calls 27403->27411 27412 7a83843 2 API calls 27403->27412 27413 7a833e4 2 API calls 27403->27413 27414 7a83a64 2 API calls 27403->27414 27415 7a83587 2 API calls 27403->27415 27416 7a835de 2 API calls 27403->27416 27417 7a8343e 2 API calls 27403->27417 27418 7a83a7e 2 API calls 27403->27418 27419 7a832ff 2 API calls 27403->27419 27420 7a83290 2 API calls 27403->27420 27421 7a834b0 2 API calls 27403->27421 27422 7a83453 2 API calls 27403->27422 27423 7a83954 2 API calls 27403->27423 27424 7a83856 2 API calls 27403->27424 27404->27376 27405->27376 27406->27404 27407->27404 27408->27404 27409->27404 27410->27404 27411->27404 27412->27404 27413->27404 27414->27404 27415->27404 27416->27404 27417->27404 27418->27404 27419->27404 27420->27404 27421->27404 27422->27404 27423->27404 27424->27404 27426 7a82e50 27425->27426 27427 7a83889 2 API calls 27426->27427 27428 7a8380a 2 API calls 27426->27428 27429 7a8352a 2 API calls 27426->27429 27430 7a83ace 2 API calls 27426->27430 27431 7a8376f 2 API calls 27426->27431 27432 7a83220 4 API calls 27426->27432 27433 7a82e72 27426->27433 27434 7a83843 2 API calls 27426->27434 27435 7a833e4 2 API calls 27426->27435 27436 7a83a64 2 API calls 27426->27436 27437 7a83587 2 API calls 27426->27437 27438 7a835de 2 API calls 27426->27438 27439 7a8343e 2 API calls 27426->27439 27440 7a83a7e 2 API calls 27426->27440 27441 7a832ff 2 API calls 27426->27441 27442 7a83290 2 API calls 27426->27442 27443 7a834b0 2 API calls 27426->27443 27444 7a83453 2 API calls 27426->27444 27445 7a83954 2 API calls 27426->27445 27446 7a83856 2 API calls 27426->27446 27427->27433 27428->27433 27429->27433 27430->27433 27431->27433 27432->27433 27433->27376 27434->27433 27435->27433 27436->27433 27437->27433 27438->27433 27439->27433 27440->27433 27441->27433 27442->27433 27443->27433 27444->27433 27445->27433 27446->27433 27448 7a83566 27447->27448 27449 7a83c43 27448->27449 27552 7a80fd8 27448->27552 27556 7a80fd5 27448->27556 27449->27382 27453 7a83a71 27452->27453 27560 7a80ee0 27453->27560 27564 7a80ee8 27453->27564 27454 7a83b7c 27458 7a83405 27457->27458 27568 7a80c98 27458->27568 27572 7a80ca0 27458->27572 27459 7a83984 27463 7a83405 27462->27463 27465 7a80c98 ResumeThread 27463->27465 27466 7a80ca0 ResumeThread 27463->27466 27464 7a83984 27465->27464 27466->27464 27468 7a8323d 27467->27468 27576 7a81170 27468->27576 27580 7a81164 27468->27580 27469 7a83c85 27469->27382 27470 7a83271 27471 7a80d48 Wow64SetThreadContext 27470->27471 27472 7a80d50 Wow64SetThreadContext 27470->27472 27471->27469 27472->27469 27476 7a8329c 27475->27476 27476->27475 27584 7a80d48 27476->27584 27588 7a80d50 27476->27588 27477 7a83c85 27477->27382 27481 7a83adb 27480->27481 27482 7a8396f 27480->27482 27484 7a80c98 ResumeThread 27482->27484 27485 7a80ca0 ResumeThread 27482->27485 27483 7a83984 27484->27483 27485->27483 27487 7a83530 27486->27487 27488 7a83c43 27487->27488 27489 7a80fd8 ReadProcessMemory 27487->27489 27490 7a80fd5 ReadProcessMemory 27487->27490 27488->27382 27489->27487 27490->27487 27495 7a80d48 Wow64SetThreadContext 27491->27495 27496 7a80d50 Wow64SetThreadContext 27491->27496 27492 7a83809 27492->27491 27493 7a8329c 27492->27493 27497 7a80d48 Wow64SetThreadContext 27493->27497 27498 7a80d50 Wow64SetThreadContext 27493->27498 27494 7a83c85 27494->27382 27495->27492 27496->27492 27497->27494 27498->27494 27500 7a83809 27499->27500 27502 7a8329c 27499->27502 27500->27499 27503 7a80d48 Wow64SetThreadContext 27500->27503 27504 7a80d50 Wow64SetThreadContext 27500->27504 27501 7a83c85 27501->27382 27505 7a80d48 Wow64SetThreadContext 27502->27505 27506 7a80d50 Wow64SetThreadContext 27502->27506 27503->27500 27504->27500 27505->27501 27506->27501 27592 7a80e28 27507->27592 27596 7a80e21 27507->27596 27508 7a83874 27512 7a8396f 27511->27512 27514 7a80c98 ResumeThread 27512->27514 27515 7a80ca0 ResumeThread 27512->27515 27513 7a83984 27514->27513 27515->27513 27517 7a8329c 27516->27517 27519 7a80d48 Wow64SetThreadContext 27517->27519 27520 7a80d50 Wow64SetThreadContext 27517->27520 27518 7a83c85 27518->27382 27519->27518 27520->27518 27523 7a80ee8 WriteProcessMemory 27521->27523 27524 7a80ee0 WriteProcessMemory 27521->27524 27522 7a834d4 27523->27522 27524->27522 27527 7a8329c 27525->27527 27526 7a83c85 27526->27382 27528 7a80d48 Wow64SetThreadContext 27527->27528 27529 7a80d50 Wow64SetThreadContext 27527->27529 27528->27526 27529->27526 27532 7a8329c 27530->27532 27531 7a83c85 27531->27382 27533 7a80d48 Wow64SetThreadContext 27532->27533 27534 7a80d50 Wow64SetThreadContext 27532->27534 27533->27531 27534->27531 27536 7a83a84 27535->27536 27537 7a839cd 27536->27537 27541 7a80fd8 ReadProcessMemory 27536->27541 27542 7a80fd5 ReadProcessMemory 27536->27542 27538 7a83c43 27537->27538 27539 7a80fd8 ReadProcessMemory 27537->27539 27540 7a80fd5 ReadProcessMemory 27537->27540 27538->27382 27539->27537 27540->27537 27541->27537 27542->27537 27544 7a8329c 27543->27544 27546 7a80d48 Wow64SetThreadContext 27544->27546 27547 7a80d50 Wow64SetThreadContext 27544->27547 27545 7a83c85 27545->27382 27546->27545 27547->27545 27550 7a80ee8 WriteProcessMemory 27548->27550 27551 7a80ee0 WriteProcessMemory 27548->27551 27549 7a8360c 27549->27382 27550->27549 27551->27549 27553 7a81023 ReadProcessMemory 27552->27553 27555 7a81067 27553->27555 27555->27448 27557 7a80fdc ReadProcessMemory 27556->27557 27559 7a81067 27557->27559 27559->27448 27561 7a80ee5 WriteProcessMemory 27560->27561 27563 7a80f87 27561->27563 27563->27454 27565 7a80f30 WriteProcessMemory 27564->27565 27567 7a80f87 27565->27567 27567->27454 27569 7a80ca0 ResumeThread 27568->27569 27571 7a80d11 27569->27571 27571->27459 27573 7a80ce0 ResumeThread 27572->27573 27575 7a80d11 27573->27575 27575->27459 27577 7a811f9 CreateProcessA 27576->27577 27579 7a813bb 27577->27579 27581 7a81170 CreateProcessA 27580->27581 27583 7a813bb 27581->27583 27585 7a80d95 Wow64SetThreadContext 27584->27585 27587 7a80ddd 27585->27587 27587->27477 27589 7a80d95 Wow64SetThreadContext 27588->27589 27591 7a80ddd 27589->27591 27591->27477 27593 7a80e68 VirtualAllocEx 27592->27593 27595 7a80ea5 27593->27595 27595->27508 27597 7a80e28 VirtualAllocEx 27596->27597 27599 7a80ea5 27597->27599 27599->27508 27600 16a4960 27601 16a4972 27600->27601 27602 16a497e 27601->27602 27604 16a4a70 27601->27604 27605 16a4a95 27604->27605 27609 16a4b80 27605->27609 27613 16a4b71 27605->27613 27610 16a4ba7 27609->27610 27611 16a4c84 27610->27611 27617 16a4888 27610->27617 27611->27611 27614 16a4b80 27613->27614 27615 16a4c84 27614->27615 27616 16a4888 CreateActCtxA 27614->27616 27616->27615 27618 16a6010 CreateActCtxA 27617->27618 27620 16a60d3 27618->27620

                Executed Functions

                Function 07600448 Relevance: 2.6, Instructions: 2604COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000009.00000002.2367645582.0000000007600000.00000040.00000800.00020000.00000000.sdmp, Offset: 07600000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_9_2_7600000_VgPjxShbdbBH.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 437c237a1cf53d4c40a5bcc04213853c2d62d7aa37219fcf4adfbb7213fe5045
                • Instruction ID: 47c8cf27007713214f17b58d471fa5b6afa8cf7af12be26cd3c230b9477393b7
                • Opcode Fuzzy Hash: 437c237a1cf53d4c40a5bcc04213853c2d62d7aa37219fcf4adfbb7213fe5045
                • Instruction Fuzzy Hash: CB43D3B4A00219CFDB68DF68C898A9EB7B2BF49310F158195D54A973A5DB30EDC1CF90
                Function 07A81164 Relevance: 1.8, APIs: 1, Instructions: 252processCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 770 7a81164-7a81205 773 7a8123e-7a8125e 770->773 774 7a81207-7a81211 770->774 781 7a81260-7a8126a 773->781 782 7a81297-7a812c6 773->782 774->773 775 7a81213-7a81215 774->775 776 7a81238-7a8123b 775->776 777 7a81217-7a81221 775->777 776->773 779 7a81223 777->779 780 7a81225-7a81234 777->780 779->780 780->780 783 7a81236 780->783 781->782 784 7a8126c-7a8126e 781->784 790 7a812c8-7a812d2 782->790 791 7a812ff-7a813b9 CreateProcessA 782->791 783->776 786 7a81270-7a8127a 784->786 787 7a81291-7a81294 784->787 788 7a8127c 786->788 789 7a8127e-7a8128d 786->789 787->782 788->789 789->789 792 7a8128f 789->792 790->791 793 7a812d4-7a812d6 790->793 802 7a813bb-7a813c1 791->802 803 7a813c2-7a81448 791->803 792->787 795 7a812d8-7a812e2 793->795 796 7a812f9-7a812fc 793->796 797 7a812e4 795->797 798 7a812e6-7a812f5 795->798 796->791 797->798 798->798 800 7a812f7 798->800 800->796 802->803 813 7a81458-7a8145c 803->813 814 7a8144a-7a8144e 803->814 816 7a8146c-7a81470 813->816 817 7a8145e-7a81462 813->817 814->813 815 7a81450 814->815 815->813 819 7a81480-7a81484 816->819 820 7a81472-7a81476 816->820 817->816 818 7a81464 817->818 818->816 821 7a81496-7a8149d 819->821 822 7a81486-7a8148c 819->822 820->819 823 7a81478 820->823 824 7a8149f-7a814ae 821->824 825 7a814b4 821->825 822->821 823->819 824->825 827 7a814b5 825->827 827->827
                APIs
                • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 07A813A6
                Memory Dump Source
                • Source File: 00000009.00000002.2367944071.0000000007A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A80000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_9_2_7a80000_VgPjxShbdbBH.jbxd
                Similarity
                • API ID: CreateProcess
                • String ID:
                • API String ID: 963392458-0
                • Opcode ID: c526eea7208b7f7d793b81b1e6efb192247aba19c6a0976c8515baa3bab79bcd
                • Instruction ID: 8bfac1b114d63c139ec8b793868e76cafb41e84920c764d375b257392636e30a
                • Opcode Fuzzy Hash: c526eea7208b7f7d793b81b1e6efb192247aba19c6a0976c8515baa3bab79bcd
                • Instruction Fuzzy Hash: 70A16FB1D0021EDFEB64DFA8D840BEDBBB2BF44310F148169E815A7240EB759986CF91
                Function 07A81170 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 828 7a81170-7a81205 830 7a8123e-7a8125e 828->830 831 7a81207-7a81211 828->831 838 7a81260-7a8126a 830->838 839 7a81297-7a812c6 830->839 831->830 832 7a81213-7a81215 831->832 833 7a81238-7a8123b 832->833 834 7a81217-7a81221 832->834 833->830 836 7a81223 834->836 837 7a81225-7a81234 834->837 836->837 837->837 840 7a81236 837->840 838->839 841 7a8126c-7a8126e 838->841 847 7a812c8-7a812d2 839->847 848 7a812ff-7a813b9 CreateProcessA 839->848 840->833 843 7a81270-7a8127a 841->843 844 7a81291-7a81294 841->844 845 7a8127c 843->845 846 7a8127e-7a8128d 843->846 844->839 845->846 846->846 849 7a8128f 846->849 847->848 850 7a812d4-7a812d6 847->850 859 7a813bb-7a813c1 848->859 860 7a813c2-7a81448 848->860 849->844 852 7a812d8-7a812e2 850->852 853 7a812f9-7a812fc 850->853 854 7a812e4 852->854 855 7a812e6-7a812f5 852->855 853->848 854->855 855->855 857 7a812f7 855->857 857->853 859->860 870 7a81458-7a8145c 860->870 871 7a8144a-7a8144e 860->871 873 7a8146c-7a81470 870->873 874 7a8145e-7a81462 870->874 871->870 872 7a81450 871->872 872->870 876 7a81480-7a81484 873->876 877 7a81472-7a81476 873->877 874->873 875 7a81464 874->875 875->873 878 7a81496-7a8149d 876->878 879 7a81486-7a8148c 876->879 877->876 880 7a81478 877->880 881 7a8149f-7a814ae 878->881 882 7a814b4 878->882 879->878 880->876 881->882 884 7a814b5 882->884 884->884
                APIs
                • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 07A813A6
                Memory Dump Source
                • Source File: 00000009.00000002.2367944071.0000000007A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A80000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_9_2_7a80000_VgPjxShbdbBH.jbxd
                Similarity
                • API ID: CreateProcess
                • String ID:
                • API String ID: 963392458-0
                • Opcode ID: 5a4382361c8f05d1f47ac291a281c84453be9c7df484bd7f1b1f34f585b9b3f0
                • Instruction ID: a326ed196bf355ace15557fb20338706464d1b7db7738cb28ca078d9628f665b
                • Opcode Fuzzy Hash: 5a4382361c8f05d1f47ac291a281c84453be9c7df484bd7f1b1f34f585b9b3f0
                • Instruction Fuzzy Hash: E8916EB1D0025EDFEB64DFA9C840BDDBBB2BF44310F148169E819A7240EB749986CF91
                Function 016A6004 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 902 16a6004-16a600b 903 16a6010-16a60d1 CreateActCtxA 902->903 905 16a60da-16a6134 903->905 906 16a60d3-16a60d9 903->906 913 16a6143-16a6147 905->913 914 16a6136-16a6139 905->914 906->905 915 16a6158 913->915 916 16a6149-16a6155 913->916 914->913 918 16a6159 915->918 916->915 918->918
                APIs
                • CreateActCtxA.KERNEL32(?), ref: 016A60C1
                Memory Dump Source
                • Source File: 00000009.00000002.2282993534.00000000016A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016A0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_9_2_16a0000_VgPjxShbdbBH.jbxd
                Similarity
                • API ID: Create
                • String ID:
                • API String ID: 2289755597-0
                • Opcode ID: 37a94042d141bc8b430126d380807310ac4640d93dcea0a5c9c7587ee82a3a67
                • Instruction ID: 2bab8d1fabd8365e87ef32b3c0a59905ddcb2e26f15ab1f58906fadebbb04d28
                • Opcode Fuzzy Hash: 37a94042d141bc8b430126d380807310ac4640d93dcea0a5c9c7587ee82a3a67
                • Instruction Fuzzy Hash: E441DEB0C00719CEEB24DFA9C844B8EBBF5FF88304F64816AD508AB251DBB56945CF90
                Function 016A4888 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 885 16a4888-16a60d1 CreateActCtxA 888 16a60da-16a6134 885->888 889 16a60d3-16a60d9 885->889 896 16a6143-16a6147 888->896 897 16a6136-16a6139 888->897 889->888 898 16a6158 896->898 899 16a6149-16a6155 896->899 897->896 901 16a6159 898->901 899->898 901->901
                APIs
                • CreateActCtxA.KERNEL32(?), ref: 016A60C1
                Memory Dump Source
                • Source File: 00000009.00000002.2282993534.00000000016A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016A0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_9_2_16a0000_VgPjxShbdbBH.jbxd
                Similarity
                • API ID: Create
                • String ID:
                • API String ID: 2289755597-0
                • Opcode ID: c283d17d05be2956f004587fd2b3d4cc9348f47b73a0042451cc28ebf83e2723
                • Instruction ID: 3296718e7018e14ead6e42b18885f1d890179ca9134031b2b98581cdfc6dccd3
                • Opcode Fuzzy Hash: c283d17d05be2956f004587fd2b3d4cc9348f47b73a0042451cc28ebf83e2723
                • Instruction Fuzzy Hash: 1041CDB0C00719CFEB24DFA9C844B9EBBF5EB88304F64816AD509AB251DBB56945CF90
                Function 07A80EE0 Relevance: 1.6, APIs: 1, Instructions: 73injectionCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 919 7a80ee0-7a80f36 923 7a80f38-7a80f44 919->923 924 7a80f46-7a80f85 WriteProcessMemory 919->924 923->924 926 7a80f8e-7a80fbe 924->926 927 7a80f87-7a80f8d 924->927 927->926
                APIs
                • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 07A80F78
                Memory Dump Source
                • Source File: 00000009.00000002.2367944071.0000000007A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A80000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_9_2_7a80000_VgPjxShbdbBH.jbxd
                Similarity
                • API ID: MemoryProcessWrite
                • String ID:
                • API String ID: 3559483778-0
                • Opcode ID: 706f66ff58fd42aa07b994650f164602d3db05f405684227a89249e8df12e7ab
                • Instruction ID: 574938380010b02c2fbf73bfbe6e4ff4bac0629d52e3dbc7f85d24f5d34d8c2a
                • Opcode Fuzzy Hash: 706f66ff58fd42aa07b994650f164602d3db05f405684227a89249e8df12e7ab
                • Instruction Fuzzy Hash: 7E216BB69003599FDB10DFA9D8817DEBBF5FF88310F108429E928A7250C7789944CBA5
                Function 07A80EE8 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 931 7a80ee8-7a80f36 933 7a80f38-7a80f44 931->933 934 7a80f46-7a80f85 WriteProcessMemory 931->934 933->934 936 7a80f8e-7a80fbe 934->936 937 7a80f87-7a80f8d 934->937 937->936
                APIs
                • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 07A80F78
                Memory Dump Source
                • Source File: 00000009.00000002.2367944071.0000000007A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A80000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_9_2_7a80000_VgPjxShbdbBH.jbxd
                Similarity
                • API ID: MemoryProcessWrite
                • String ID:
                • API String ID: 3559483778-0
                • Opcode ID: 5e6fd09d7bfe56d646cdc75053c1536d961aadf46958d0c9cbbffce814901fc7
                • Instruction ID: 52d029b27f6339f10060ff8a29e0d749dd078adecb9f398a70d2a40ab720d7c7
                • Opcode Fuzzy Hash: 5e6fd09d7bfe56d646cdc75053c1536d961aadf46958d0c9cbbffce814901fc7
                • Instruction Fuzzy Hash: FC2127B2900349DFDB10DFA9C881BDEBBF5FF88310F108429E919A7250D7799954CBA5
                Function 07A80D48 Relevance: 1.6, APIs: 1, Instructions: 64threadCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 941 7a80d48-7a80d9b 943 7a80dab-7a80ddb Wow64SetThreadContext 941->943 944 7a80d9d-7a80da9 941->944 946 7a80ddd-7a80de3 943->946 947 7a80de4-7a80e14 943->947 944->943 946->947
                APIs
                • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 07A80DCE
                Memory Dump Source
                • Source File: 00000009.00000002.2367944071.0000000007A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A80000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_9_2_7a80000_VgPjxShbdbBH.jbxd
                Similarity
                • API ID: ContextThreadWow64
                • String ID:
                • API String ID: 983334009-0
                • Opcode ID: 3c47b202529cedef7d2ae26b2d911e59c7bd5cafd121821433a1f82b6012f9df
                • Instruction ID: 6031c0dcf0f7d12ac2efbf1a5b92d692364f790e0d045c5fe5a1d20194284496
                • Opcode Fuzzy Hash: 3c47b202529cedef7d2ae26b2d911e59c7bd5cafd121821433a1f82b6012f9df
                • Instruction Fuzzy Hash: FF2149B1D003099FDB50DFAAC4857EEBBF4EF88310F14842AD969A7240C778A945CFA4
                Function 07A80FD8 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 961 7a80fd8-7a81065 ReadProcessMemory 964 7a8106e-7a8109e 961->964 965 7a81067-7a8106d 961->965 965->964
                APIs
                • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 07A81058
                Memory Dump Source
                • Source File: 00000009.00000002.2367944071.0000000007A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A80000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_9_2_7a80000_VgPjxShbdbBH.jbxd
                Similarity
                • API ID: MemoryProcessRead
                • String ID:
                • API String ID: 1726664587-0
                • Opcode ID: 779a4327d30a66b32e56d21271e69dd1c87d9260e2ec766a8f53022a2878a190
                • Instruction ID: 24141a8c9900f492a9a153b0afcffbcbf8b101f57d1b01d71dc57d47876fd21f
                • Opcode Fuzzy Hash: 779a4327d30a66b32e56d21271e69dd1c87d9260e2ec766a8f53022a2878a190
                • Instruction Fuzzy Hash: E52128B1900349DFDB10DFAAC881AEEBBF5FF48310F108429E929A7240C7799901CBA4
                Function 07A80D50 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 951 7a80d50-7a80d9b 953 7a80dab-7a80ddb Wow64SetThreadContext 951->953 954 7a80d9d-7a80da9 951->954 956 7a80ddd-7a80de3 953->956 957 7a80de4-7a80e14 953->957 954->953 956->957
                APIs
                • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 07A80DCE
                Memory Dump Source
                • Source File: 00000009.00000002.2367944071.0000000007A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A80000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_9_2_7a80000_VgPjxShbdbBH.jbxd
                Similarity
                • API ID: ContextThreadWow64
                • String ID:
                • API String ID: 983334009-0
                • Opcode ID: 92e9930f967d78931386398a49feda2db08f5cd354291b74f44f5bb7c503f2b9
                • Instruction ID: 2114d3df12487b38b13f98d1b3049f6426bb530a93be1bd2c858a1a8ec0399d8
                • Opcode Fuzzy Hash: 92e9930f967d78931386398a49feda2db08f5cd354291b74f44f5bb7c503f2b9
                • Instruction Fuzzy Hash: 8A2138B19003099FDB50DFAAC4857EEBBF4EF88310F14842AD959A7240C778A945CFA4
                Function 07A80FD5 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 969 7a80fd5-7a81065 ReadProcessMemory 973 7a8106e-7a8109e 969->973 974 7a81067-7a8106d 969->974 974->973
                APIs
                • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 07A81058
                Memory Dump Source
                • Source File: 00000009.00000002.2367944071.0000000007A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A80000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_9_2_7a80000_VgPjxShbdbBH.jbxd
                Similarity
                • API ID: MemoryProcessRead
                • String ID:
                • API String ID: 1726664587-0
                • Opcode ID: d09840fea093239fe2d3d2dceb3309cf31b4caa54a925ebbf1756ab34b2073ca
                • Instruction ID: d3334cb1c440380826a0703efb5c56aa333e628a57d88f639bf203038f2444e7
                • Opcode Fuzzy Hash: d09840fea093239fe2d3d2dceb3309cf31b4caa54a925ebbf1756ab34b2073ca
                • Instruction Fuzzy Hash: F62128B1D00349DFDB10DFAAD8816EEBBF5FF48310F14842AE529A7250C7799501CBA4
                Function 07A80E21 Relevance: 1.6, APIs: 1, Instructions: 59memoryCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 978 7a80e21-7a80ea3 VirtualAllocEx 982 7a80eac-7a80ed1 978->982 983 7a80ea5-7a80eab 978->983 983->982
                APIs
                • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 07A80E96
                Memory Dump Source
                • Source File: 00000009.00000002.2367944071.0000000007A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A80000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_9_2_7a80000_VgPjxShbdbBH.jbxd
                Similarity
                • API ID: AllocVirtual
                • String ID:
                • API String ID: 4275171209-0
                • Opcode ID: 2611879b7cc0ae675bbdc79d91a19cc77196a4bc37e3cb5abbf989caf64f2579
                • Instruction ID: afd23f398c6e72c4c96d0fc5e0b136beafaa7f0261f0b4aff94b4e5139d60ecf
                • Opcode Fuzzy Hash: 2611879b7cc0ae675bbdc79d91a19cc77196a4bc37e3cb5abbf989caf64f2579
                • Instruction Fuzzy Hash: 44118C7690024DDFDB10DFAAD8407EFBBF5EF88320F10841AE515A7210C7369500CBA0
                Function 07A80E28 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 996 7a80e28-7a80ea3 VirtualAllocEx 999 7a80eac-7a80ed1 996->999 1000 7a80ea5-7a80eab 996->1000 1000->999
                APIs
                • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 07A80E96
                Memory Dump Source
                • Source File: 00000009.00000002.2367944071.0000000007A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A80000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_9_2_7a80000_VgPjxShbdbBH.jbxd
                Similarity
                • API ID: AllocVirtual
                • String ID:
                • API String ID: 4275171209-0
                • Opcode ID: e36984e43611057d94e6480ee1277a4cf517fbccc77115719dd0ab697ebca454
                • Instruction ID: 8d7f3cd8a5ff127c438f52a1910b8367ab25a0d410778c767ca0de9bf659051f
                • Opcode Fuzzy Hash: e36984e43611057d94e6480ee1277a4cf517fbccc77115719dd0ab697ebca454
                • Instruction Fuzzy Hash: 451137B2900249DFDB10DFAAD845BDFBBF5EF88310F14881AE529A7250C7799944CFA4
                Function 07A80C98 Relevance: 1.6, APIs: 1, Instructions: 53threadCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 987 7a80c98-7a80d0f ResumeThread 991 7a80d18-7a80d3d 987->991 992 7a80d11-7a80d17 987->992 992->991
                APIs
                Memory Dump Source
                • Source File: 00000009.00000002.2367944071.0000000007A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A80000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_9_2_7a80000_VgPjxShbdbBH.jbxd
                Similarity
                • API ID: ResumeThread
                • String ID:
                • API String ID: 947044025-0
                • Opcode ID: 4275d5645f4d8afce22f816129b65475d494c1dd048d36a79ecbaa41d39722c3
                • Instruction ID: f4c0760ab7b2d44ee842d148df3d3490b41e9b56265a20bc705cbed181ac21b6
                • Opcode Fuzzy Hash: 4275d5645f4d8afce22f816129b65475d494c1dd048d36a79ecbaa41d39722c3
                • Instruction Fuzzy Hash: 771158B1D003498FDB20DFAAD4457EFFBF4EF88620F248419D519A7240CB79A945CBA5
                Function 07A80CA0 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 1004 7a80ca0-7a80d0f ResumeThread 1007 7a80d18-7a80d3d 1004->1007 1008 7a80d11-7a80d17 1004->1008 1008->1007
                APIs
                Memory Dump Source
                • Source File: 00000009.00000002.2367944071.0000000007A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A80000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_9_2_7a80000_VgPjxShbdbBH.jbxd
                Similarity
                • API ID: ResumeThread
                • String ID:
                • API String ID: 947044025-0
                • Opcode ID: d46f94dbc810379b3ca8c744d00efa423891f360c0d1e08d52753c5804b5581d
                • Instruction ID: 78c17faab368d5331316ca1cfac901600397f833a7efd7d592bc5a8d8bcde885
                • Opcode Fuzzy Hash: d46f94dbc810379b3ca8c744d00efa423891f360c0d1e08d52753c5804b5581d
                • Instruction Fuzzy Hash: 931125B1D003498FDB20DFAAD4457EFFBF4AF88620F248419D519A7240CB79A944CBA4
                Function 07A84058 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 1012 7a84058-7a847e2 PostMessageW 1014 7a847eb-7a847ff 1012->1014 1015 7a847e4-7a847ea 1012->1015 1015->1014
                APIs
                • PostMessageW.USER32(?,00000010,00000000,?), ref: 07A847D5
                Memory Dump Source
                • Source File: 00000009.00000002.2367944071.0000000007A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A80000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_9_2_7a80000_VgPjxShbdbBH.jbxd
                Similarity
                • API ID: MessagePost
                • String ID:
                • API String ID: 410705778-0
                • Opcode ID: 50bb09fedf14c728c22ec67962df2ea5551eacb9778bc4a27122d409176303f2
                • Instruction ID: 3b8afcac9e2b4232f1325bad0d1ee75edbfb48bd1320a3882b4e709c96964c75
                • Opcode Fuzzy Hash: 50bb09fedf14c728c22ec67962df2ea5551eacb9778bc4a27122d409176303f2
                • Instruction Fuzzy Hash: 1D1106B5800349DFDB50DF9AD884BDEBBF8EB48310F108459E919A7300C375A944CFA5
                Function 07A84771 Relevance: 1.5, APIs: 1, Instructions: 45windowCOMMON
                Download Yara Rule
                APIs
                • PostMessageW.USER32(?,00000010,00000000,?), ref: 07A847D5
                Memory Dump Source
                • Source File: 00000009.00000002.2367944071.0000000007A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07A80000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_9_2_7a80000_VgPjxShbdbBH.jbxd
                Similarity
                • API ID: MessagePost
                • String ID:
                • API String ID: 410705778-0
                • Opcode ID: 2ace4391f4641930a22a349dcd6fa60b2e62c70d8de0b4e8d4665d4a079e0273
                • Instruction ID: 3e7f631ba6ca675b18707f5526835051a4d7dbc88084708744539ad10aebc196
                • Opcode Fuzzy Hash: 2ace4391f4641930a22a349dcd6fa60b2e62c70d8de0b4e8d4665d4a079e0273
                • Instruction Fuzzy Hash: 0C11F5B5800749DFDB10DF9AD484BDEBFF8EB48310F108459E559A7210C375A544CFA5
                Function 07603678 Relevance: .2, Instructions: 205COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000009.00000002.2367645582.0000000007600000.00000040.00000800.00020000.00000000.sdmp, Offset: 07600000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_9_2_7600000_VgPjxShbdbBH.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2d44f889647f160c16213a2474b3d7a80a7c4813eadbabd771f2b20bfb711160
                • Instruction ID: aa7772c34f8eef9bcec29b3da2cba6fcfbb449fd57cfd8b36320f5af99b9ae95
                • Opcode Fuzzy Hash: 2d44f889647f160c16213a2474b3d7a80a7c4813eadbabd771f2b20bfb711160
                • Instruction Fuzzy Hash: B2812474600601CFC745EF78C894AAABBE6FF89310B1185ACE55ACB365EF30AD45CB91
                Function 07603688 Relevance: .2, Instructions: 198COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000009.00000002.2367645582.0000000007600000.00000040.00000800.00020000.00000000.sdmp, Offset: 07600000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_9_2_7600000_VgPjxShbdbBH.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0eb35b424ebbf5cc57627e74bb96141925aa7b2c7882400561e65ef5539977c8
                • Instruction ID: 1510365b797bf6295bd6431d705d2cc70224733b2694334bfc55455aac6b29a9
                • Opcode Fuzzy Hash: 0eb35b424ebbf5cc57627e74bb96141925aa7b2c7882400561e65ef5539977c8
                • Instruction Fuzzy Hash: 2E811474600601CFD745EF78C894AAABBE6FF89310B1085ACE55ACB364EF70AD45CB91
                Function 07604561 Relevance: .1, Instructions: 126COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000009.00000002.2367645582.0000000007600000.00000040.00000800.00020000.00000000.sdmp, Offset: 07600000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_9_2_7600000_VgPjxShbdbBH.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a5798d54a9f2e099479084b30397c9700b8a729b87cac7cdc23e59678af451e0
                • Instruction ID: 6fae42f1ee6f82be719e2fcbb1286548c26cf4b11f7df5b5980dd5ec51a76e5e
                • Opcode Fuzzy Hash: a5798d54a9f2e099479084b30397c9700b8a729b87cac7cdc23e59678af451e0
                • Instruction Fuzzy Hash: FF4181F4928595CFC728CF5AD4849BABFB8FF4F300F019494D55AAB296EB319412CB80
                Function 076047C0 Relevance: .1, Instructions: 121COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000009.00000002.2367645582.0000000007600000.00000040.00000800.00020000.00000000.sdmp, Offset: 07600000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_9_2_7600000_VgPjxShbdbBH.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: bc3c234c7b4f13bb8db235c88f42deda23f6d1f00991eca82201670f94860358
                • Instruction ID: cc7c6b23e5d0da056f6f5c09e436cec1df1d103325a5ba0380b297bbf0a80478
                • Opcode Fuzzy Hash: bc3c234c7b4f13bb8db235c88f42deda23f6d1f00991eca82201670f94860358
                • Instruction Fuzzy Hash: FA413CB5E152899BDB24CFA9D8409EEBBB9EB0B210F005925E606E7391DA30D941CF90
                Function 07604570 Relevance: .1, Instructions: 114COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000009.00000002.2367645582.0000000007600000.00000040.00000800.00020000.00000000.sdmp, Offset: 07600000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_9_2_7600000_VgPjxShbdbBH.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 606d651cc565ae32f7b81e564999dd8287bda2fbffd586541352666823bb6b70
                • Instruction ID: 0d80b9dcef4f398dfb7098a1341ee231ab0c3128f9bf6dbf55161059bd6b3df4
                • Opcode Fuzzy Hash: 606d651cc565ae32f7b81e564999dd8287bda2fbffd586541352666823bb6b70
                • Instruction Fuzzy Hash: 8E417BF4928159CFD728CF56C4849BABFB8BB4F300F419890D55AAB256EB31D8128B40
                Function 076046B0 Relevance: .1, Instructions: 90COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000009.00000002.2367645582.0000000007600000.00000040.00000800.00020000.00000000.sdmp, Offset: 07600000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_9_2_7600000_VgPjxShbdbBH.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 686f5db13e7407f17b1043282875fcbc298d1bb5467cd26b080af49b90427d92
                • Instruction ID: a1679a986f92fb58bfc9bcfcd1a028574ab9d48bac76b7ad9a6279c953437ec0
                • Opcode Fuzzy Hash: 686f5db13e7407f17b1043282875fcbc298d1bb5467cd26b080af49b90427d92
                • Instruction Fuzzy Hash: 00315CB492425ACFCB64CF6AD5859BFBFF8BB0B200B505050D54AE3355EB30D921CB91
                Function 0163D1D4 Relevance: .1, Instructions: 72COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000009.00000002.2259505127.000000000163D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0163D000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_9_2_163d000_VgPjxShbdbBH.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ca49be5b473568b3f1d81281cc8516c12e5f1116078fe9ead442eef59b0fcb83
                • Instruction ID: 92da97495860316ff0828f3f87d4e4782a634624836d4b38b55f94e2531039b8
                • Opcode Fuzzy Hash: ca49be5b473568b3f1d81281cc8516c12e5f1116078fe9ead442eef59b0fcb83
                • Instruction Fuzzy Hash: EF214671504200EFDB05DF98DDC0B26BBA5FBC4324F60C5ADEA494B382C336D816CA61
                Function 0163D0EC Relevance: .1, Instructions: 72COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000009.00000002.2259505127.000000000163D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0163D000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_9_2_163d000_VgPjxShbdbBH.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e033b2d4d8d4ccef17746b3e9757b63f0d14196c4541cbe3f19677a6756cad3a
                • Instruction ID: 21edf9eb7e496c3f1079ca7ec5186c5c47af2567a0d4f615d4931ffb5dda1d6c
                • Opcode Fuzzy Hash: e033b2d4d8d4ccef17746b3e9757b63f0d14196c4541cbe3f19677a6756cad3a
                • Instruction Fuzzy Hash: 542134B1604200EFDB05DF58DDC0B16BB65FBC4315F60C56DE9094B386C37AD806CAA1
                Function 07606614 Relevance: .1, Instructions: 70COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000009.00000002.2367645582.0000000007600000.00000040.00000800.00020000.00000000.sdmp, Offset: 07600000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_9_2_7600000_VgPjxShbdbBH.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c52c737105e38c9cfb6837d25cb9dcfbdd54c424cca87a6bb852b0db0c9e3ebf
                • Instruction ID: 4266785b96e37905a83b269f9c1abe35fa3ff20e4b5bad08390507ead8d1ed8b
                • Opcode Fuzzy Hash: c52c737105e38c9cfb6837d25cb9dcfbdd54c424cca87a6bb852b0db0c9e3ebf
                • Instruction Fuzzy Hash: E03103B0D11218DFDB24CFA9D988BCEBFF4AB48714F20842AE405BB280D7B55845CFA5
                Function 07606460 Relevance: .1, Instructions: 62COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000009.00000002.2367645582.0000000007600000.00000040.00000800.00020000.00000000.sdmp, Offset: 07600000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_9_2_7600000_VgPjxShbdbBH.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8cab77b53b77d2ee0f7c85f267fc077d1dcf2c6df6aff1bec89b24b176c6320a
                • Instruction ID: 2957a944723780f87549690b76fd385b2b25199c9ddb8d328682841321f75fff
                • Opcode Fuzzy Hash: 8cab77b53b77d2ee0f7c85f267fc077d1dcf2c6df6aff1bec89b24b176c6320a
                • Instruction Fuzzy Hash: 4511E3B1A003568B8B1ADB79DC405BFBBF6EBC5260714892DE456D7380EF308D0587A1
                Function 0163D0E7 Relevance: .1, Instructions: 53COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000009.00000002.2259505127.000000000163D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0163D000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_9_2_163d000_VgPjxShbdbBH.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 266c387f8ae13a1d97c860eeb2b613950a144f769af30e4a24cccb1e8c5eac3e
                • Instruction ID: ada15c9eb60ecfee4aa2da9e23d94fb312d910c304e4e63c8908f5f2c9074655
                • Opcode Fuzzy Hash: 266c387f8ae13a1d97c860eeb2b613950a144f769af30e4a24cccb1e8c5eac3e
                • Instruction Fuzzy Hash: A211BB76904280DFDB06CF54D9C0B15BFA2FB84214F24C6A9D8094B396C33AD40ACBA1
                Function 0163D1CF Relevance: .1, Instructions: 53COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000009.00000002.2259505127.000000000163D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0163D000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_9_2_163d000_VgPjxShbdbBH.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 266c387f8ae13a1d97c860eeb2b613950a144f769af30e4a24cccb1e8c5eac3e
                • Instruction ID: b08f02d164fe07956347823110157c79187393378596586e8cfbddd223b35303
                • Opcode Fuzzy Hash: 266c387f8ae13a1d97c860eeb2b613950a144f769af30e4a24cccb1e8c5eac3e
                • Instruction Fuzzy Hash: 8611BB75904280DFCB06CF54D9C0B15BBA1FB84224F24C6A9D9494B397C33AD41ACB61
                Function 0161D759 Relevance: .0, Instructions: 45COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000009.00000002.2246156091.000000000161D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0161D000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_9_2_161d000_VgPjxShbdbBH.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5ea185228fbe237a82384daccfa87fb9d6258714f701dbcb0cd991a89c3a63e5
                • Instruction ID: 3090fb9c2822dcefc52e36e7b88843c5d08dd9cfccb0775cfea48b6d60714c76
                • Opcode Fuzzy Hash: 5ea185228fbe237a82384daccfa87fb9d6258714f701dbcb0cd991a89c3a63e5
                • Instruction Fuzzy Hash: BE01DB71005384EAF7105A59DD88B77FFD8DF41720F1CC51AEE494A38AC7799841C6B1
                Function 07607749 Relevance: .0, Instructions: 37COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000009.00000002.2367645582.0000000007600000.00000040.00000800.00020000.00000000.sdmp, Offset: 07600000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_9_2_7600000_VgPjxShbdbBH.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f9f6265d82b232895892d4f8c72bae4a31742c3ed7f970fa6a8f8bf7706d1318
                • Instruction ID: ac3455368feeb74bd0a07799bc4126dc428c3aadffadebfba37e744c6d181dee
                • Opcode Fuzzy Hash: f9f6265d82b232895892d4f8c72bae4a31742c3ed7f970fa6a8f8bf7706d1318
                • Instruction Fuzzy Hash: 99F09A72604208BFCF09CF64EC4189ABFB9EF06260B0080ABE409DB261D631A91087E5
                Function 0161D758 Relevance: .0, Instructions: 36COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000009.00000002.2246156091.000000000161D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0161D000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_9_2_161d000_VgPjxShbdbBH.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 882a524d28070608bffe85ec3f1ca139151863855b481a912a45300bcc0c9b19
                • Instruction ID: a24de51dbe72bf78a2d61eac7bb2df10c8d2d774cc5a048b2a6bced334781309
                • Opcode Fuzzy Hash: 882a524d28070608bffe85ec3f1ca139151863855b481a912a45300bcc0c9b19
                • Instruction Fuzzy Hash: D9F06271405384AEEB218A1ADC88B62FFA8EF51624F18C55AED485A386C3799844CAB1
                Function 0760A725 Relevance: .0, Instructions: 17COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000009.00000002.2367645582.0000000007600000.00000040.00000800.00020000.00000000.sdmp, Offset: 07600000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_9_2_7600000_VgPjxShbdbBH.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3a2042438e9841ee0927ad1e6f0a1f4bcb95c4302e3bc325fc0dfa403ef48842
                • Instruction ID: 10064a4d32aa5019dd5a567645952565b5fe9cc1c7c6ac9b662865c21033b58c
                • Opcode Fuzzy Hash: 3a2042438e9841ee0927ad1e6f0a1f4bcb95c4302e3bc325fc0dfa403ef48842
                • Instruction Fuzzy Hash: 49E04FB49143589FCB10DFA0C851BDFBBB2BF49300F0441E9C106A7650D7315A41CF42
                Function 0760C73E Relevance: .0, Instructions: 15COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000009.00000002.2367645582.0000000007600000.00000040.00000800.00020000.00000000.sdmp, Offset: 07600000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_9_2_7600000_VgPjxShbdbBH.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3e9d2939ca30cf30c6a6d3f9ff1d42169338e8f8a5faa86a8a128e5e7471b0e2
                • Instruction ID: 67bf5b4ebfbdcfbe53be40849cd4b261b04448af048b46d923421a7446e23f1b
                • Opcode Fuzzy Hash: 3e9d2939ca30cf30c6a6d3f9ff1d42169338e8f8a5faa86a8a128e5e7471b0e2
                • Instruction Fuzzy Hash: 40E08C704043489FC7459B60C0498AA3F38BF56211B281280E8665A193DB39C8438B90