Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe

Overview

General Information

Sample name:SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe
Analysis ID:1539814
MD5:88219c96c3a3b4953d1ef76002f82282
SHA1:e47ef493cc3ffeaa638f31ae6635b0f73420fb22
SHA256:0e451ce1db9f82077de2d8f16f2010e3273795cff50c64ca515e7f9f0401022d
Tags:exe
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected AntiVM3
Yara detected FormBook
.NET source code contains potential unpacker
AI detected suspicious sample
Adds a directory exclusion to Windows Defender
Injects a PE file into a foreign processes
Loading BitLocker PowerShell Module
Machine Learning detection for sample
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
AV process strings found (often used to terminate AV products)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: Powershell Defender Exclusion
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe (PID: 3200 cmdline: "C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe" MD5: 88219C96C3A3B4953D1EF76002F82282)
    • powershell.exe (PID: 876 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 5064 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • WmiPrvSE.exe (PID: 2644 cmdline: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding MD5: 60FF40CFD7FB8FE41EE4FE9AE5FE1C51)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000008.00000002.2204974095.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000008.00000002.2204974095.0000000000400000.00000040.00000400.00020000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x2f213:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0x173c2:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    Process Memory Space: SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe PID: 3200JoeSecurity_AntiVM_3Yara detected AntiVM_3Joe Security

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      8.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        8.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.400000.0.unpackWindows_Trojan_Formbook_1112e116unknownunknown
        • 0x2e413:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
        • 0x165c2:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
        8.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          8.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.400000.0.raw.unpackWindows_Trojan_Formbook_1112e116unknownunknown
          • 0x2f213:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
          • 0x173c2:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01

          Sigma Signatures

          System Summary

          barindex
          Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
          Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe", ParentImage: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe, ParentProcessId: 3200, ParentProcessName: SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe", ProcessId: 876, ProcessName: powershell.exe
          Sigma detected: Powershell Defender Exclusion
          Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe", ParentImage: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe, ParentProcessId: 3200, ParentProcessName: SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe", ProcessId: 876, ProcessName: powershell.exe
          Sigma detected: Non Interactive PowerShell Process Spawned
          Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe", ParentImage: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe, ParentProcessId: 3200, ParentProcessName: SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe", ProcessId: 876, ProcessName: powershell.exe

          Suricata Signatures

          No Suricata rule has matched

          Joe Sandbox Signatures

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Multi AV Scanner detection for submitted file
          Source: SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeReversingLabs: Detection: 28%
          Yara detected FormBook
          Source: Yara matchFile source: 8.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 8.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000008.00000002.2204974095.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          AI detected suspicious sample
          Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.9% probability
          Machine Learning detection for sample
          Source: SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeJoe Sandbox ML: detected
          Source: SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
          Source: SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
          Source: Binary string: wntdll.pdbUGP source: SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe, 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp
          Source: Binary string: wntdll.pdb source: SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe, SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe, 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp
          Source: Binary string: BazQ.pdb source: SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe
          Source: Binary string: BazQ.pdbSHA256 source: SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe
          Source: SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe, 00000000.00000002.2167000791.000000000341A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
          Source: Amcache.hve.11.drString found in binary or memory: http://upx.sf.net

          E-Banking Fraud

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 8.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 8.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000008.00000002.2204974095.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY

          System Summary

          barindex
          Malicious sample detected (through community Yara rule)
          Source: 8.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 8.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000008.00000002.2204974095.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_0042C4E3 NtClose,8_2_0042C4E3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B22DF0 NtQuerySystemInformation,LdrInitializeThunk,8_2_01B22DF0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B24340 NtSetContextThread,8_2_01B24340
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B24650 NtSuspendThread,8_2_01B24650
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B22BA0 NtEnumerateValueKey,8_2_01B22BA0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B22B80 NtQueryInformationFile,8_2_01B22B80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B22BF0 NtAllocateVirtualMemory,8_2_01B22BF0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B22BE0 NtQueryValueKey,8_2_01B22BE0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B22B60 NtClose,8_2_01B22B60
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B22AB0 NtWaitForSingleObject,8_2_01B22AB0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B22AF0 NtWriteFile,8_2_01B22AF0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B22AD0 NtReadFile,8_2_01B22AD0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B22DB0 NtEnumerateKey,8_2_01B22DB0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B22DD0 NtDelayExecution,8_2_01B22DD0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B22D30 NtUnmapViewOfSection,8_2_01B22D30
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B22D10 NtMapViewOfSection,8_2_01B22D10
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B22D00 NtSetInformationFile,8_2_01B22D00
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B22CA0 NtQueryInformationToken,8_2_01B22CA0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B22CF0 NtOpenProcess,8_2_01B22CF0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B22CC0 NtQueryVirtualMemory,8_2_01B22CC0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B22C00 NtQueryInformationProcess,8_2_01B22C00
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B22C70 NtFreeVirtualMemory,8_2_01B22C70
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B22C60 NtCreateKey,8_2_01B22C60
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B22FB0 NtResumeThread,8_2_01B22FB0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B22FA0 NtQuerySection,8_2_01B22FA0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B22F90 NtProtectVirtualMemory,8_2_01B22F90
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B22FE0 NtCreateFile,8_2_01B22FE0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B22F30 NtCreateSection,8_2_01B22F30
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B22F60 NtCreateProcessEx,8_2_01B22F60
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B22EA0 NtAdjustPrivilegesToken,8_2_01B22EA0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B22E80 NtReadVirtualMemory,8_2_01B22E80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B22EE0 NtQueueApcThread,8_2_01B22EE0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B22E30 NtWriteVirtualMemory,8_2_01B22E30
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B23090 NtSetValueKey,8_2_01B23090
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B23010 NtOpenDirectoryObject,8_2_01B23010
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B235C0 NtCreateMutant,8_2_01B235C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B239B0 NtGetContextThread,8_2_01B239B0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B23D10 NtOpenProcessToken,8_2_01B23D10
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B23D70 NtOpenThread,8_2_01B23D70
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 0_2_030FD57C0_2_030FD57C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 0_2_05CAA5980_2_05CAA598
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 0_2_05CA14DF0_2_05CA14DF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 0_2_05CA14F00_2_05CA14F0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 0_2_05CA83E80_2_05CA83E8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 0_2_05CA12510_2_05CA1251
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 0_2_05CA12600_2_05CA1260
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 0_2_05CA7FB00_2_05CA7FB0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 0_2_05CA9BD80_2_05CA9BD8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 0_2_05CA9BE80_2_05CA9BE8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 0_2_05CA7B780_2_05CA7B78
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 0_2_05CA7B720_2_05CA7B72
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_0040284A8_2_0040284A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_004028508_2_00402850
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_004100938_2_00410093
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_004031508_2_00403150
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_0040E1138_2_0040E113
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_0042EB038_2_0042EB03
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_0040FE6E8_2_0040FE6E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_0040FE738_2_0040FE73
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_004167338_2_00416733
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01BB01AA8_2_01BB01AA
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01BA41A28_2_01BA41A2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01BA81CC8_2_01BA81CC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B8A1188_2_01B8A118
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AE01008_2_01AE0100
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B781588_2_01B78158
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B820008_2_01B82000
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01BB03E68_2_01BB03E6
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AFE3F08_2_01AFE3F0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01BAA3528_2_01BAA352
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B702C08_2_01B702C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B902748_2_01B90274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01BB05918_2_01BB0591
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AF05358_2_01AF0535
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B9E4F68_2_01B9E4F6
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B944208_2_01B94420
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01BA24468_2_01BA2446
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AEC7C08_2_01AEC7C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AF07708_2_01AF0770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B147508_2_01B14750
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B0C6E08_2_01B0C6E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AF29A08_2_01AF29A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01BBA9A68_2_01BBA9A6
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B069628_2_01B06962
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AD68B88_2_01AD68B8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B1E8F08_2_01B1E8F0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AF28408_2_01AF2840
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AFA8408_2_01AFA840
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01BA6BD78_2_01BA6BD7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01BAAB408_2_01BAAB40
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AEEA808_2_01AEEA80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B08DBF8_2_01B08DBF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AEADE08_2_01AEADE0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B8CD1F8_2_01B8CD1F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AFAD008_2_01AFAD00
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B90CB58_2_01B90CB5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AE0CF28_2_01AE0CF2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AF0C008_2_01AF0C00
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B6EFA08_2_01B6EFA0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AFCFE08_2_01AFCFE0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AE2FC88_2_01AE2FC8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B10F308_2_01B10F30
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B92F308_2_01B92F30
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B32F288_2_01B32F28
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B64F408_2_01B64F40
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B02E908_2_01B02E90
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01BACE938_2_01BACE93
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01BAEEDB8_2_01BAEEDB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01BAEE268_2_01BAEE26
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AF0E598_2_01AF0E59
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AFB1B08_2_01AFB1B0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01BBB16B8_2_01BBB16B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B2516C8_2_01B2516C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01ADF1728_2_01ADF172
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01BA70E98_2_01BA70E9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01BAF0E08_2_01BAF0E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AF70C08_2_01AF70C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B9F0CC8_2_01B9F0CC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B3739A8_2_01B3739A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01BA132D8_2_01BA132D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01ADD34C8_2_01ADD34C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AF52A08_2_01AF52A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B912ED8_2_01B912ED
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B0B2C08_2_01B0B2C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B8D5B08_2_01B8D5B0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01BB95C38_2_01BB95C3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01BA75718_2_01BA7571
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01BAF43F8_2_01BAF43F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AE14608_2_01AE1460
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01BAF7B08_2_01BAF7B0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01BA16CC8_2_01BA16CC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B356308_2_01B35630
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B859108_2_01B85910
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B0B9508_2_01B0B950
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AF99508_2_01AF9950
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AF38E08_2_01AF38E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B5D8008_2_01B5D800
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B0FB808_2_01B0FB80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B65BF08_2_01B65BF0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B2DBF98_2_01B2DBF9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01BAFB768_2_01BAFB76
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B35AA08_2_01B35AA0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B8DAAC8_2_01B8DAAC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B91AA38_2_01B91AA3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B9DAC68_2_01B9DAC6
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B63A6C8_2_01B63A6C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01BAFA498_2_01BAFA49
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01BA7A468_2_01BA7A46
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B0FDC08_2_01B0FDC0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01BA7D738_2_01BA7D73
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01BA1D5A8_2_01BA1D5A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AF3D408_2_01AF3D40
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01BAFCF28_2_01BAFCF2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B69C328_2_01B69C32
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01BAFFB18_2_01BAFFB1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AF1F928_2_01AF1F92
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AB3FD28_2_01AB3FD2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AB3FD58_2_01AB3FD5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01BAFF098_2_01BAFF09
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AF9EB08_2_01AF9EB0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: String function: 01ADB970 appears 280 times
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: String function: 01B37E54 appears 111 times
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: String function: 01B6F290 appears 105 times
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: String function: 01B5EA12 appears 86 times
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: String function: 01B25130 appears 58 times
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 2156 -s 200
          Source: SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe, 00000000.00000002.2179622007.0000000007B70000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe
          Source: SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe, 00000000.00000002.2164933520.00000000014FE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe
          Source: SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe, 00000000.00000000.2138764690.0000000000E22000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameBazQ.exeF vs SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe
          Source: SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe, 00000008.00000002.2205342045.0000000001BDD000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe
          Source: SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeBinary or memory string: OriginalFilenameBazQ.exeF vs SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe
          Source: SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
          Source: 8.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 8.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000008.00000002.2204974095.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.4c66778.0.raw.unpack, P2J1vSZIuxAr5sYAON.csSecurity API names: _0020.SetAccessControl
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.4c66778.0.raw.unpack, P2J1vSZIuxAr5sYAON.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.4c66778.0.raw.unpack, P2J1vSZIuxAr5sYAON.csSecurity API names: _0020.AddAccessRule
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.7b70000.3.raw.unpack, bromSDmMgmk7NjA8Wh.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.4cee598.1.raw.unpack, bromSDmMgmk7NjA8Wh.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.4c66778.0.raw.unpack, bromSDmMgmk7NjA8Wh.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.7b70000.3.raw.unpack, P2J1vSZIuxAr5sYAON.csSecurity API names: _0020.SetAccessControl
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.7b70000.3.raw.unpack, P2J1vSZIuxAr5sYAON.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.7b70000.3.raw.unpack, P2J1vSZIuxAr5sYAON.csSecurity API names: _0020.AddAccessRule
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.4cee598.1.raw.unpack, P2J1vSZIuxAr5sYAON.csSecurity API names: _0020.SetAccessControl
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.4cee598.1.raw.unpack, P2J1vSZIuxAr5sYAON.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.4cee598.1.raw.unpack, P2J1vSZIuxAr5sYAON.csSecurity API names: _0020.AddAccessRule
          Source: classification engineClassification label: mal100.troj.evad.winEXE@14/11@0/0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.logJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5064:120:WilError_03
          Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess2156
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_f53wo0an.uor.ps1Jump to behavior
          Source: SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeReversingLabs: Detection: 28%
          Source: unknownProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe"
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe"
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe"
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe"
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe"
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe"
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 2156 -s 200
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe"Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe"Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe"Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe"Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe"Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeSection loaded: mscoree.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeSection loaded: apphelp.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeSection loaded: version.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeSection loaded: profapi.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeSection loaded: cryptsp.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeSection loaded: rsaenh.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeSection loaded: cryptbase.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeSection loaded: windowscodecs.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeSection loaded: userenv.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeSection loaded: msasn1.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeSection loaded: gpapi.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeSection loaded: dwrite.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeSection loaded: iconcodecservice.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeSection loaded: propsys.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeSection loaded: edputil.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeSection loaded: urlmon.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeSection loaded: iertutil.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeSection loaded: srvcli.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeSection loaded: netutils.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeSection loaded: windows.staterepositoryps.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeSection loaded: sspicli.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeSection loaded: wintypes.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeSection loaded: appresolver.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeSection loaded: bcp47langs.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeSection loaded: slc.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeSection loaded: sppc.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeSection loaded: onecorecommonproxystub.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
          Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: fastprox.dllJump to behavior
          Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: ncobjapi.dllJump to behavior
          Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dllJump to behavior
          Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dllJump to behavior
          Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mpclient.dllJump to behavior
          Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: userenv.dllJump to behavior
          Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: version.dllJump to behavior
          Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: userenv.dllJump to behavior
          Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: msasn1.dllJump to behavior
          Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wmitomi.dllJump to behavior
          Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mi.dllJump to behavior
          Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dllJump to behavior
          Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dllJump to behavior
          Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: gpapi.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
          Source: Window RecorderWindow detected: More than 3 window changes detected
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
          Source: SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
          Source: SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
          Source: SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
          Source: Binary string: wntdll.pdbUGP source: SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe, 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp
          Source: Binary string: wntdll.pdb source: SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe, SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe, 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp
          Source: Binary string: BazQ.pdb source: SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe
          Source: Binary string: BazQ.pdbSHA256 source: SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe

          Data Obfuscation

          barindex
          .NET source code contains potential unpacker
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.7b70000.3.raw.unpack, P2J1vSZIuxAr5sYAON.cs.Net Code: eOxsMhAa2w System.Reflection.Assembly.Load(byte[])
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.4cee598.1.raw.unpack, P2J1vSZIuxAr5sYAON.cs.Net Code: eOxsMhAa2w System.Reflection.Assembly.Load(byte[])
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.4c66778.0.raw.unpack, P2J1vSZIuxAr5sYAON.cs.Net Code: eOxsMhAa2w System.Reflection.Assembly.Load(byte[])
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.5a70000.2.raw.unpack, Uo.cs.Net Code: _202A_202E_206E_206A_202B_206A_200E_200D_206F_200D_200C_200B_206E_202C_202B_200E_206A_202D_202A_202C_202E_206B_202C_202E_202D_206F_206C_200E_202D_206B_202D_206D_202A_200C_200C_200B_200C_202B_200D_202E_202E System.Reflection.Assembly.Load(byte[])
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 0_2_05CAD212 push esp; ret 0_2_05CAD219
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 0_2_05CACE8E push cs; retf 0_2_05CACE8F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_0041F0D1 push ebp; iretd 8_2_0041F0DA
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_004118F3 push esp; iretd 8_2_00411926
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_004118B0 push esp; iretd 8_2_00411926
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_00415A79 push eax; retf 8_2_00415A83
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_0041B2EA pushfd ; retf 8_2_0041B2ED
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_004033D0 push eax; ret 8_2_004033D2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_0040BCC7 push C1009F53h; ret 8_2_0040BCCE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_00406567 push edx; iretd 8_2_00406568
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_004165BD pushfd ; retf 8_2_004165C1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_0040863B push ebx; iretd 8_2_0040863C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_0041E74B push ds; iretd 8_2_0041E74C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AB225F pushad ; ret 8_2_01AB27F9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AB27FA pushad ; ret 8_2_01AB27F9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AE09AD push ecx; mov dword ptr [esp], ecx8_2_01AE09B6
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AB283D push eax; iretd 8_2_01AB2858
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AB1368 push eax; iretd 8_2_01AB1369
          Source: SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeStatic PE information: section name: .text entropy: 7.725761342234378
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.7b70000.3.raw.unpack, Jibr8sVvmBM5igK2sn.csHigh entropy of concatenated method names: 'DRmQvCg6u8', 'RipQCTFJOc', 'QUZQm31eBJ', 'agYQVwTZSF', 'MaYQiEPxLE', 'efyQqZEVpV', 'KfnQbIUdNv', 'wJcQknWU1c', 'CNtQG0krdg', 'xf3QjWFMkd'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.7b70000.3.raw.unpack, BN78daOGGwb84epHLl.csHigh entropy of concatenated method names: 'VIpi2pNPTc', 'bSHihpoleu', 'CRsiOPeWxJ', 'dv5iFSZXWf', 'ilwiNqaP7W', 'E8Li8d7J8q', 'dHCi9MaT1E', 'FDNiyybUx3', 'bfXi7H12PL', 'Wxpiof1Jmp'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.7b70000.3.raw.unpack, jXNpgMcmSNGyrfQRfT.csHigh entropy of concatenated method names: 'QKeMqCuZv', 'KPSvlIYeY', 'OpsCDMTJt', 'eNx3BGmnN', 'dbxVyCpND', 'nVwTmaPiu', 'gb6UQKXeSo27JDYeKY', 'LFV3HjaP6VCU9KbIdU', 'aPskOyflI', 'ClXjFFdlX'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.7b70000.3.raw.unpack, vSh5VDQHd7EuIYgL72.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'qhkcu8ARZK', 'DXecPu2qZj', 'm7lczZAFUR', 'zoOJtmWfRb', 'eXOJw81xwV', 's4vJcDTwMj', 'HLuJJ5vVGP', 'd77whYHdeP3o1qIYb8y'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.7b70000.3.raw.unpack, Psg6cixEAN10YiZ8WR.csHigh entropy of concatenated method names: 'd8DbWhXAmB', 'zngbHCEP1c', 'ToString', 'lXgbXrKm1p', 'dLgbrydoOm', 'MMmbQ4PNto', 'RDCbgpU2hP', 'mHPb04PFYo', 'eYNbDcQcfu', 'SZdbZisUEQ'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.7b70000.3.raw.unpack, P8JmvjlvVYqKKZwfL3.csHigh entropy of concatenated method names: 'lvp0SISJtx', 'LLq0rvkY4D', 'XcM0gqOBCr', 'JbX0DFsNb0', 'Fby0ZyOVuS', 'YMsgIROy8a', 'rBpgaPMb1q', 'blagAfBWlG', 'qwHgdBqRol', 'rUsgu8oAf2'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.7b70000.3.raw.unpack, o3sjhQat5G5fJsTtJF.csHigh entropy of concatenated method names: 'FG7bd9oiWD', 'BfNbPEuBsA', 'QPhktnO9Cj', 'VoJkw7c0IH', 'bhbb16CrDE', 'T9GbhtCou6', 'h20bUuYl86', 'pLYbO1HdHJ', 'HgabFb9crk', 'Tn5bBgCxUV'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.7b70000.3.raw.unpack, sNAd1ewJ5pgvIPCkKMM.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'BOajOYvjX4', 'c8DjFV4WhP', 'P4sjBYPTGt', 'eq3jxCmpoe', 'axIjIRjnUy', 'K5pjamXnbA', 'NqWjApMGD0'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.7b70000.3.raw.unpack, AXs1S5p2lJaAdpMlX9.csHigh entropy of concatenated method names: 'rKvDYX6gsc', 'HOBDn3AToL', 'luKDMlN578', 'cm6Dv4y13m', 'yqPD6yMdCG', 'XSXDCK9Ba7', 'luyD3Y1GNY', 'LE1DmN7xE2', 'EB6DVB626u', 'g6vDTBK7Kj'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.7b70000.3.raw.unpack, kRehDSUdr7R8Z36WOj.csHigh entropy of concatenated method names: 'jTJEmJm3sg', 'tH1EVYb9kL', 'eZSElhSQmp', 'pbeENWymQ9', 'AWmE9bSmKK', 'bgdEyxhWqq', 'FXFEoYtvtc', 'xvXEephaFe', 'bW2E2UoORg', 'A1tE1F5CCQ'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.7b70000.3.raw.unpack, bromSDmMgmk7NjA8Wh.csHigh entropy of concatenated method names: 'eoKrO60tWh', 'twnrFRE03a', 'UvyrBQwsYm', 'Hktrx9SfGm', 'DvXrIURveH', 'mwqraGmttO', 'PiKrAVwQqP', 'wOCrd4jrd0', 'jQpruoPQe6', 'l3UrPDM8eI'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.7b70000.3.raw.unpack, CnmMe2TQp9PLCNDy2Q.csHigh entropy of concatenated method names: 'c6fg6ZbihG', 'j81g3u4xxg', 'wyYQ8CtSIk', 'pjaQ9eGRMu', 'J4KQyoEEPC', 'e3YQ7ojm1g', 'cnQQo66mJ4', 'PduQeWwaji', 'e0uQplYnXb', 'm5OQ2gxrkA'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.7b70000.3.raw.unpack, xCeuh7PDBGX7g80MJL.csHigh entropy of concatenated method names: 'lttGwGsbQy', 'UZyGJX4XLx', 'gffGsjwHuW', 'CRFGXGIfJb', 'IgGGr4jPGL', 'UcZGg372L1', 'FSdG0M6iCI', 'YITkAASwc6', 'ypSkdFfxNy', 'mTtkumMOUr'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.7b70000.3.raw.unpack, wnZUCPd5hq2eCVbC9X.csHigh entropy of concatenated method names: 'fGZkXlvn3F', 'KRIkrrLDZI', 'stfkQW7Fyp', 'XZvkg08MaZ', 'GrBk0K6mr5', 'iU1kDlfQdw', 'uh1kZht6Fi', 'XELkKvJJnX', 'RvEkWEhYcH', 'rlPkHofGT5'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.7b70000.3.raw.unpack, bu4lvbz2toDMF6YCEb.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'kQAGEsZq5D', 'FLvGiq87VU', 'l6KGq8b3nV', 'KtKGbASUce', 'b2mGkBfbtX', 'xXYGGcFP1q', 'TpJGjaJ7Yx'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.7b70000.3.raw.unpack, xm2huPwtjajO1yCxlcB.csHigh entropy of concatenated method names: 'nYsGYZ1iSr', 'UolGnZHhDp', 'TbjGMvHYEt', 'uwaGvX2G4s', 'Ic9G6G4VD8', 'rp6GCEl7Ce', 'jjaG3m0VHu', 'WedGmQQEYg', 'ijlGVX1rVr', 'DQbGTc3sUr'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.7b70000.3.raw.unpack, poUqntoNQ9bV9OFe16.csHigh entropy of concatenated method names: 'wgkDXypMQ8', 'IEoDQwRFOS', 'dRhD0c8VuP', 'wKg0PfB1f7', 'eI80zQ3hbE', 'AYfDtCO2jL', 'u3GDwKRLqf', 'ionDc3WJRm', 'Kk1DJy7dS9', 'oRqDs1lh3F'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.7b70000.3.raw.unpack, P2J1vSZIuxAr5sYAON.csHigh entropy of concatenated method names: 'DaOJSYZF3s', 'CRsJX77ox6', 'O20JrdsTVn', 'GqRJQ0pQEL', 'bKFJgv4Apc', 'QGdJ0kiKxy', 'FthJD5B8fA', 'WhCJZyHk7D', 'BH3JKMeKx1', 'BsaJWkCk2o'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.7b70000.3.raw.unpack, qHYeOWsYPPnd4RYjGu.csHigh entropy of concatenated method names: 'E6cwDromSD', 'zgmwZk7NjA', 'dvmwWBM5ig', 'l2swHnCnmM', 'GDywi2Qh8J', 'DvjwqvVYqK', 'gYEQRasZuXtyBniQFF', 'IZB6kYJtaO42uPILWj', 'KjhwwLdHks', 'eP7wJhyxMe'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.7b70000.3.raw.unpack, j8hj9arRDNoh4P6tNU.csHigh entropy of concatenated method names: 'Dispose', 'Ylcwu5kxpe', 'yIacNpHQok', 'Wqassk2KGc', 'dRnwPZUCP5', 'Pq2wzeCVbC', 'ProcessDialogKey', 'IXcctqkmNq', 'KtycwNem6d', 'EQLccYCeuh'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.7b70000.3.raw.unpack, XkcIsLNj1Z3WMhtLtd.csHigh entropy of concatenated method names: 'AxJCK221EYEqsTlWcI7', 'Xmp72T26EF1f5iUWG3H', 'btP0kNdmow', 'oXn0GDh8wT', 'CSi0jsRpF6', 'j0JCal2uNZoMiSiOZm0', 'BNyKPG2hbGkLYJeI3gQ'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.7b70000.3.raw.unpack, cqkmNqu7tyNem6dVQL.csHigh entropy of concatenated method names: 'o7vkl91N50', 'GwLkNW9Px5', 'VH8k8PW3EL', 'sVJk9up6at', 'EtLkOlvO5X', 'h0BkyJAA8P', 'Next', 'Next', 'Next', 'NextBytes'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.4cee598.1.raw.unpack, Jibr8sVvmBM5igK2sn.csHigh entropy of concatenated method names: 'DRmQvCg6u8', 'RipQCTFJOc', 'QUZQm31eBJ', 'agYQVwTZSF', 'MaYQiEPxLE', 'efyQqZEVpV', 'KfnQbIUdNv', 'wJcQknWU1c', 'CNtQG0krdg', 'xf3QjWFMkd'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.4cee598.1.raw.unpack, BN78daOGGwb84epHLl.csHigh entropy of concatenated method names: 'VIpi2pNPTc', 'bSHihpoleu', 'CRsiOPeWxJ', 'dv5iFSZXWf', 'ilwiNqaP7W', 'E8Li8d7J8q', 'dHCi9MaT1E', 'FDNiyybUx3', 'bfXi7H12PL', 'Wxpiof1Jmp'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.4cee598.1.raw.unpack, jXNpgMcmSNGyrfQRfT.csHigh entropy of concatenated method names: 'QKeMqCuZv', 'KPSvlIYeY', 'OpsCDMTJt', 'eNx3BGmnN', 'dbxVyCpND', 'nVwTmaPiu', 'gb6UQKXeSo27JDYeKY', 'LFV3HjaP6VCU9KbIdU', 'aPskOyflI', 'ClXjFFdlX'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.4cee598.1.raw.unpack, vSh5VDQHd7EuIYgL72.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'qhkcu8ARZK', 'DXecPu2qZj', 'm7lczZAFUR', 'zoOJtmWfRb', 'eXOJw81xwV', 's4vJcDTwMj', 'HLuJJ5vVGP', 'd77whYHdeP3o1qIYb8y'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.4cee598.1.raw.unpack, Psg6cixEAN10YiZ8WR.csHigh entropy of concatenated method names: 'd8DbWhXAmB', 'zngbHCEP1c', 'ToString', 'lXgbXrKm1p', 'dLgbrydoOm', 'MMmbQ4PNto', 'RDCbgpU2hP', 'mHPb04PFYo', 'eYNbDcQcfu', 'SZdbZisUEQ'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.4cee598.1.raw.unpack, P8JmvjlvVYqKKZwfL3.csHigh entropy of concatenated method names: 'lvp0SISJtx', 'LLq0rvkY4D', 'XcM0gqOBCr', 'JbX0DFsNb0', 'Fby0ZyOVuS', 'YMsgIROy8a', 'rBpgaPMb1q', 'blagAfBWlG', 'qwHgdBqRol', 'rUsgu8oAf2'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.4cee598.1.raw.unpack, o3sjhQat5G5fJsTtJF.csHigh entropy of concatenated method names: 'FG7bd9oiWD', 'BfNbPEuBsA', 'QPhktnO9Cj', 'VoJkw7c0IH', 'bhbb16CrDE', 'T9GbhtCou6', 'h20bUuYl86', 'pLYbO1HdHJ', 'HgabFb9crk', 'Tn5bBgCxUV'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.4cee598.1.raw.unpack, sNAd1ewJ5pgvIPCkKMM.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'BOajOYvjX4', 'c8DjFV4WhP', 'P4sjBYPTGt', 'eq3jxCmpoe', 'axIjIRjnUy', 'K5pjamXnbA', 'NqWjApMGD0'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.4cee598.1.raw.unpack, AXs1S5p2lJaAdpMlX9.csHigh entropy of concatenated method names: 'rKvDYX6gsc', 'HOBDn3AToL', 'luKDMlN578', 'cm6Dv4y13m', 'yqPD6yMdCG', 'XSXDCK9Ba7', 'luyD3Y1GNY', 'LE1DmN7xE2', 'EB6DVB626u', 'g6vDTBK7Kj'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.4cee598.1.raw.unpack, kRehDSUdr7R8Z36WOj.csHigh entropy of concatenated method names: 'jTJEmJm3sg', 'tH1EVYb9kL', 'eZSElhSQmp', 'pbeENWymQ9', 'AWmE9bSmKK', 'bgdEyxhWqq', 'FXFEoYtvtc', 'xvXEephaFe', 'bW2E2UoORg', 'A1tE1F5CCQ'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.4cee598.1.raw.unpack, bromSDmMgmk7NjA8Wh.csHigh entropy of concatenated method names: 'eoKrO60tWh', 'twnrFRE03a', 'UvyrBQwsYm', 'Hktrx9SfGm', 'DvXrIURveH', 'mwqraGmttO', 'PiKrAVwQqP', 'wOCrd4jrd0', 'jQpruoPQe6', 'l3UrPDM8eI'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.4cee598.1.raw.unpack, CnmMe2TQp9PLCNDy2Q.csHigh entropy of concatenated method names: 'c6fg6ZbihG', 'j81g3u4xxg', 'wyYQ8CtSIk', 'pjaQ9eGRMu', 'J4KQyoEEPC', 'e3YQ7ojm1g', 'cnQQo66mJ4', 'PduQeWwaji', 'e0uQplYnXb', 'm5OQ2gxrkA'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.4cee598.1.raw.unpack, xCeuh7PDBGX7g80MJL.csHigh entropy of concatenated method names: 'lttGwGsbQy', 'UZyGJX4XLx', 'gffGsjwHuW', 'CRFGXGIfJb', 'IgGGr4jPGL', 'UcZGg372L1', 'FSdG0M6iCI', 'YITkAASwc6', 'ypSkdFfxNy', 'mTtkumMOUr'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.4cee598.1.raw.unpack, wnZUCPd5hq2eCVbC9X.csHigh entropy of concatenated method names: 'fGZkXlvn3F', 'KRIkrrLDZI', 'stfkQW7Fyp', 'XZvkg08MaZ', 'GrBk0K6mr5', 'iU1kDlfQdw', 'uh1kZht6Fi', 'XELkKvJJnX', 'RvEkWEhYcH', 'rlPkHofGT5'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.4cee598.1.raw.unpack, bu4lvbz2toDMF6YCEb.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'kQAGEsZq5D', 'FLvGiq87VU', 'l6KGq8b3nV', 'KtKGbASUce', 'b2mGkBfbtX', 'xXYGGcFP1q', 'TpJGjaJ7Yx'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.4cee598.1.raw.unpack, xm2huPwtjajO1yCxlcB.csHigh entropy of concatenated method names: 'nYsGYZ1iSr', 'UolGnZHhDp', 'TbjGMvHYEt', 'uwaGvX2G4s', 'Ic9G6G4VD8', 'rp6GCEl7Ce', 'jjaG3m0VHu', 'WedGmQQEYg', 'ijlGVX1rVr', 'DQbGTc3sUr'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.4cee598.1.raw.unpack, poUqntoNQ9bV9OFe16.csHigh entropy of concatenated method names: 'wgkDXypMQ8', 'IEoDQwRFOS', 'dRhD0c8VuP', 'wKg0PfB1f7', 'eI80zQ3hbE', 'AYfDtCO2jL', 'u3GDwKRLqf', 'ionDc3WJRm', 'Kk1DJy7dS9', 'oRqDs1lh3F'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.4cee598.1.raw.unpack, P2J1vSZIuxAr5sYAON.csHigh entropy of concatenated method names: 'DaOJSYZF3s', 'CRsJX77ox6', 'O20JrdsTVn', 'GqRJQ0pQEL', 'bKFJgv4Apc', 'QGdJ0kiKxy', 'FthJD5B8fA', 'WhCJZyHk7D', 'BH3JKMeKx1', 'BsaJWkCk2o'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.4cee598.1.raw.unpack, qHYeOWsYPPnd4RYjGu.csHigh entropy of concatenated method names: 'E6cwDromSD', 'zgmwZk7NjA', 'dvmwWBM5ig', 'l2swHnCnmM', 'GDywi2Qh8J', 'DvjwqvVYqK', 'gYEQRasZuXtyBniQFF', 'IZB6kYJtaO42uPILWj', 'KjhwwLdHks', 'eP7wJhyxMe'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.4cee598.1.raw.unpack, j8hj9arRDNoh4P6tNU.csHigh entropy of concatenated method names: 'Dispose', 'Ylcwu5kxpe', 'yIacNpHQok', 'Wqassk2KGc', 'dRnwPZUCP5', 'Pq2wzeCVbC', 'ProcessDialogKey', 'IXcctqkmNq', 'KtycwNem6d', 'EQLccYCeuh'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.4cee598.1.raw.unpack, XkcIsLNj1Z3WMhtLtd.csHigh entropy of concatenated method names: 'AxJCK221EYEqsTlWcI7', 'Xmp72T26EF1f5iUWG3H', 'btP0kNdmow', 'oXn0GDh8wT', 'CSi0jsRpF6', 'j0JCal2uNZoMiSiOZm0', 'BNyKPG2hbGkLYJeI3gQ'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.4cee598.1.raw.unpack, cqkmNqu7tyNem6dVQL.csHigh entropy of concatenated method names: 'o7vkl91N50', 'GwLkNW9Px5', 'VH8k8PW3EL', 'sVJk9up6at', 'EtLkOlvO5X', 'h0BkyJAA8P', 'Next', 'Next', 'Next', 'NextBytes'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.4c66778.0.raw.unpack, Jibr8sVvmBM5igK2sn.csHigh entropy of concatenated method names: 'DRmQvCg6u8', 'RipQCTFJOc', 'QUZQm31eBJ', 'agYQVwTZSF', 'MaYQiEPxLE', 'efyQqZEVpV', 'KfnQbIUdNv', 'wJcQknWU1c', 'CNtQG0krdg', 'xf3QjWFMkd'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.4c66778.0.raw.unpack, BN78daOGGwb84epHLl.csHigh entropy of concatenated method names: 'VIpi2pNPTc', 'bSHihpoleu', 'CRsiOPeWxJ', 'dv5iFSZXWf', 'ilwiNqaP7W', 'E8Li8d7J8q', 'dHCi9MaT1E', 'FDNiyybUx3', 'bfXi7H12PL', 'Wxpiof1Jmp'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.4c66778.0.raw.unpack, jXNpgMcmSNGyrfQRfT.csHigh entropy of concatenated method names: 'QKeMqCuZv', 'KPSvlIYeY', 'OpsCDMTJt', 'eNx3BGmnN', 'dbxVyCpND', 'nVwTmaPiu', 'gb6UQKXeSo27JDYeKY', 'LFV3HjaP6VCU9KbIdU', 'aPskOyflI', 'ClXjFFdlX'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.4c66778.0.raw.unpack, vSh5VDQHd7EuIYgL72.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'qhkcu8ARZK', 'DXecPu2qZj', 'm7lczZAFUR', 'zoOJtmWfRb', 'eXOJw81xwV', 's4vJcDTwMj', 'HLuJJ5vVGP', 'd77whYHdeP3o1qIYb8y'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.4c66778.0.raw.unpack, Psg6cixEAN10YiZ8WR.csHigh entropy of concatenated method names: 'd8DbWhXAmB', 'zngbHCEP1c', 'ToString', 'lXgbXrKm1p', 'dLgbrydoOm', 'MMmbQ4PNto', 'RDCbgpU2hP', 'mHPb04PFYo', 'eYNbDcQcfu', 'SZdbZisUEQ'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.4c66778.0.raw.unpack, P8JmvjlvVYqKKZwfL3.csHigh entropy of concatenated method names: 'lvp0SISJtx', 'LLq0rvkY4D', 'XcM0gqOBCr', 'JbX0DFsNb0', 'Fby0ZyOVuS', 'YMsgIROy8a', 'rBpgaPMb1q', 'blagAfBWlG', 'qwHgdBqRol', 'rUsgu8oAf2'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.4c66778.0.raw.unpack, o3sjhQat5G5fJsTtJF.csHigh entropy of concatenated method names: 'FG7bd9oiWD', 'BfNbPEuBsA', 'QPhktnO9Cj', 'VoJkw7c0IH', 'bhbb16CrDE', 'T9GbhtCou6', 'h20bUuYl86', 'pLYbO1HdHJ', 'HgabFb9crk', 'Tn5bBgCxUV'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.4c66778.0.raw.unpack, sNAd1ewJ5pgvIPCkKMM.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'BOajOYvjX4', 'c8DjFV4WhP', 'P4sjBYPTGt', 'eq3jxCmpoe', 'axIjIRjnUy', 'K5pjamXnbA', 'NqWjApMGD0'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.4c66778.0.raw.unpack, AXs1S5p2lJaAdpMlX9.csHigh entropy of concatenated method names: 'rKvDYX6gsc', 'HOBDn3AToL', 'luKDMlN578', 'cm6Dv4y13m', 'yqPD6yMdCG', 'XSXDCK9Ba7', 'luyD3Y1GNY', 'LE1DmN7xE2', 'EB6DVB626u', 'g6vDTBK7Kj'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.4c66778.0.raw.unpack, kRehDSUdr7R8Z36WOj.csHigh entropy of concatenated method names: 'jTJEmJm3sg', 'tH1EVYb9kL', 'eZSElhSQmp', 'pbeENWymQ9', 'AWmE9bSmKK', 'bgdEyxhWqq', 'FXFEoYtvtc', 'xvXEephaFe', 'bW2E2UoORg', 'A1tE1F5CCQ'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.4c66778.0.raw.unpack, bromSDmMgmk7NjA8Wh.csHigh entropy of concatenated method names: 'eoKrO60tWh', 'twnrFRE03a', 'UvyrBQwsYm', 'Hktrx9SfGm', 'DvXrIURveH', 'mwqraGmttO', 'PiKrAVwQqP', 'wOCrd4jrd0', 'jQpruoPQe6', 'l3UrPDM8eI'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.4c66778.0.raw.unpack, CnmMe2TQp9PLCNDy2Q.csHigh entropy of concatenated method names: 'c6fg6ZbihG', 'j81g3u4xxg', 'wyYQ8CtSIk', 'pjaQ9eGRMu', 'J4KQyoEEPC', 'e3YQ7ojm1g', 'cnQQo66mJ4', 'PduQeWwaji', 'e0uQplYnXb', 'm5OQ2gxrkA'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.4c66778.0.raw.unpack, xCeuh7PDBGX7g80MJL.csHigh entropy of concatenated method names: 'lttGwGsbQy', 'UZyGJX4XLx', 'gffGsjwHuW', 'CRFGXGIfJb', 'IgGGr4jPGL', 'UcZGg372L1', 'FSdG0M6iCI', 'YITkAASwc6', 'ypSkdFfxNy', 'mTtkumMOUr'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.4c66778.0.raw.unpack, wnZUCPd5hq2eCVbC9X.csHigh entropy of concatenated method names: 'fGZkXlvn3F', 'KRIkrrLDZI', 'stfkQW7Fyp', 'XZvkg08MaZ', 'GrBk0K6mr5', 'iU1kDlfQdw', 'uh1kZht6Fi', 'XELkKvJJnX', 'RvEkWEhYcH', 'rlPkHofGT5'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.4c66778.0.raw.unpack, bu4lvbz2toDMF6YCEb.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'kQAGEsZq5D', 'FLvGiq87VU', 'l6KGq8b3nV', 'KtKGbASUce', 'b2mGkBfbtX', 'xXYGGcFP1q', 'TpJGjaJ7Yx'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.4c66778.0.raw.unpack, xm2huPwtjajO1yCxlcB.csHigh entropy of concatenated method names: 'nYsGYZ1iSr', 'UolGnZHhDp', 'TbjGMvHYEt', 'uwaGvX2G4s', 'Ic9G6G4VD8', 'rp6GCEl7Ce', 'jjaG3m0VHu', 'WedGmQQEYg', 'ijlGVX1rVr', 'DQbGTc3sUr'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.4c66778.0.raw.unpack, poUqntoNQ9bV9OFe16.csHigh entropy of concatenated method names: 'wgkDXypMQ8', 'IEoDQwRFOS', 'dRhD0c8VuP', 'wKg0PfB1f7', 'eI80zQ3hbE', 'AYfDtCO2jL', 'u3GDwKRLqf', 'ionDc3WJRm', 'Kk1DJy7dS9', 'oRqDs1lh3F'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.4c66778.0.raw.unpack, P2J1vSZIuxAr5sYAON.csHigh entropy of concatenated method names: 'DaOJSYZF3s', 'CRsJX77ox6', 'O20JrdsTVn', 'GqRJQ0pQEL', 'bKFJgv4Apc', 'QGdJ0kiKxy', 'FthJD5B8fA', 'WhCJZyHk7D', 'BH3JKMeKx1', 'BsaJWkCk2o'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.4c66778.0.raw.unpack, qHYeOWsYPPnd4RYjGu.csHigh entropy of concatenated method names: 'E6cwDromSD', 'zgmwZk7NjA', 'dvmwWBM5ig', 'l2swHnCnmM', 'GDywi2Qh8J', 'DvjwqvVYqK', 'gYEQRasZuXtyBniQFF', 'IZB6kYJtaO42uPILWj', 'KjhwwLdHks', 'eP7wJhyxMe'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.4c66778.0.raw.unpack, j8hj9arRDNoh4P6tNU.csHigh entropy of concatenated method names: 'Dispose', 'Ylcwu5kxpe', 'yIacNpHQok', 'Wqassk2KGc', 'dRnwPZUCP5', 'Pq2wzeCVbC', 'ProcessDialogKey', 'IXcctqkmNq', 'KtycwNem6d', 'EQLccYCeuh'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.4c66778.0.raw.unpack, XkcIsLNj1Z3WMhtLtd.csHigh entropy of concatenated method names: 'AxJCK221EYEqsTlWcI7', 'Xmp72T26EF1f5iUWG3H', 'btP0kNdmow', 'oXn0GDh8wT', 'CSi0jsRpF6', 'j0JCal2uNZoMiSiOZm0', 'BNyKPG2hbGkLYJeI3gQ'
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.4c66778.0.raw.unpack, cqkmNqu7tyNem6dVQL.csHigh entropy of concatenated method names: 'o7vkl91N50', 'GwLkNW9Px5', 'VH8k8PW3EL', 'sVJk9up6at', 'EtLkOlvO5X', 'h0BkyJAA8P', 'Next', 'Next', 'Next', 'NextBytes'

          Hooking and other Techniques for Hiding and Protection

          barindex
          Loading BitLocker PowerShell Module
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion

          barindex
          Yara detected AntiVM3
          Source: Yara matchFile source: Process Memory Space: SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe PID: 3200, type: MEMORYSTR
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeMemory allocated: 30F0000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeMemory allocated: 31A0000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeMemory allocated: 51A0000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeMemory allocated: 8210000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeMemory allocated: 9210000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeMemory allocated: 93D0000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeMemory allocated: A3D0000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeMemory allocated: A980000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeMemory allocated: B980000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeMemory allocated: C980000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B2096E rdtsc 8_2_01B2096E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 6427Jump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3170Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeAPI coverage: 0.3 %
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe TID: 1816Thread sleep time: -922337203685477s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 4892Thread sleep time: -9223372036854770s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: Amcache.hve.11.drBinary or memory string: VMware
          Source: Amcache.hve.11.drBinary or memory string: VMware Virtual USB Mouse
          Source: Amcache.hve.11.drBinary or memory string: vmci.syshbin
          Source: Amcache.hve.11.drBinary or memory string: VMware, Inc.
          Source: Amcache.hve.11.drBinary or memory string: VMware20,1hbin@
          Source: Amcache.hve.11.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
          Source: Amcache.hve.11.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
          Source: Amcache.hve.11.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
          Source: Amcache.hve.11.drBinary or memory string: VMware-42 27 80 4d 99 30 0e 9c-c1 9b 2a 23 ea 1f c4 20
          Source: Amcache.hve.11.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
          Source: Amcache.hve.11.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
          Source: Amcache.hve.11.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
          Source: Amcache.hve.11.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
          Source: Amcache.hve.11.drBinary or memory string: vmci.sys
          Source: Amcache.hve.11.drBinary or memory string: vmci.syshbin`
          Source: Amcache.hve.11.drBinary or memory string: \driver\vmci,\driver\pci
          Source: Amcache.hve.11.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
          Source: Amcache.hve.11.drBinary or memory string: VMware20,1
          Source: Amcache.hve.11.drBinary or memory string: Microsoft Hyper-V Generation Counter
          Source: Amcache.hve.11.drBinary or memory string: NECVMWar VMware SATA CD00
          Source: Amcache.hve.11.drBinary or memory string: VMware Virtual disk SCSI Disk Device
          Source: Amcache.hve.11.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
          Source: Amcache.hve.11.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
          Source: Amcache.hve.11.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
          Source: Amcache.hve.11.drBinary or memory string: VMware PCI VMCI Bus Device
          Source: Amcache.hve.11.drBinary or memory string: VMware VMCI Bus Device
          Source: Amcache.hve.11.drBinary or memory string: VMware Virtual RAM
          Source: Amcache.hve.11.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
          Source: Amcache.hve.11.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B2096E rdtsc 8_2_01B2096E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B22DF0 NtQuerySystemInformation,LdrInitializeThunk,8_2_01B22DF0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B6019F mov eax, dword ptr fs:[00000030h]8_2_01B6019F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B6019F mov eax, dword ptr fs:[00000030h]8_2_01B6019F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B6019F mov eax, dword ptr fs:[00000030h]8_2_01B6019F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B6019F mov eax, dword ptr fs:[00000030h]8_2_01B6019F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B9C188 mov eax, dword ptr fs:[00000030h]8_2_01B9C188
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B9C188 mov eax, dword ptr fs:[00000030h]8_2_01B9C188
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B20185 mov eax, dword ptr fs:[00000030h]8_2_01B20185
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B84180 mov eax, dword ptr fs:[00000030h]8_2_01B84180
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B84180 mov eax, dword ptr fs:[00000030h]8_2_01B84180
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01ADA197 mov eax, dword ptr fs:[00000030h]8_2_01ADA197
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01ADA197 mov eax, dword ptr fs:[00000030h]8_2_01ADA197
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01ADA197 mov eax, dword ptr fs:[00000030h]8_2_01ADA197
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B101F8 mov eax, dword ptr fs:[00000030h]8_2_01B101F8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01BB61E5 mov eax, dword ptr fs:[00000030h]8_2_01BB61E5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B5E1D0 mov eax, dword ptr fs:[00000030h]8_2_01B5E1D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B5E1D0 mov eax, dword ptr fs:[00000030h]8_2_01B5E1D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B5E1D0 mov ecx, dword ptr fs:[00000030h]8_2_01B5E1D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B5E1D0 mov eax, dword ptr fs:[00000030h]8_2_01B5E1D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B5E1D0 mov eax, dword ptr fs:[00000030h]8_2_01B5E1D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01BA61C3 mov eax, dword ptr fs:[00000030h]8_2_01BA61C3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01BA61C3 mov eax, dword ptr fs:[00000030h]8_2_01BA61C3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B10124 mov eax, dword ptr fs:[00000030h]8_2_01B10124
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B8A118 mov ecx, dword ptr fs:[00000030h]8_2_01B8A118
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B8A118 mov eax, dword ptr fs:[00000030h]8_2_01B8A118
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B8A118 mov eax, dword ptr fs:[00000030h]8_2_01B8A118
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B8A118 mov eax, dword ptr fs:[00000030h]8_2_01B8A118
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01BA0115 mov eax, dword ptr fs:[00000030h]8_2_01BA0115
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B8E10E mov eax, dword ptr fs:[00000030h]8_2_01B8E10E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B8E10E mov ecx, dword ptr fs:[00000030h]8_2_01B8E10E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B8E10E mov eax, dword ptr fs:[00000030h]8_2_01B8E10E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B8E10E mov eax, dword ptr fs:[00000030h]8_2_01B8E10E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B8E10E mov ecx, dword ptr fs:[00000030h]8_2_01B8E10E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B8E10E mov eax, dword ptr fs:[00000030h]8_2_01B8E10E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B8E10E mov eax, dword ptr fs:[00000030h]8_2_01B8E10E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B8E10E mov ecx, dword ptr fs:[00000030h]8_2_01B8E10E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B8E10E mov eax, dword ptr fs:[00000030h]8_2_01B8E10E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B8E10E mov ecx, dword ptr fs:[00000030h]8_2_01B8E10E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01BB4164 mov eax, dword ptr fs:[00000030h]8_2_01BB4164
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01BB4164 mov eax, dword ptr fs:[00000030h]8_2_01BB4164
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B78158 mov eax, dword ptr fs:[00000030h]8_2_01B78158
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B74144 mov eax, dword ptr fs:[00000030h]8_2_01B74144
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B74144 mov eax, dword ptr fs:[00000030h]8_2_01B74144
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B74144 mov ecx, dword ptr fs:[00000030h]8_2_01B74144
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B74144 mov eax, dword ptr fs:[00000030h]8_2_01B74144
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B74144 mov eax, dword ptr fs:[00000030h]8_2_01B74144
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AE6154 mov eax, dword ptr fs:[00000030h]8_2_01AE6154
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AE6154 mov eax, dword ptr fs:[00000030h]8_2_01AE6154
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01ADC156 mov eax, dword ptr fs:[00000030h]8_2_01ADC156
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01BA60B8 mov eax, dword ptr fs:[00000030h]8_2_01BA60B8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01BA60B8 mov ecx, dword ptr fs:[00000030h]8_2_01BA60B8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AD80A0 mov eax, dword ptr fs:[00000030h]8_2_01AD80A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B780A8 mov eax, dword ptr fs:[00000030h]8_2_01B780A8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AE208A mov eax, dword ptr fs:[00000030h]8_2_01AE208A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B220F0 mov ecx, dword ptr fs:[00000030h]8_2_01B220F0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AE80E9 mov eax, dword ptr fs:[00000030h]8_2_01AE80E9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01ADA0E3 mov ecx, dword ptr fs:[00000030h]8_2_01ADA0E3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B660E0 mov eax, dword ptr fs:[00000030h]8_2_01B660E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01ADC0F0 mov eax, dword ptr fs:[00000030h]8_2_01ADC0F0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B620DE mov eax, dword ptr fs:[00000030h]8_2_01B620DE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B76030 mov eax, dword ptr fs:[00000030h]8_2_01B76030
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01ADA020 mov eax, dword ptr fs:[00000030h]8_2_01ADA020
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01ADC020 mov eax, dword ptr fs:[00000030h]8_2_01ADC020
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B64000 mov ecx, dword ptr fs:[00000030h]8_2_01B64000
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B82000 mov eax, dword ptr fs:[00000030h]8_2_01B82000
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B82000 mov eax, dword ptr fs:[00000030h]8_2_01B82000
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B82000 mov eax, dword ptr fs:[00000030h]8_2_01B82000
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B82000 mov eax, dword ptr fs:[00000030h]8_2_01B82000
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B82000 mov eax, dword ptr fs:[00000030h]8_2_01B82000
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B82000 mov eax, dword ptr fs:[00000030h]8_2_01B82000
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B82000 mov eax, dword ptr fs:[00000030h]8_2_01B82000
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B82000 mov eax, dword ptr fs:[00000030h]8_2_01B82000
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AFE016 mov eax, dword ptr fs:[00000030h]8_2_01AFE016
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AFE016 mov eax, dword ptr fs:[00000030h]8_2_01AFE016
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AFE016 mov eax, dword ptr fs:[00000030h]8_2_01AFE016
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AFE016 mov eax, dword ptr fs:[00000030h]8_2_01AFE016
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B0C073 mov eax, dword ptr fs:[00000030h]8_2_01B0C073
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B66050 mov eax, dword ptr fs:[00000030h]8_2_01B66050
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AE2050 mov eax, dword ptr fs:[00000030h]8_2_01AE2050
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01ADE388 mov eax, dword ptr fs:[00000030h]8_2_01ADE388
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01ADE388 mov eax, dword ptr fs:[00000030h]8_2_01ADE388
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01ADE388 mov eax, dword ptr fs:[00000030h]8_2_01ADE388
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AD8397 mov eax, dword ptr fs:[00000030h]8_2_01AD8397
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AD8397 mov eax, dword ptr fs:[00000030h]8_2_01AD8397
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AD8397 mov eax, dword ptr fs:[00000030h]8_2_01AD8397
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B0438F mov eax, dword ptr fs:[00000030h]8_2_01B0438F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B0438F mov eax, dword ptr fs:[00000030h]8_2_01B0438F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AF03E9 mov eax, dword ptr fs:[00000030h]8_2_01AF03E9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AF03E9 mov eax, dword ptr fs:[00000030h]8_2_01AF03E9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AF03E9 mov eax, dword ptr fs:[00000030h]8_2_01AF03E9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AF03E9 mov eax, dword ptr fs:[00000030h]8_2_01AF03E9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AF03E9 mov eax, dword ptr fs:[00000030h]8_2_01AF03E9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AF03E9 mov eax, dword ptr fs:[00000030h]8_2_01AF03E9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AF03E9 mov eax, dword ptr fs:[00000030h]8_2_01AF03E9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AF03E9 mov eax, dword ptr fs:[00000030h]8_2_01AF03E9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B163FF mov eax, dword ptr fs:[00000030h]8_2_01B163FF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AFE3F0 mov eax, dword ptr fs:[00000030h]8_2_01AFE3F0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AFE3F0 mov eax, dword ptr fs:[00000030h]8_2_01AFE3F0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AFE3F0 mov eax, dword ptr fs:[00000030h]8_2_01AFE3F0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B8E3DB mov eax, dword ptr fs:[00000030h]8_2_01B8E3DB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B8E3DB mov eax, dword ptr fs:[00000030h]8_2_01B8E3DB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B8E3DB mov ecx, dword ptr fs:[00000030h]8_2_01B8E3DB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B8E3DB mov eax, dword ptr fs:[00000030h]8_2_01B8E3DB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B843D4 mov eax, dword ptr fs:[00000030h]8_2_01B843D4
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B843D4 mov eax, dword ptr fs:[00000030h]8_2_01B843D4
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AEA3C0 mov eax, dword ptr fs:[00000030h]8_2_01AEA3C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AEA3C0 mov eax, dword ptr fs:[00000030h]8_2_01AEA3C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AEA3C0 mov eax, dword ptr fs:[00000030h]8_2_01AEA3C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AEA3C0 mov eax, dword ptr fs:[00000030h]8_2_01AEA3C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AEA3C0 mov eax, dword ptr fs:[00000030h]8_2_01AEA3C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AEA3C0 mov eax, dword ptr fs:[00000030h]8_2_01AEA3C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AE83C0 mov eax, dword ptr fs:[00000030h]8_2_01AE83C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AE83C0 mov eax, dword ptr fs:[00000030h]8_2_01AE83C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AE83C0 mov eax, dword ptr fs:[00000030h]8_2_01AE83C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AE83C0 mov eax, dword ptr fs:[00000030h]8_2_01AE83C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B9C3CD mov eax, dword ptr fs:[00000030h]8_2_01B9C3CD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B663C0 mov eax, dword ptr fs:[00000030h]8_2_01B663C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01BB8324 mov eax, dword ptr fs:[00000030h]8_2_01BB8324
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01BB8324 mov ecx, dword ptr fs:[00000030h]8_2_01BB8324
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01BB8324 mov eax, dword ptr fs:[00000030h]8_2_01BB8324
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01BB8324 mov eax, dword ptr fs:[00000030h]8_2_01BB8324
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B00310 mov ecx, dword ptr fs:[00000030h]8_2_01B00310
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B1A30B mov eax, dword ptr fs:[00000030h]8_2_01B1A30B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B1A30B mov eax, dword ptr fs:[00000030h]8_2_01B1A30B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B1A30B mov eax, dword ptr fs:[00000030h]8_2_01B1A30B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01ADC310 mov ecx, dword ptr fs:[00000030h]8_2_01ADC310
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B8437C mov eax, dword ptr fs:[00000030h]8_2_01B8437C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01BAA352 mov eax, dword ptr fs:[00000030h]8_2_01BAA352
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B88350 mov ecx, dword ptr fs:[00000030h]8_2_01B88350
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B6035C mov eax, dword ptr fs:[00000030h]8_2_01B6035C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B6035C mov eax, dword ptr fs:[00000030h]8_2_01B6035C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B6035C mov eax, dword ptr fs:[00000030h]8_2_01B6035C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B6035C mov ecx, dword ptr fs:[00000030h]8_2_01B6035C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B6035C mov eax, dword ptr fs:[00000030h]8_2_01B6035C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B6035C mov eax, dword ptr fs:[00000030h]8_2_01B6035C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01BB634F mov eax, dword ptr fs:[00000030h]8_2_01BB634F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B62349 mov eax, dword ptr fs:[00000030h]8_2_01B62349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B62349 mov eax, dword ptr fs:[00000030h]8_2_01B62349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B62349 mov eax, dword ptr fs:[00000030h]8_2_01B62349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B62349 mov eax, dword ptr fs:[00000030h]8_2_01B62349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B62349 mov eax, dword ptr fs:[00000030h]8_2_01B62349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B62349 mov eax, dword ptr fs:[00000030h]8_2_01B62349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B62349 mov eax, dword ptr fs:[00000030h]8_2_01B62349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B62349 mov eax, dword ptr fs:[00000030h]8_2_01B62349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B62349 mov eax, dword ptr fs:[00000030h]8_2_01B62349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B62349 mov eax, dword ptr fs:[00000030h]8_2_01B62349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B62349 mov eax, dword ptr fs:[00000030h]8_2_01B62349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B62349 mov eax, dword ptr fs:[00000030h]8_2_01B62349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B62349 mov eax, dword ptr fs:[00000030h]8_2_01B62349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B62349 mov eax, dword ptr fs:[00000030h]8_2_01B62349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B62349 mov eax, dword ptr fs:[00000030h]8_2_01B62349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AF02A0 mov eax, dword ptr fs:[00000030h]8_2_01AF02A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AF02A0 mov eax, dword ptr fs:[00000030h]8_2_01AF02A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B762A0 mov eax, dword ptr fs:[00000030h]8_2_01B762A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B762A0 mov ecx, dword ptr fs:[00000030h]8_2_01B762A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B762A0 mov eax, dword ptr fs:[00000030h]8_2_01B762A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B762A0 mov eax, dword ptr fs:[00000030h]8_2_01B762A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B762A0 mov eax, dword ptr fs:[00000030h]8_2_01B762A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B762A0 mov eax, dword ptr fs:[00000030h]8_2_01B762A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B60283 mov eax, dword ptr fs:[00000030h]8_2_01B60283
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B60283 mov eax, dword ptr fs:[00000030h]8_2_01B60283
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B60283 mov eax, dword ptr fs:[00000030h]8_2_01B60283
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B1E284 mov eax, dword ptr fs:[00000030h]8_2_01B1E284
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B1E284 mov eax, dword ptr fs:[00000030h]8_2_01B1E284
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AF02E1 mov eax, dword ptr fs:[00000030h]8_2_01AF02E1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AF02E1 mov eax, dword ptr fs:[00000030h]8_2_01AF02E1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AF02E1 mov eax, dword ptr fs:[00000030h]8_2_01AF02E1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AEA2C3 mov eax, dword ptr fs:[00000030h]8_2_01AEA2C3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AEA2C3 mov eax, dword ptr fs:[00000030h]8_2_01AEA2C3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AEA2C3 mov eax, dword ptr fs:[00000030h]8_2_01AEA2C3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AEA2C3 mov eax, dword ptr fs:[00000030h]8_2_01AEA2C3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AEA2C3 mov eax, dword ptr fs:[00000030h]8_2_01AEA2C3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01BB62D6 mov eax, dword ptr fs:[00000030h]8_2_01BB62D6
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AD823B mov eax, dword ptr fs:[00000030h]8_2_01AD823B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AD826B mov eax, dword ptr fs:[00000030h]8_2_01AD826B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B90274 mov eax, dword ptr fs:[00000030h]8_2_01B90274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B90274 mov eax, dword ptr fs:[00000030h]8_2_01B90274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B90274 mov eax, dword ptr fs:[00000030h]8_2_01B90274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B90274 mov eax, dword ptr fs:[00000030h]8_2_01B90274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B90274 mov eax, dword ptr fs:[00000030h]8_2_01B90274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B90274 mov eax, dword ptr fs:[00000030h]8_2_01B90274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B90274 mov eax, dword ptr fs:[00000030h]8_2_01B90274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B90274 mov eax, dword ptr fs:[00000030h]8_2_01B90274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B90274 mov eax, dword ptr fs:[00000030h]8_2_01B90274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B90274 mov eax, dword ptr fs:[00000030h]8_2_01B90274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B90274 mov eax, dword ptr fs:[00000030h]8_2_01B90274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B90274 mov eax, dword ptr fs:[00000030h]8_2_01B90274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AE4260 mov eax, dword ptr fs:[00000030h]8_2_01AE4260
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AE4260 mov eax, dword ptr fs:[00000030h]8_2_01AE4260
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AE4260 mov eax, dword ptr fs:[00000030h]8_2_01AE4260
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01BB625D mov eax, dword ptr fs:[00000030h]8_2_01BB625D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B9A250 mov eax, dword ptr fs:[00000030h]8_2_01B9A250
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B9A250 mov eax, dword ptr fs:[00000030h]8_2_01B9A250
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B68243 mov eax, dword ptr fs:[00000030h]8_2_01B68243
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B68243 mov ecx, dword ptr fs:[00000030h]8_2_01B68243
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AE6259 mov eax, dword ptr fs:[00000030h]8_2_01AE6259
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01ADA250 mov eax, dword ptr fs:[00000030h]8_2_01ADA250
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B045B1 mov eax, dword ptr fs:[00000030h]8_2_01B045B1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B045B1 mov eax, dword ptr fs:[00000030h]8_2_01B045B1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B605A7 mov eax, dword ptr fs:[00000030h]8_2_01B605A7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B605A7 mov eax, dword ptr fs:[00000030h]8_2_01B605A7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B605A7 mov eax, dword ptr fs:[00000030h]8_2_01B605A7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AE2582 mov eax, dword ptr fs:[00000030h]8_2_01AE2582
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AE2582 mov ecx, dword ptr fs:[00000030h]8_2_01AE2582
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B1E59C mov eax, dword ptr fs:[00000030h]8_2_01B1E59C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B14588 mov eax, dword ptr fs:[00000030h]8_2_01B14588
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AE25E0 mov eax, dword ptr fs:[00000030h]8_2_01AE25E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B0E5E7 mov eax, dword ptr fs:[00000030h]8_2_01B0E5E7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B0E5E7 mov eax, dword ptr fs:[00000030h]8_2_01B0E5E7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B0E5E7 mov eax, dword ptr fs:[00000030h]8_2_01B0E5E7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B0E5E7 mov eax, dword ptr fs:[00000030h]8_2_01B0E5E7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B0E5E7 mov eax, dword ptr fs:[00000030h]8_2_01B0E5E7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B0E5E7 mov eax, dword ptr fs:[00000030h]8_2_01B0E5E7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B0E5E7 mov eax, dword ptr fs:[00000030h]8_2_01B0E5E7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B0E5E7 mov eax, dword ptr fs:[00000030h]8_2_01B0E5E7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B1C5ED mov eax, dword ptr fs:[00000030h]8_2_01B1C5ED
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B1C5ED mov eax, dword ptr fs:[00000030h]8_2_01B1C5ED
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B1A5D0 mov eax, dword ptr fs:[00000030h]8_2_01B1A5D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B1A5D0 mov eax, dword ptr fs:[00000030h]8_2_01B1A5D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B1E5CF mov eax, dword ptr fs:[00000030h]8_2_01B1E5CF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B1E5CF mov eax, dword ptr fs:[00000030h]8_2_01B1E5CF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AE65D0 mov eax, dword ptr fs:[00000030h]8_2_01AE65D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B0E53E mov eax, dword ptr fs:[00000030h]8_2_01B0E53E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B0E53E mov eax, dword ptr fs:[00000030h]8_2_01B0E53E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B0E53E mov eax, dword ptr fs:[00000030h]8_2_01B0E53E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B0E53E mov eax, dword ptr fs:[00000030h]8_2_01B0E53E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B0E53E mov eax, dword ptr fs:[00000030h]8_2_01B0E53E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AF0535 mov eax, dword ptr fs:[00000030h]8_2_01AF0535
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AF0535 mov eax, dword ptr fs:[00000030h]8_2_01AF0535
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AF0535 mov eax, dword ptr fs:[00000030h]8_2_01AF0535
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AF0535 mov eax, dword ptr fs:[00000030h]8_2_01AF0535
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AF0535 mov eax, dword ptr fs:[00000030h]8_2_01AF0535
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AF0535 mov eax, dword ptr fs:[00000030h]8_2_01AF0535
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B76500 mov eax, dword ptr fs:[00000030h]8_2_01B76500
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01BB4500 mov eax, dword ptr fs:[00000030h]8_2_01BB4500
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01BB4500 mov eax, dword ptr fs:[00000030h]8_2_01BB4500
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01BB4500 mov eax, dword ptr fs:[00000030h]8_2_01BB4500
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01BB4500 mov eax, dword ptr fs:[00000030h]8_2_01BB4500
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01BB4500 mov eax, dword ptr fs:[00000030h]8_2_01BB4500
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01BB4500 mov eax, dword ptr fs:[00000030h]8_2_01BB4500
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01BB4500 mov eax, dword ptr fs:[00000030h]8_2_01BB4500
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B1656A mov eax, dword ptr fs:[00000030h]8_2_01B1656A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B1656A mov eax, dword ptr fs:[00000030h]8_2_01B1656A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B1656A mov eax, dword ptr fs:[00000030h]8_2_01B1656A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AE8550 mov eax, dword ptr fs:[00000030h]8_2_01AE8550
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AE8550 mov eax, dword ptr fs:[00000030h]8_2_01AE8550
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B144B0 mov ecx, dword ptr fs:[00000030h]8_2_01B144B0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AE64AB mov eax, dword ptr fs:[00000030h]8_2_01AE64AB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B6A4B0 mov eax, dword ptr fs:[00000030h]8_2_01B6A4B0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B9A49A mov eax, dword ptr fs:[00000030h]8_2_01B9A49A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AE04E5 mov ecx, dword ptr fs:[00000030h]8_2_01AE04E5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B1A430 mov eax, dword ptr fs:[00000030h]8_2_01B1A430
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01ADC427 mov eax, dword ptr fs:[00000030h]8_2_01ADC427
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01ADE420 mov eax, dword ptr fs:[00000030h]8_2_01ADE420
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01ADE420 mov eax, dword ptr fs:[00000030h]8_2_01ADE420
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01ADE420 mov eax, dword ptr fs:[00000030h]8_2_01ADE420
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B66420 mov eax, dword ptr fs:[00000030h]8_2_01B66420
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B66420 mov eax, dword ptr fs:[00000030h]8_2_01B66420
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B66420 mov eax, dword ptr fs:[00000030h]8_2_01B66420
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B66420 mov eax, dword ptr fs:[00000030h]8_2_01B66420
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B66420 mov eax, dword ptr fs:[00000030h]8_2_01B66420
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B66420 mov eax, dword ptr fs:[00000030h]8_2_01B66420
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B66420 mov eax, dword ptr fs:[00000030h]8_2_01B66420
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B18402 mov eax, dword ptr fs:[00000030h]8_2_01B18402
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B18402 mov eax, dword ptr fs:[00000030h]8_2_01B18402
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B18402 mov eax, dword ptr fs:[00000030h]8_2_01B18402
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B0A470 mov eax, dword ptr fs:[00000030h]8_2_01B0A470
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B0A470 mov eax, dword ptr fs:[00000030h]8_2_01B0A470
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B0A470 mov eax, dword ptr fs:[00000030h]8_2_01B0A470
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B6C460 mov ecx, dword ptr fs:[00000030h]8_2_01B6C460
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B0245A mov eax, dword ptr fs:[00000030h]8_2_01B0245A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B9A456 mov eax, dword ptr fs:[00000030h]8_2_01B9A456
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AD645D mov eax, dword ptr fs:[00000030h]8_2_01AD645D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B1E443 mov eax, dword ptr fs:[00000030h]8_2_01B1E443
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B1E443 mov eax, dword ptr fs:[00000030h]8_2_01B1E443
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B1E443 mov eax, dword ptr fs:[00000030h]8_2_01B1E443
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B1E443 mov eax, dword ptr fs:[00000030h]8_2_01B1E443
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B1E443 mov eax, dword ptr fs:[00000030h]8_2_01B1E443
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B1E443 mov eax, dword ptr fs:[00000030h]8_2_01B1E443
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B1E443 mov eax, dword ptr fs:[00000030h]8_2_01B1E443
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B1E443 mov eax, dword ptr fs:[00000030h]8_2_01B1E443
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AE07AF mov eax, dword ptr fs:[00000030h]8_2_01AE07AF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B947A0 mov eax, dword ptr fs:[00000030h]8_2_01B947A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B8678E mov eax, dword ptr fs:[00000030h]8_2_01B8678E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AE47FB mov eax, dword ptr fs:[00000030h]8_2_01AE47FB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AE47FB mov eax, dword ptr fs:[00000030h]8_2_01AE47FB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B6E7E1 mov eax, dword ptr fs:[00000030h]8_2_01B6E7E1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B027ED mov eax, dword ptr fs:[00000030h]8_2_01B027ED
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B027ED mov eax, dword ptr fs:[00000030h]8_2_01B027ED
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B027ED mov eax, dword ptr fs:[00000030h]8_2_01B027ED
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AEC7C0 mov eax, dword ptr fs:[00000030h]8_2_01AEC7C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B607C3 mov eax, dword ptr fs:[00000030h]8_2_01B607C3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B5C730 mov eax, dword ptr fs:[00000030h]8_2_01B5C730
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B1273C mov eax, dword ptr fs:[00000030h]8_2_01B1273C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B1273C mov ecx, dword ptr fs:[00000030h]8_2_01B1273C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B1273C mov eax, dword ptr fs:[00000030h]8_2_01B1273C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B1C720 mov eax, dword ptr fs:[00000030h]8_2_01B1C720
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B1C720 mov eax, dword ptr fs:[00000030h]8_2_01B1C720
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B10710 mov eax, dword ptr fs:[00000030h]8_2_01B10710
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B1C700 mov eax, dword ptr fs:[00000030h]8_2_01B1C700
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AE0710 mov eax, dword ptr fs:[00000030h]8_2_01AE0710
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AE8770 mov eax, dword ptr fs:[00000030h]8_2_01AE8770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AF0770 mov eax, dword ptr fs:[00000030h]8_2_01AF0770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AF0770 mov eax, dword ptr fs:[00000030h]8_2_01AF0770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AF0770 mov eax, dword ptr fs:[00000030h]8_2_01AF0770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AF0770 mov eax, dword ptr fs:[00000030h]8_2_01AF0770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AF0770 mov eax, dword ptr fs:[00000030h]8_2_01AF0770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AF0770 mov eax, dword ptr fs:[00000030h]8_2_01AF0770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AF0770 mov eax, dword ptr fs:[00000030h]8_2_01AF0770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AF0770 mov eax, dword ptr fs:[00000030h]8_2_01AF0770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AF0770 mov eax, dword ptr fs:[00000030h]8_2_01AF0770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AF0770 mov eax, dword ptr fs:[00000030h]8_2_01AF0770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AF0770 mov eax, dword ptr fs:[00000030h]8_2_01AF0770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AF0770 mov eax, dword ptr fs:[00000030h]8_2_01AF0770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B22750 mov eax, dword ptr fs:[00000030h]8_2_01B22750
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B22750 mov eax, dword ptr fs:[00000030h]8_2_01B22750
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B64755 mov eax, dword ptr fs:[00000030h]8_2_01B64755
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B6E75D mov eax, dword ptr fs:[00000030h]8_2_01B6E75D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B1674D mov esi, dword ptr fs:[00000030h]8_2_01B1674D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B1674D mov eax, dword ptr fs:[00000030h]8_2_01B1674D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B1674D mov eax, dword ptr fs:[00000030h]8_2_01B1674D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AE0750 mov eax, dword ptr fs:[00000030h]8_2_01AE0750
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B166B0 mov eax, dword ptr fs:[00000030h]8_2_01B166B0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B1C6A6 mov eax, dword ptr fs:[00000030h]8_2_01B1C6A6
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AE4690 mov eax, dword ptr fs:[00000030h]8_2_01AE4690
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AE4690 mov eax, dword ptr fs:[00000030h]8_2_01AE4690
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B5E6F2 mov eax, dword ptr fs:[00000030h]8_2_01B5E6F2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B5E6F2 mov eax, dword ptr fs:[00000030h]8_2_01B5E6F2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B5E6F2 mov eax, dword ptr fs:[00000030h]8_2_01B5E6F2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B5E6F2 mov eax, dword ptr fs:[00000030h]8_2_01B5E6F2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B606F1 mov eax, dword ptr fs:[00000030h]8_2_01B606F1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B606F1 mov eax, dword ptr fs:[00000030h]8_2_01B606F1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B1A6C7 mov ebx, dword ptr fs:[00000030h]8_2_01B1A6C7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B1A6C7 mov eax, dword ptr fs:[00000030h]8_2_01B1A6C7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AE262C mov eax, dword ptr fs:[00000030h]8_2_01AE262C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AFE627 mov eax, dword ptr fs:[00000030h]8_2_01AFE627
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B16620 mov eax, dword ptr fs:[00000030h]8_2_01B16620
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B18620 mov eax, dword ptr fs:[00000030h]8_2_01B18620
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AF260B mov eax, dword ptr fs:[00000030h]8_2_01AF260B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AF260B mov eax, dword ptr fs:[00000030h]8_2_01AF260B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AF260B mov eax, dword ptr fs:[00000030h]8_2_01AF260B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AF260B mov eax, dword ptr fs:[00000030h]8_2_01AF260B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AF260B mov eax, dword ptr fs:[00000030h]8_2_01AF260B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AF260B mov eax, dword ptr fs:[00000030h]8_2_01AF260B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AF260B mov eax, dword ptr fs:[00000030h]8_2_01AF260B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B22619 mov eax, dword ptr fs:[00000030h]8_2_01B22619
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B5E609 mov eax, dword ptr fs:[00000030h]8_2_01B5E609
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B12674 mov eax, dword ptr fs:[00000030h]8_2_01B12674
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B1A660 mov eax, dword ptr fs:[00000030h]8_2_01B1A660
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B1A660 mov eax, dword ptr fs:[00000030h]8_2_01B1A660
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01BA866E mov eax, dword ptr fs:[00000030h]8_2_01BA866E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01BA866E mov eax, dword ptr fs:[00000030h]8_2_01BA866E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AFC640 mov eax, dword ptr fs:[00000030h]8_2_01AFC640
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AE09AD mov eax, dword ptr fs:[00000030h]8_2_01AE09AD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AE09AD mov eax, dword ptr fs:[00000030h]8_2_01AE09AD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B689B3 mov esi, dword ptr fs:[00000030h]8_2_01B689B3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B689B3 mov eax, dword ptr fs:[00000030h]8_2_01B689B3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B689B3 mov eax, dword ptr fs:[00000030h]8_2_01B689B3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AF29A0 mov eax, dword ptr fs:[00000030h]8_2_01AF29A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AF29A0 mov eax, dword ptr fs:[00000030h]8_2_01AF29A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AF29A0 mov eax, dword ptr fs:[00000030h]8_2_01AF29A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AF29A0 mov eax, dword ptr fs:[00000030h]8_2_01AF29A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AF29A0 mov eax, dword ptr fs:[00000030h]8_2_01AF29A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AF29A0 mov eax, dword ptr fs:[00000030h]8_2_01AF29A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AF29A0 mov eax, dword ptr fs:[00000030h]8_2_01AF29A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AF29A0 mov eax, dword ptr fs:[00000030h]8_2_01AF29A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AF29A0 mov eax, dword ptr fs:[00000030h]8_2_01AF29A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AF29A0 mov eax, dword ptr fs:[00000030h]8_2_01AF29A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AF29A0 mov eax, dword ptr fs:[00000030h]8_2_01AF29A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AF29A0 mov eax, dword ptr fs:[00000030h]8_2_01AF29A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AF29A0 mov eax, dword ptr fs:[00000030h]8_2_01AF29A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B129F9 mov eax, dword ptr fs:[00000030h]8_2_01B129F9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B129F9 mov eax, dword ptr fs:[00000030h]8_2_01B129F9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B6E9E0 mov eax, dword ptr fs:[00000030h]8_2_01B6E9E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B149D0 mov eax, dword ptr fs:[00000030h]8_2_01B149D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01BAA9D3 mov eax, dword ptr fs:[00000030h]8_2_01BAA9D3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B769C0 mov eax, dword ptr fs:[00000030h]8_2_01B769C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AEA9D0 mov eax, dword ptr fs:[00000030h]8_2_01AEA9D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AEA9D0 mov eax, dword ptr fs:[00000030h]8_2_01AEA9D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AEA9D0 mov eax, dword ptr fs:[00000030h]8_2_01AEA9D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AEA9D0 mov eax, dword ptr fs:[00000030h]8_2_01AEA9D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AEA9D0 mov eax, dword ptr fs:[00000030h]8_2_01AEA9D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AEA9D0 mov eax, dword ptr fs:[00000030h]8_2_01AEA9D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B6892A mov eax, dword ptr fs:[00000030h]8_2_01B6892A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B7892B mov eax, dword ptr fs:[00000030h]8_2_01B7892B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B6C912 mov eax, dword ptr fs:[00000030h]8_2_01B6C912
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AD8918 mov eax, dword ptr fs:[00000030h]8_2_01AD8918
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AD8918 mov eax, dword ptr fs:[00000030h]8_2_01AD8918
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B5E908 mov eax, dword ptr fs:[00000030h]8_2_01B5E908
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B5E908 mov eax, dword ptr fs:[00000030h]8_2_01B5E908
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B84978 mov eax, dword ptr fs:[00000030h]8_2_01B84978
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B84978 mov eax, dword ptr fs:[00000030h]8_2_01B84978
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B6C97C mov eax, dword ptr fs:[00000030h]8_2_01B6C97C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B06962 mov eax, dword ptr fs:[00000030h]8_2_01B06962
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B06962 mov eax, dword ptr fs:[00000030h]8_2_01B06962
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B06962 mov eax, dword ptr fs:[00000030h]8_2_01B06962
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B2096E mov eax, dword ptr fs:[00000030h]8_2_01B2096E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B2096E mov edx, dword ptr fs:[00000030h]8_2_01B2096E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B2096E mov eax, dword ptr fs:[00000030h]8_2_01B2096E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B60946 mov eax, dword ptr fs:[00000030h]8_2_01B60946
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01BB4940 mov eax, dword ptr fs:[00000030h]8_2_01BB4940
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AE0887 mov eax, dword ptr fs:[00000030h]8_2_01AE0887
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B6C89D mov eax, dword ptr fs:[00000030h]8_2_01B6C89D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B1C8F9 mov eax, dword ptr fs:[00000030h]8_2_01B1C8F9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B1C8F9 mov eax, dword ptr fs:[00000030h]8_2_01B1C8F9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01BAA8E4 mov eax, dword ptr fs:[00000030h]8_2_01BAA8E4
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B0E8C0 mov eax, dword ptr fs:[00000030h]8_2_01B0E8C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01BB08C0 mov eax, dword ptr fs:[00000030h]8_2_01BB08C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B1A830 mov eax, dword ptr fs:[00000030h]8_2_01B1A830
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B8483A mov eax, dword ptr fs:[00000030h]8_2_01B8483A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B8483A mov eax, dword ptr fs:[00000030h]8_2_01B8483A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B02835 mov eax, dword ptr fs:[00000030h]8_2_01B02835
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B02835 mov eax, dword ptr fs:[00000030h]8_2_01B02835
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B02835 mov eax, dword ptr fs:[00000030h]8_2_01B02835
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B02835 mov ecx, dword ptr fs:[00000030h]8_2_01B02835
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B02835 mov eax, dword ptr fs:[00000030h]8_2_01B02835
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B02835 mov eax, dword ptr fs:[00000030h]8_2_01B02835
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B6C810 mov eax, dword ptr fs:[00000030h]8_2_01B6C810
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B6E872 mov eax, dword ptr fs:[00000030h]8_2_01B6E872
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B6E872 mov eax, dword ptr fs:[00000030h]8_2_01B6E872
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B76870 mov eax, dword ptr fs:[00000030h]8_2_01B76870
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B76870 mov eax, dword ptr fs:[00000030h]8_2_01B76870
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B10854 mov eax, dword ptr fs:[00000030h]8_2_01B10854
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AF2840 mov ecx, dword ptr fs:[00000030h]8_2_01AF2840
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AE4859 mov eax, dword ptr fs:[00000030h]8_2_01AE4859
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AE4859 mov eax, dword ptr fs:[00000030h]8_2_01AE4859
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B94BB0 mov eax, dword ptr fs:[00000030h]8_2_01B94BB0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B94BB0 mov eax, dword ptr fs:[00000030h]8_2_01B94BB0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AF0BBE mov eax, dword ptr fs:[00000030h]8_2_01AF0BBE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AF0BBE mov eax, dword ptr fs:[00000030h]8_2_01AF0BBE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B6CBF0 mov eax, dword ptr fs:[00000030h]8_2_01B6CBF0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B0EBFC mov eax, dword ptr fs:[00000030h]8_2_01B0EBFC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AE8BF0 mov eax, dword ptr fs:[00000030h]8_2_01AE8BF0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AE8BF0 mov eax, dword ptr fs:[00000030h]8_2_01AE8BF0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AE8BF0 mov eax, dword ptr fs:[00000030h]8_2_01AE8BF0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AE0BCD mov eax, dword ptr fs:[00000030h]8_2_01AE0BCD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AE0BCD mov eax, dword ptr fs:[00000030h]8_2_01AE0BCD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AE0BCD mov eax, dword ptr fs:[00000030h]8_2_01AE0BCD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B8EBD0 mov eax, dword ptr fs:[00000030h]8_2_01B8EBD0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B00BCB mov eax, dword ptr fs:[00000030h]8_2_01B00BCB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B00BCB mov eax, dword ptr fs:[00000030h]8_2_01B00BCB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B00BCB mov eax, dword ptr fs:[00000030h]8_2_01B00BCB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B0EB20 mov eax, dword ptr fs:[00000030h]8_2_01B0EB20
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B0EB20 mov eax, dword ptr fs:[00000030h]8_2_01B0EB20
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01BA8B28 mov eax, dword ptr fs:[00000030h]8_2_01BA8B28
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01BA8B28 mov eax, dword ptr fs:[00000030h]8_2_01BA8B28
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B5EB1D mov eax, dword ptr fs:[00000030h]8_2_01B5EB1D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B5EB1D mov eax, dword ptr fs:[00000030h]8_2_01B5EB1D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B5EB1D mov eax, dword ptr fs:[00000030h]8_2_01B5EB1D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B5EB1D mov eax, dword ptr fs:[00000030h]8_2_01B5EB1D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B5EB1D mov eax, dword ptr fs:[00000030h]8_2_01B5EB1D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B5EB1D mov eax, dword ptr fs:[00000030h]8_2_01B5EB1D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B5EB1D mov eax, dword ptr fs:[00000030h]8_2_01B5EB1D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B5EB1D mov eax, dword ptr fs:[00000030h]8_2_01B5EB1D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B5EB1D mov eax, dword ptr fs:[00000030h]8_2_01B5EB1D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01BB4B00 mov eax, dword ptr fs:[00000030h]8_2_01BB4B00
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01ADCB7E mov eax, dword ptr fs:[00000030h]8_2_01ADCB7E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B8EB50 mov eax, dword ptr fs:[00000030h]8_2_01B8EB50
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01BB2B57 mov eax, dword ptr fs:[00000030h]8_2_01BB2B57
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01BB2B57 mov eax, dword ptr fs:[00000030h]8_2_01BB2B57
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01BB2B57 mov eax, dword ptr fs:[00000030h]8_2_01BB2B57
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01BB2B57 mov eax, dword ptr fs:[00000030h]8_2_01BB2B57
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B94B4B mov eax, dword ptr fs:[00000030h]8_2_01B94B4B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B94B4B mov eax, dword ptr fs:[00000030h]8_2_01B94B4B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B76B40 mov eax, dword ptr fs:[00000030h]8_2_01B76B40
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B76B40 mov eax, dword ptr fs:[00000030h]8_2_01B76B40
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01BAAB40 mov eax, dword ptr fs:[00000030h]8_2_01BAAB40
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B88B42 mov eax, dword ptr fs:[00000030h]8_2_01B88B42
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AD8B50 mov eax, dword ptr fs:[00000030h]8_2_01AD8B50
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AE8AA0 mov eax, dword ptr fs:[00000030h]8_2_01AE8AA0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AE8AA0 mov eax, dword ptr fs:[00000030h]8_2_01AE8AA0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B36AA4 mov eax, dword ptr fs:[00000030h]8_2_01B36AA4
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B18A90 mov edx, dword ptr fs:[00000030h]8_2_01B18A90
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AEEA80 mov eax, dword ptr fs:[00000030h]8_2_01AEEA80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AEEA80 mov eax, dword ptr fs:[00000030h]8_2_01AEEA80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AEEA80 mov eax, dword ptr fs:[00000030h]8_2_01AEEA80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AEEA80 mov eax, dword ptr fs:[00000030h]8_2_01AEEA80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AEEA80 mov eax, dword ptr fs:[00000030h]8_2_01AEEA80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AEEA80 mov eax, dword ptr fs:[00000030h]8_2_01AEEA80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AEEA80 mov eax, dword ptr fs:[00000030h]8_2_01AEEA80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AEEA80 mov eax, dword ptr fs:[00000030h]8_2_01AEEA80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AEEA80 mov eax, dword ptr fs:[00000030h]8_2_01AEEA80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01BB4A80 mov eax, dword ptr fs:[00000030h]8_2_01BB4A80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B1AAEE mov eax, dword ptr fs:[00000030h]8_2_01B1AAEE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B1AAEE mov eax, dword ptr fs:[00000030h]8_2_01B1AAEE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B14AD0 mov eax, dword ptr fs:[00000030h]8_2_01B14AD0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B14AD0 mov eax, dword ptr fs:[00000030h]8_2_01B14AD0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01AE0AD0 mov eax, dword ptr fs:[00000030h]8_2_01AE0AD0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B36ACC mov eax, dword ptr fs:[00000030h]8_2_01B36ACC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B36ACC mov eax, dword ptr fs:[00000030h]8_2_01B36ACC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B36ACC mov eax, dword ptr fs:[00000030h]8_2_01B36ACC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B04A35 mov eax, dword ptr fs:[00000030h]8_2_01B04A35
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B04A35 mov eax, dword ptr fs:[00000030h]8_2_01B04A35
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B1CA38 mov eax, dword ptr fs:[00000030h]8_2_01B1CA38
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B1CA24 mov eax, dword ptr fs:[00000030h]8_2_01B1CA24
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B0EA2E mov eax, dword ptr fs:[00000030h]8_2_01B0EA2E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B6CA11 mov eax, dword ptr fs:[00000030h]8_2_01B6CA11
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B5CA72 mov eax, dword ptr fs:[00000030h]8_2_01B5CA72
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B5CA72 mov eax, dword ptr fs:[00000030h]8_2_01B5CA72
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B8EA60 mov eax, dword ptr fs:[00000030h]8_2_01B8EA60
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeCode function: 8_2_01B1CA6F mov eax, dword ptr fs:[00000030h]8_2_01B1CA6F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeMemory allocated: page read and write | page guardJump to behavior

          HIPS / PFW / Operating System Protection Evasion

          barindex
          Adds a directory exclusion to Windows Defender
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe"
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe"Jump to behavior
          Injects a PE file into a foreign processes
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeMemory written: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe base: 400000 value starts with: 4D5AJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe"Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe"Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe"Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe"Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe"Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
          Source: Amcache.hve.11.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
          Source: Amcache.hve.11.drBinary or memory string: msmpeng.exe
          Source: Amcache.hve.11.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
          Source: Amcache.hve.11.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23090.2008-0\msmpeng.exe
          Source: Amcache.hve.11.drBinary or memory string: MsMpEng.exe

          Stealing of Sensitive Information

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 8.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 8.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000008.00000002.2204974095.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY

          Remote Access Functionality

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 8.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 8.2.SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000008.00000002.2204974095.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY

          Mitre Att&ck Matrix

          ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
          Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
          DLL Side-Loading          		111
          Process Injection          		1
          Masquerading          		OS Credential Dumping31
          Security Software Discovery          		Remote Services1
          Archive Collected Data          		1
          Encrypted Channel          		Exfiltration Over Other Network MediumAbuse Accessibility Features
          CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
          DLL Side-Loading          		11
          Disable or Modify Tools          		LSASS Memory1
          Process Discovery          		Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
          Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)41
          Virtualization/Sandbox Evasion          		Security Account Manager41
          Virtualization/Sandbox Evasion          		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
          Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook111
          Process Injection          		NTDS1
          Application Window Discovery          		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
          Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
          Deobfuscate/Decode Files or Information          		LSA Secrets1
          File and Directory Discovery          		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
          Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts3
          Obfuscated Files or Information          		Cached Domain Credentials12
          System Information Discovery          		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
          DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items12
          Software Packing          		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
          Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
          DLL Side-Loading          		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 signatures2 2 Behavior Graph ID: 1539814 Sample: SecuriteInfo.com.Win32.Malw... Startdate: 23/10/2024 Architecture: WINDOWS Score: 100 28 Malicious sample detected (through community Yara rule) 2->28 30 Multi AV Scanner detection for submitted file 2->30 32 Yara detected FormBook 2->32 34 5 other signatures 2->34 7 SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe 4 2->7         started        process3 file4 26 SecuriteInfo.com.W...12389.27465.exe.log, ASCII 7->26 dropped 36 Adds a directory exclusion to Windows Defender 7->36 38 Injects a PE file into a foreign processes 7->38 11 powershell.exe 23 7->11         started        14 SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe 7->14         started        16 SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe 7->16         started        18 2 other processes 7->18 signatures5 process6 signatures7 40 Loading BitLocker PowerShell Module 11->40 20 WmiPrvSE.exe 11->20         started        22 conhost.exe 11->22         started        24 WerFault.exe 22 16 14->24         started        process8

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe29%ReversingLabs
          SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe100%Joe Sandbox ML

          Dropped Files

          No Antivirus matches

          Unpacked PE Files

          No Antivirus matches

          Domains

          No Antivirus matches

          URLs

          SourceDetectionScannerLabelLink
          http://upx.sf.net0%URL Reputationsafe
          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe

          Domains and IPs

          Contacted Domains

          No contacted domains info

          URLs from Memory and Binaries

          NameSourceMaliciousAntivirus DetectionReputation
          http://upx.sf.netAmcache.hve.11.drfalse
          • URL Reputation: safe
          		unknown
          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameSecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe, 00000000.00000002.2167000791.000000000341A000.00000004.00000800.00020000.00000000.sdmpfalse
          • URL Reputation: safe
          		unknown

          World Map of Contacted IPs

          No contacted IP infos

          General Information

          Joe Sandbox version:41.0.0 Charoite
          Analysis ID:1539814
          Start date and time:2024-10-23 07:22:09 +02:00
          Joe Sandbox product:CloudBasic
          Overall analysis duration:0h 6m 52s
          Hypervisor based Inspection enabled:false
          Report type:full
          Cookbook file name:default.jbs
          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
          Number of analysed new started processes analysed:15
          Number of new started drivers analysed:0
          Number of existing processes analysed:0
          Number of existing drivers analysed:0
          Number of injected processes analysed:0
          Technologies:
          • HCA enabled
          • EGA enabled
          • AMSI enabled
          Analysis Mode:default
          Analysis stop reason:Timeout
          Sample name:SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe
          Detection:MAL
          Classification:mal100.troj.evad.winEXE@14/11@0/0
          EGA Information:
          • Successful, ratio: 100%
          HCA Information:
          • Successful, ratio: 97%
          • Number of executed functions: 33
          • Number of non-executed functions: 280
          Cookbook Comments:
          • Found application associated with file extension: .exe

          Warnings

          • Exclude process from analysis (whitelisted): dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
          • Excluded IPs from analysis (whitelisted): 20.42.73.29
          • Excluded domains from analysis (whitelisted): client.wns.windows.com, fs.microsoft.com, ocsp.digicert.com, login.live.com, otelrules.azureedge.net, slscr.update.microsoft.com, blobcollector.events.data.trafficmanager.net, onedsblobprdeus15.eastus.cloudapp.azure.com, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
          • Not all processes where analyzed, report is missing behavior information
          • Report size getting too big, too many NtCreateKey calls found.
          • Report size getting too big, too many NtOpenKeyEx calls found.
          • Report size getting too big, too many NtProtectVirtualMemory calls found.
          • Report size getting too big, too many NtQueryValueKey calls found.
          • VT rate limit hit for: SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe

          Simulations

          Behavior and APIs

          TimeTypeDescription
          01:23:04API Interceptor1x Sleep call for process: SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe modified
          01:23:06API Interceptor19x Sleep call for process: powershell.exe modified
          01:23:10API Interceptor1x Sleep call for process: WerFault.exe modified

          Joe Sandbox View / Context

          IPs

          No context

          Domains

          No context

          ASNs

          No context

          JA3 Fingerprints

          No context

          Dropped Files

          No context

          Created / dropped Files

          C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_SecuriteInfo.com_9ef9adec14cb67e5b93e280a93ea66df0288344_b85c1e09_f7cae732-7d63-4546-9e2f-a521c905854d\Report.wer

          Download File
          Process:C:\Windows\SysWOW64\WerFault.exe
          File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
          Category:dropped
          Size (bytes):65536
          Entropy (8bit):0.6715821984789685
          Encrypted:false
          SSDEEP:96:CroFfy8cCmt2HsUC5eQUfiQXIDcQvc6QcEVcw3cE/3+HbHsZAX/d5FMT2SlPkpXK:19aCq2Hb0BU/QjlzuiFQZ24IO8y
          MD5:A33FDBD961B0D2548B35F0A093E7422A
          SHA1:22858BEBF1B0E1CED4C2C3F1D5715600FAC0689B
          SHA-256:35D1C77089C0EA7574B778AB92E54BA74D2A171736367C7075875F9074AEABAF
          SHA-512:3E8AEA9D9BF7853CE63215FBF4B40290C24312321E8BAA169FCA54EF61B36F52A0B1FF65F21F38E09F53EB7F0988069AE9AF4F1C82B0861CCC770C277037D0FC
          Malicious:false
          Reputation:low
          Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.4.1.3.4.5.8.7.4.0.5.5.0.7.6.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.4.1.3.4.5.8.7.9.0.5.4.9.7.0.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.f.7.c.a.e.7.3.2.-.7.d.6.3.-.4.5.4.6.-.9.e.2.f.-.a.5.2.1.c.9.0.5.8.5.4.d.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.3.3.3.2.8.c.2.9.-.0.2.c.9.-.4.6.2.0.-.a.9.4.9.-.c.2.b.4.d.4.e.9.7.5.f.2.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.S.e.c.u.r.i.t.e.I.n.f.o...c.o.m...W.i.n.3.2...M.a.l.w.a.r.e.X.-.g.e.n...1.2.3.8.9...2.7.4.6.5...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.B.a.z.Q...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.8.6.c.-.0.0.0.1.-.0.0.1.5.-.3.5.3.d.-.5.a.a.3.0.b.2.5.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.f.2.8.c.0.f.9.0.6.6.d.0.3.c.2.8.1.3.5.9.5.9.f.9.d.e.1.7.6.3.2.4.0.0.0.0.0.0.0.0.!.0.0.0.0.e.4.

          C:\ProgramData\Microsoft\Windows\WER\Temp\WERAADC.tmp.dmp

          Download File
          Process:C:\Windows\SysWOW64\WerFault.exe
          File Type:Mini DuMP crash report, 14 streams, Wed Oct 23 05:23:07 2024, 0x1205a4 type
          Category:dropped
          Size (bytes):24638
          Entropy (8bit):1.830051919958667
          Encrypted:false
          SSDEEP:96:5R8S6CEfkF7Ujjz6ni7wd9HfyESS8rKVkjS68LWx4WqWPNipwQNo2tO5XWIOWIZD:oKGj6nOSHaE5yPNipDo0y0uHUX
          MD5:C7986CC19CA939B9789AD41CAF0F8157
          SHA1:86573706ADCE6FF024A85E7DA5E2F1D577CBE69D
          SHA-256:743D961C60CE20678E4A86F794D46EB6ED143EA8FF49AE7FF89180E55ED23580
          SHA-512:9EF1927E400CBF00A9FA407EC99083048F2A1700FB7EDA646CC81959BF4877405A2B0ABD4F89B47508A16336EADA76DEBFC27ACC19F40B4A440947074471F56B
          Malicious:false
          Reputation:low
          Preview:MDMP..a..... .......;..g............4...............<.......t...8...........T.......8...........T...........0....X......................................................................................................eJ......L.......GenuineIntel............T.......l...9..g.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\ProgramData\Microsoft\Windows\WER\Temp\WERAB5A.tmp.WERInternalMetadata.xml

          Download File
          Process:C:\Windows\SysWOW64\WerFault.exe
          File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
          Category:dropped
          Size (bytes):8588
          Entropy (8bit):3.702034438997304
          Encrypted:false
          SSDEEP:192:R6l7wVeJgP6yXE6YxY6RggmfRCprw89b5b4sfqmTjm:R6lXJI6y06Yu62gmfR65brfqi6
          MD5:93FB0996672746BA7A5B1876E1C5AA0D
          SHA1:44C8B6C3760900E8F92842583D8C63FCB295500A
          SHA-256:48125EADAC8E9E62A60CC215FB55C36FD7162BF31E6D0A3EAB1CF58E3B9B9D21
          SHA-512:9F462BA9970D4D15F47561B3920016CB2D1D19806CB1BFD9E80266668C1063EDA01C1FC164033D9BC1D86BDE590169C6C4964FDC2831F2DD1B2ED4F9A09FBCD8
          Malicious:false
          Reputation:low
          Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.2.1.5.6.<./.P.i.

          C:\ProgramData\Microsoft\Windows\WER\Temp\WERAB9A.tmp.xml

          Download File
          Process:C:\Windows\SysWOW64\WerFault.exe
          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
          Category:dropped
          Size (bytes):4897
          Entropy (8bit):4.5704931837139675
          Encrypted:false
          SSDEEP:48:cvIwWl8zsCJg77aI9upWpW8VYXYm8M4JjIUzQkeFJ0+q8kY+SsMQWF+99pMuMFd:uIjfQI74Y7VPJjI1UTh4va9pMuMFd
          MD5:C48EE431C7A39661305757057B99D33C
          SHA1:0D12B3FBA0F0FB8A3204F7C0D9DB487FF7E9F8B6
          SHA-256:74C7A790AD0E89C93FD9B18829838029D34AB92CEC163AB5C2068CB1397CA57D
          SHA-512:DB7B58FC87330D6723020E91623452FC0E15B2E3FCC366F3DC7560FF0AD0BE6AC205CD8EF441C2AC09839D66A68B1EC7918006FB06472AB6FC420193E4A9E3E4
          Malicious:false
          Reputation:low
          Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="555625" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

          C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.log

          Download File
          Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe
          File Type:ASCII text, with CRLF line terminators
          Category:dropped
          Size (bytes):1216
          Entropy (8bit):5.34331486778365
          Encrypted:false
          SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
          MD5:1330C80CAAC9A0FB172F202485E9B1E8
          SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
          SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
          SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
          Malicious:true
          Reputation:high, very likely benign file
          Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

          C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

          Download File
          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
          File Type:data
          Category:dropped
          Size (bytes):2232
          Entropy (8bit):5.380285623575084
          Encrypted:false
          SSDEEP:48:+WSU4xympjgZ9tz4RIoUl8NPZHUl7u1iMuge//8M0Uyus:+LHxvCZfIfSKRHmOugw1s
          MD5:5D749274E535FF29A6A69E96436D4C62
          SHA1:9B178691836312C7727A6567871ABB37E785EF09
          SHA-256:4A9BE34C28ABD7A4F8DECD7ECC5C1A64D79B9142DE393FBF6A46B67D09D832E1
          SHA-512:C02325745B91C9765C167AA7A53A2BEF44D448A811920C9931E8F17E9E47B546362FEE9D39CCE5DB648735AFE0BFC8F08BF18A655D5F70663ECF61BE6A11208E
          Malicious:false
          Preview:@...e................................................@..........P................1]...E.....j.....(.Microsoft.PowerShell.Commands.ManagementH...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..|f........System.Core.D...............4..7..D.#V.............System.Management.Automation<...............i..VdqF...|...........System.Configuration4.................%...K... ...........System.Xml..4.....................@.[8]'.\........System.Data.<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServicesH................WY..2.M.&..g*(g........Microsoft.PowerShell.Security...<...............V.}...@...i...........System.Transactions.L.................*gQ?O.....x5.......#.Microsoft.Management.Infrastructure.8..................1...L..U;V.<}........System.Numerics.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Com

          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_f53wo0an.uor.ps1

          Download File
          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
          File Type:ASCII text, with no line terminators
          Category:dropped
          Size (bytes):60
          Entropy (8bit):4.038920595031593
          Encrypted:false
          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
          MD5:D17FE0A3F47BE24A6453E9EF58C94641
          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
          Malicious:false
          Preview:# PowerShell test file to determine AppLocker lockdown mode

          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mzknhxrs.f1a.psm1

          Download File
          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
          File Type:ASCII text, with no line terminators
          Category:dropped
          Size (bytes):60
          Entropy (8bit):4.038920595031593
          Encrypted:false
          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
          MD5:D17FE0A3F47BE24A6453E9EF58C94641
          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
          Malicious:false
          Preview:# PowerShell test file to determine AppLocker lockdown mode

          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_s1a1a0qn.4j4.psm1

          Download File
          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
          File Type:ASCII text, with no line terminators
          Category:dropped
          Size (bytes):60
          Entropy (8bit):4.038920595031593
          Encrypted:false
          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
          MD5:D17FE0A3F47BE24A6453E9EF58C94641
          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
          Malicious:false
          Preview:# PowerShell test file to determine AppLocker lockdown mode

          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wikxdnls.0qy.ps1

          Download File
          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
          File Type:ASCII text, with no line terminators
          Category:dropped
          Size (bytes):60
          Entropy (8bit):4.038920595031593
          Encrypted:false
          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
          MD5:D17FE0A3F47BE24A6453E9EF58C94641
          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
          Malicious:false
          Preview:# PowerShell test file to determine AppLocker lockdown mode

          C:\Windows\appcompat\Programs\Amcache.hve

          Download File
          Process:C:\Windows\SysWOW64\WerFault.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):1835008
          Entropy (8bit):4.468979136344798
          Encrypted:false
          SSDEEP:6144:CzZfpi6ceLPx9skLmb0fKZWSP3aJG8nAgeiJRMMhA2zX4WABluuNujDH5Sn:EZHtKZWOKnMM6bFpgj4n
          MD5:0BE2B63E9F4185CB6DF8CE8E6C949743
          SHA1:87A0782112CCF01ACD6D4D4EA9F897EF9FECE32C
          SHA-256:86EA2014465B612B3D66C3628BE7927C837C53003FD1473F628FE394AC0BD9D0
          SHA-512:B9E6641F4F792B3D47AD0F9A613CCB4F0135513292759E51112D57596D8FF118422C4F282713B3F33DB16B2F503EF71B046D114FCE01ED6784085C3AF0E6840C
          Malicious:false
          Preview:regfH...H....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm.....%..............................................................................................................................................................................................................................................................................................................................................[X..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          Static File Info

          General

          File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
          Entropy (8bit):7.721993702333742
          TrID:
          • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
          • Win32 Executable (generic) a (10002005/4) 49.75%
          • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
          • Windows Screen Saver (13104/52) 0.07%
          • Generic Win/DOS Executable (2004/3) 0.01%
          File name:SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe
          File size:786'944 bytes
          MD5:88219c96c3a3b4953d1ef76002f82282
          SHA1:e47ef493cc3ffeaa638f31ae6635b0f73420fb22
          SHA256:0e451ce1db9f82077de2d8f16f2010e3273795cff50c64ca515e7f9f0401022d
          SHA512:feb9d8e7425bc9d28942247fcdc86febfde5f989aa928387bf8588e5684cd3443a874e70c42169ada2e327d8dceaf6215ce6411332de297debf22846cf2ca781
          SSDEEP:12288:x3yQwPiejDXrlBRj4Mbd+n1suhhBVCYGKN5flO2B94w0B9Lu2HXqGa:KP5DXrl/j4Mbd+Dh0YXztL+w0BZNp
          TLSH:4BF4BDF03A227329DEA45935D629DDB592A31E68B004B9E3ADCC3B5735BD311AE0CF11
          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....f.g..............0......"........... ........@.. .......................@............@................................

          File Icon

          Icon Hash:1769ececf1527106

          Static PE Info

          General

          Entrypoint:0x4bfd82
          Entrypoint Section:.text
          Digitally signed:false
          Imagebase:0x400000
          Subsystem:windows gui
          Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
          DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
          Time Stamp:0x671866CD [Wed Oct 23 03:00:29 2024 UTC]
          TLS Callbacks:
          CLR (.Net) Version:
          OS Version Major:4
          OS Version Minor:0
          File Version Major:4
          File Version Minor:0
          Subsystem Version Major:4
          Subsystem Version Minor:0
          Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

          Entrypoint Preview

          Instruction
          jmp dword ptr [00402000h]
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al

          Data Directories

          NameVirtual AddressVirtual Size Is in Section
          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
          IMAGE_DIRECTORY_ENTRY_IMPORT0xbfd300x4f.text
          IMAGE_DIRECTORY_ENTRY_RESOURCE0xc00000x1e08.rsrc
          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
          IMAGE_DIRECTORY_ENTRY_BASERELOC0xc20000xc.reloc
          IMAGE_DIRECTORY_ENTRY_DEBUG0xbeac80x54.text
          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
          IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

          Sections

          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
          .text0x20000xbdd880xbde006a30b4e40e0e1149793eba4872594ecfFalse0.8767088236504279data7.725761342234378IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          .rsrc0xc00000x1e080x200086db585ea12f09501223dea011cde30cFalse0.852294921875data7.330121566504283IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
          .reloc0xc20000xc0x2008c5d8725bb3af75bda2bc389ebd98f92False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

          Resources

          NameRVASizeTypeLanguageCountryZLIB Complexity
          RT_ICON0xc00c80x19d9PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9820160193441136
          RT_GROUP_ICON0xc1ab40x14data1.05
          RT_VERSION0xc1ad80x32cdata0.43226600985221675

          Imports

          DLLImport
          mscoree.dll_CorExeMain

          Network Behavior

          No network behavior found

          Statistics

          CPU Usage

          Click to jump to process

          Memory Usage

          Click to jump to process

          High Level Behavior Distribution

          Click to dive into process behavior distribution

          Behavior

          Click to jump to process

          System Behavior

          General

          Target ID:0
          Start time:01:23:04
          Start date:23/10/2024
          Path:C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe
          Wow64 process (32bit):true
          Commandline:"C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe"
          Imagebase:0xe20000
          File size:786'944 bytes
          MD5 hash:88219C96C3A3B4953D1EF76002F82282
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Reputation:low
          Has exited:true

          General

          Target ID:3
          Start time:01:23:05
          Start date:23/10/2024
          Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
          Wow64 process (32bit):true
          Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe"
          Imagebase:0x1b0000
          File size:433'152 bytes
          MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Reputation:high
          Has exited:true

          General

          Target ID:4
          Start time:01:23:05
          Start date:23/10/2024
          Path:C:\Windows\System32\conhost.exe
          Wow64 process (32bit):false
          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Imagebase:0x7ff66e660000
          File size:862'208 bytes
          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Reputation:high
          Has exited:true

          General

          Target ID:5
          Start time:01:23:05
          Start date:23/10/2024
          Path:C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe
          Wow64 process (32bit):false
          Commandline:"C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe"
          Imagebase:0x60000
          File size:786'944 bytes
          MD5 hash:88219C96C3A3B4953D1EF76002F82282
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Reputation:low
          Has exited:true

          General

          Target ID:6
          Start time:01:23:05
          Start date:23/10/2024
          Path:C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe
          Wow64 process (32bit):false
          Commandline:"C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe"
          Imagebase:0x200000
          File size:786'944 bytes
          MD5 hash:88219C96C3A3B4953D1EF76002F82282
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Reputation:low
          Has exited:true

          General

          Target ID:7
          Start time:01:23:05
          Start date:23/10/2024
          Path:C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe
          Wow64 process (32bit):false
          Commandline:"C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe"
          Imagebase:0x140000
          File size:786'944 bytes
          MD5 hash:88219C96C3A3B4953D1EF76002F82282
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Reputation:low
          Has exited:true

          General

          Target ID:8
          Start time:01:23:05
          Start date:23/10/2024
          Path:C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe
          Wow64 process (32bit):true
          Commandline:"C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe"
          Imagebase:0xf70000
          File size:786'944 bytes
          MD5 hash:88219C96C3A3B4953D1EF76002F82282
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Yara matches:
          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000008.00000002.2204974095.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
          • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000008.00000002.2204974095.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
          Reputation:low
          Has exited:true

          General

          Target ID:11
          Start time:01:23:07
          Start date:23/10/2024
          Path:C:\Windows\SysWOW64\WerFault.exe
          Wow64 process (32bit):true
          Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 2156 -s 200
          Imagebase:0xb30000
          File size:483'680 bytes
          MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Reputation:high
          Has exited:true

          General

          Target ID:12
          Start time:01:23:08
          Start date:23/10/2024
          Path:C:\Windows\System32\wbem\WmiPrvSE.exe
          Wow64 process (32bit):false
          Commandline:C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
          Imagebase:0x7ff717f30000
          File size:496'640 bytes
          MD5 hash:60FF40CFD7FB8FE41EE4FE9AE5FE1C51
          Has elevated privileges:true
          Has administrator privileges:false
          Programmed in:C, C++ or other language
          Reputation:high
          Has exited:true

          Disassembly

          Reset < >

            Execution Graph

            Execution Coverage:9%
            Dynamic/Decrypted Code Coverage:100%
            Signature Coverage:0%
            Total number of Nodes:230
            Total number of Limit Nodes:9
            execution_graph 25992 5cad368 25993 5cad4f3 25992->25993 25995 5cad38e 25992->25995 25995->25993 25996 5ca9328 25995->25996 25997 5cad5e8 PostMessageW 25996->25997 25998 5cad654 25997->25998 25998->25995 26029 5ca7898 26030 5ca783c 26029->26030 26031 5ca7869 26030->26031 26034 5caa012 26030->26034 26038 5caa020 26030->26038 26035 5caa053 26034->26035 26036 5caa0c1 26035->26036 26042 5caa40a 26035->26042 26036->26031 26039 5caa053 26038->26039 26040 5caa0c1 26039->26040 26041 5caa40a ResumeThread 26039->26041 26040->26031 26041->26040 26043 5caa3da 26042->26043 26044 5caa40e ResumeThread 26042->26044 26043->26036 26046 5caa481 26044->26046 26046->26036 25999 30f4668 26000 30f4672 25999->26000 26002 30f4758 25999->26002 26003 30f477d 26002->26003 26007 30f4858 26003->26007 26011 30f4868 26003->26011 26009 30f4868 26007->26009 26008 30f496c 26008->26008 26009->26008 26015 30f44b4 26009->26015 26013 30f488f 26011->26013 26012 30f496c 26012->26012 26013->26012 26014 30f44b4 CreateActCtxA 26013->26014 26014->26012 26016 30f58f8 CreateActCtxA 26015->26016 26018 30f59bb 26016->26018 26018->26018 26047 5cab1d6 26054 5cabfb8 26047->26054 26070 5cac096 26047->26070 26086 5cac030 26047->26086 26101 5cac020 26047->26101 26116 5cabff9 26047->26116 26048 5cab1e5 26055 5cabfc6 26054->26055 26056 5cac021 26054->26056 26055->26048 26057 5cac052 26056->26057 26132 5cac7dd 26056->26132 26137 5cac6d9 26056->26137 26142 5cac979 26056->26142 26147 5cac49b 26056->26147 26152 5cacd04 26056->26152 26156 5cac968 26056->26156 26161 5cac46b 26056->26161 26166 5cac735 26056->26166 26171 5cac614 26056->26171 26176 5cac6b0 26056->26176 26181 5cac8d2 26056->26181 26188 5cac9bd 26056->26188 26057->26048 26071 5cac024 26070->26071 26072 5cac099 26070->26072 26073 5cac46b 2 API calls 26071->26073 26074 5cac968 2 API calls 26071->26074 26075 5cacd04 2 API calls 26071->26075 26076 5cac49b 2 API calls 26071->26076 26077 5cac979 2 API calls 26071->26077 26078 5cac6d9 2 API calls 26071->26078 26079 5cac7dd 2 API calls 26071->26079 26080 5cac9bd 2 API calls 26071->26080 26081 5cac8d2 4 API calls 26071->26081 26082 5cac6b0 2 API calls 26071->26082 26083 5cac052 26071->26083 26084 5cac614 2 API calls 26071->26084 26085 5cac735 2 API calls 26071->26085 26072->26048 26073->26083 26074->26083 26075->26083 26076->26083 26077->26083 26078->26083 26079->26083 26080->26083 26081->26083 26082->26083 26083->26048 26084->26083 26085->26083 26087 5cac04a 26086->26087 26088 5cac46b 2 API calls 26087->26088 26089 5cac968 2 API calls 26087->26089 26090 5cacd04 2 API calls 26087->26090 26091 5cac49b 2 API calls 26087->26091 26092 5cac979 2 API calls 26087->26092 26093 5cac6d9 2 API calls 26087->26093 26094 5cac7dd 2 API calls 26087->26094 26095 5cac9bd 2 API calls 26087->26095 26096 5cac8d2 4 API calls 26087->26096 26097 5cac6b0 2 API calls 26087->26097 26098 5cac052 26087->26098 26099 5cac614 2 API calls 26087->26099 26100 5cac735 2 API calls 26087->26100 26088->26098 26089->26098 26090->26098 26091->26098 26092->26098 26093->26098 26094->26098 26095->26098 26096->26098 26097->26098 26098->26048 26099->26098 26100->26098 26102 5cac024 26101->26102 26103 5cac052 26102->26103 26104 5cac46b 2 API calls 26102->26104 26105 5cac968 2 API calls 26102->26105 26106 5cacd04 2 API calls 26102->26106 26107 5cac49b 2 API calls 26102->26107 26108 5cac979 2 API calls 26102->26108 26109 5cac6d9 2 API calls 26102->26109 26110 5cac7dd 2 API calls 26102->26110 26111 5cac9bd 2 API calls 26102->26111 26112 5cac8d2 4 API calls 26102->26112 26113 5cac6b0 2 API calls 26102->26113 26114 5cac614 2 API calls 26102->26114 26115 5cac735 2 API calls 26102->26115 26103->26048 26104->26103 26105->26103 26106->26103 26107->26103 26108->26103 26109->26103 26110->26103 26111->26103 26112->26103 26113->26103 26114->26103 26115->26103 26117 5cabfb8 26116->26117 26118 5cac002 26116->26118 26119 5cabfc6 26117->26119 26120 5cac46b 2 API calls 26117->26120 26121 5cac968 2 API calls 26117->26121 26122 5cacd04 2 API calls 26117->26122 26123 5cac49b 2 API calls 26117->26123 26124 5cac979 2 API calls 26117->26124 26125 5cac6d9 2 API calls 26117->26125 26126 5cac7dd 2 API calls 26117->26126 26127 5cac9bd 2 API calls 26117->26127 26128 5cac8d2 4 API calls 26117->26128 26129 5cac6b0 2 API calls 26117->26129 26130 5cac614 2 API calls 26117->26130 26131 5cac735 2 API calls 26117->26131 26118->26048 26119->26048 26120->26119 26121->26119 26122->26119 26123->26119 26124->26119 26125->26119 26126->26119 26127->26119 26128->26119 26129->26119 26130->26119 26131->26119 26133 5cac7e3 26132->26133 26193 5cad2d8 26133->26193 26198 5cad2e8 26133->26198 26134 5cacbf4 26138 5cac6e6 26137->26138 26140 5cad2d8 2 API calls 26138->26140 26141 5cad2e8 2 API calls 26138->26141 26139 5cacbf4 26140->26139 26141->26139 26143 5cac8c6 26142->26143 26207 5caaa89 26143->26207 26211 5caaa90 26143->26211 26144 5cac70a 26144->26057 26148 5cac4a8 26147->26148 26215 5caad18 26148->26215 26219 5caad0c 26148->26219 26154 5caaa89 WriteProcessMemory 26152->26154 26155 5caaa90 WriteProcessMemory 26152->26155 26153 5cacd32 26154->26153 26155->26153 26157 5cace20 26156->26157 26223 5caa4c0 26157->26223 26227 5caa4ba 26157->26227 26158 5cace3b 26162 5cac49e 26161->26162 26164 5caad18 CreateProcessA 26162->26164 26165 5caad0c CreateProcessA 26162->26165 26163 5cac539 26163->26057 26164->26163 26165->26163 26167 5cac73e 26166->26167 26169 5caaa89 WriteProcessMemory 26167->26169 26170 5caaa90 WriteProcessMemory 26167->26170 26168 5caca5d 26168->26057 26169->26168 26170->26168 26172 5caccc2 26171->26172 26231 5caab79 26172->26231 26235 5caab80 26172->26235 26173 5cacce4 26177 5cacab0 26176->26177 26179 5caa4ba Wow64SetThreadContext 26177->26179 26180 5caa4c0 Wow64SetThreadContext 26177->26180 26178 5cac703 26178->26057 26179->26178 26180->26178 26239 5cad0c0 26181->26239 26244 5cad0d0 26181->26244 26182 5cac8c6 26183 5cac70a 26182->26183 26184 5caaa89 WriteProcessMemory 26182->26184 26185 5caaa90 WriteProcessMemory 26182->26185 26183->26057 26184->26183 26185->26183 26189 5cac7f4 26188->26189 26191 5cad2d8 2 API calls 26189->26191 26192 5cad2e8 2 API calls 26189->26192 26190 5cacbf4 26191->26190 26192->26190 26194 5cad2fd 26193->26194 26196 5caa40a ResumeThread 26194->26196 26203 5caa410 26194->26203 26195 5cad310 26195->26134 26196->26195 26199 5cad2fd 26198->26199 26201 5caa40a ResumeThread 26199->26201 26202 5caa410 ResumeThread 26199->26202 26200 5cad310 26200->26134 26201->26200 26202->26200 26204 5caa450 ResumeThread 26203->26204 26206 5caa481 26204->26206 26206->26195 26208 5caaad8 WriteProcessMemory 26207->26208 26210 5caab2f 26208->26210 26210->26144 26212 5caaad8 WriteProcessMemory 26211->26212 26214 5caab2f 26212->26214 26214->26144 26216 5caada1 26215->26216 26216->26216 26217 5caaf06 CreateProcessA 26216->26217 26218 5caaf63 26217->26218 26220 5caada1 26219->26220 26220->26220 26221 5caaf06 CreateProcessA 26220->26221 26222 5caaf63 26221->26222 26224 5caa505 Wow64SetThreadContext 26223->26224 26226 5caa54d 26224->26226 26226->26158 26228 5caa505 Wow64SetThreadContext 26227->26228 26230 5caa54d 26228->26230 26230->26158 26232 5caabcb ReadProcessMemory 26231->26232 26234 5caac0f 26232->26234 26234->26173 26236 5caabcb ReadProcessMemory 26235->26236 26238 5caac0f 26236->26238 26238->26173 26240 5cad0d0 26239->26240 26249 5caa9c8 26240->26249 26253 5caa9d0 26240->26253 26241 5cad104 26241->26182 26245 5cad0e5 26244->26245 26247 5caa9c8 VirtualAllocEx 26245->26247 26248 5caa9d0 VirtualAllocEx 26245->26248 26246 5cad104 26246->26182 26247->26246 26248->26246 26250 5caaa10 VirtualAllocEx 26249->26250 26252 5caaa4d 26250->26252 26252->26241 26254 5caaa10 VirtualAllocEx 26253->26254 26256 5caaa4d 26254->26256 26256->26241 26257 5ca76d6 26258 5ca76da 26257->26258 26259 5ca7694 26257->26259 26259->26257 26260 5caa012 ResumeThread 26259->26260 26261 5caa020 ResumeThread 26259->26261 26260->26259 26261->26259 26019 30fd000 26020 30fd046 GetCurrentProcess 26019->26020 26022 30fd098 GetCurrentThread 26020->26022 26023 30fd091 26020->26023 26024 30fd0ce 26022->26024 26025 30fd0d5 GetCurrentProcess 26022->26025 26023->26022 26024->26025 26026 30fd10b 26025->26026 26027 30fd133 GetCurrentThreadId 26026->26027 26028 30fd164 26027->26028 26262 30fd650 DuplicateHandle 26263 30fd6e6 26262->26263 26264 30fac70 26265 30fac7f 26264->26265 26268 30fad59 26264->26268 26273 30fad68 26264->26273 26269 30fad9c 26268->26269 26270 30fad79 26268->26270 26269->26265 26270->26269 26271 30fafa0 GetModuleHandleW 26270->26271 26272 30fafcd 26271->26272 26272->26265 26274 30fad79 26273->26274 26275 30fad9c 26273->26275 26274->26275 26276 30fafa0 GetModuleHandleW 26274->26276 26275->26265 26277 30fafcd 26276->26277 26277->26265

            Executed Functions

            Function 030FCFF0 Relevance: 6.1, APIs: 4, Instructions: 131threadCOMMON
            Download Yara Rule

            Control-flow Graph

            APIs
            • GetCurrentProcess.KERNEL32 ref: 030FD07E
            • GetCurrentThread.KERNEL32 ref: 030FD0BB
            • GetCurrentProcess.KERNEL32 ref: 030FD0F8
            • GetCurrentThreadId.KERNEL32 ref: 030FD151
            Memory Dump Source
            • Source File: 00000000.00000002.2166233983.00000000030F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 030F0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_30f0000_SecuriteInfo.jbxd
            Similarity
            • API ID: Current$ProcessThread
            • String ID:
            • API String ID: 2063062207-0
            • Opcode ID: 041930672f2886676410c08e5eda26ec52c94635a8d557d43c7c69018b29397d
            • Instruction ID: a4ac1a165b880b8904c36f4d723e64e60e7a84075e224a5b5df50ed2833910ef
            • Opcode Fuzzy Hash: 041930672f2886676410c08e5eda26ec52c94635a8d557d43c7c69018b29397d
            • Instruction Fuzzy Hash: 0F5155B0901749CFDB54CFA9D548BAEBFF1EB89304F24845AE109A7760DB34A844CB65
            Function 030FD000 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
            Download Yara Rule

            Control-flow Graph

            APIs
            • GetCurrentProcess.KERNEL32 ref: 030FD07E
            • GetCurrentThread.KERNEL32 ref: 030FD0BB
            • GetCurrentProcess.KERNEL32 ref: 030FD0F8
            • GetCurrentThreadId.KERNEL32 ref: 030FD151
            Memory Dump Source
            • Source File: 00000000.00000002.2166233983.00000000030F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 030F0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_30f0000_SecuriteInfo.jbxd
            Similarity
            • API ID: Current$ProcessThread
            • String ID:
            • API String ID: 2063062207-0
            • Opcode ID: cabc1e40fc1ea5da1495634fbea993fd659fb19b3d1a501f2f14840ee66b1ace
            • Instruction ID: 608fe8e8a5328fe8836d9366c5de88e437adbda5499b81ab1c7905cc06912c45
            • Opcode Fuzzy Hash: cabc1e40fc1ea5da1495634fbea993fd659fb19b3d1a501f2f14840ee66b1ace
            • Instruction Fuzzy Hash: 3B5175B0901309CFDB54CFAAD548BAEBFF1EF88300F24845AE108A7360DB34A844CB65
            Function 05CAAD0C Relevance: 1.7, APIs: 1, Instructions: 248processCOMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 44 5caad0c-5caadad 46 5caadaf-5caadb9 44->46 47 5caade6-5caae06 44->47 46->47 48 5caadbb-5caadbd 46->48 52 5caae08-5caae12 47->52 53 5caae3f-5caae6e 47->53 50 5caadbf-5caadc9 48->50 51 5caade0-5caade3 48->51 54 5caadcb 50->54 55 5caadcd-5caaddc 50->55 51->47 52->53 56 5caae14-5caae16 52->56 63 5caae70-5caae7a 53->63 64 5caaea7-5caaf61 CreateProcessA 53->64 54->55 55->55 57 5caadde 55->57 58 5caae18-5caae22 56->58 59 5caae39-5caae3c 56->59 57->51 61 5caae26-5caae35 58->61 62 5caae24 58->62 59->53 61->61 65 5caae37 61->65 62->61 63->64 66 5caae7c-5caae7e 63->66 75 5caaf6a-5caaff0 64->75 76 5caaf63-5caaf69 64->76 65->59 68 5caae80-5caae8a 66->68 69 5caaea1-5caaea4 66->69 70 5caae8e-5caae9d 68->70 71 5caae8c 68->71 69->64 70->70 72 5caae9f 70->72 71->70 72->69 86 5caaff2-5caaff6 75->86 87 5cab000-5cab004 75->87 76->75 86->87 90 5caaff8 86->90 88 5cab006-5cab00a 87->88 89 5cab014-5cab018 87->89 88->89 91 5cab00c 88->91 92 5cab01a-5cab01e 89->92 93 5cab028-5cab02c 89->93 90->87 91->89 92->93 94 5cab020 92->94 95 5cab03e-5cab045 93->95 96 5cab02e-5cab034 93->96 94->93 97 5cab05c 95->97 98 5cab047-5cab056 95->98 96->95 99 5cab05d 97->99 98->97 99->99
            APIs
            • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 05CAAF4E
            Memory Dump Source
            • Source File: 00000000.00000002.2178230247.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_5ca0000_SecuriteInfo.jbxd
            Similarity
            • API ID: CreateProcess
            • String ID:
            • API String ID: 963392458-0
            • Opcode ID: 28871c802f9f7d54839db3edbf9b1b3319d6c7eb7edabbb6e39df5d308a224a6
            • Instruction ID: 7546a06d026c901aa185695ba4bceae48badea362d3c78463b8e6e7ec27c0444
            • Opcode Fuzzy Hash: 28871c802f9f7d54839db3edbf9b1b3319d6c7eb7edabbb6e39df5d308a224a6
            • Instruction Fuzzy Hash: 40A18D71D0065ADFEB24CF68CC41BEDBBB2BF48304F048569D859A7280D7748A85CF91
            Function 05CAAD18 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 101 5caad18-5caadad 103 5caadaf-5caadb9 101->103 104 5caade6-5caae06 101->104 103->104 105 5caadbb-5caadbd 103->105 109 5caae08-5caae12 104->109 110 5caae3f-5caae6e 104->110 107 5caadbf-5caadc9 105->107 108 5caade0-5caade3 105->108 111 5caadcb 107->111 112 5caadcd-5caaddc 107->112 108->104 109->110 113 5caae14-5caae16 109->113 120 5caae70-5caae7a 110->120 121 5caaea7-5caaf61 CreateProcessA 110->121 111->112 112->112 114 5caadde 112->114 115 5caae18-5caae22 113->115 116 5caae39-5caae3c 113->116 114->108 118 5caae26-5caae35 115->118 119 5caae24 115->119 116->110 118->118 122 5caae37 118->122 119->118 120->121 123 5caae7c-5caae7e 120->123 132 5caaf6a-5caaff0 121->132 133 5caaf63-5caaf69 121->133 122->116 125 5caae80-5caae8a 123->125 126 5caaea1-5caaea4 123->126 127 5caae8e-5caae9d 125->127 128 5caae8c 125->128 126->121 127->127 129 5caae9f 127->129 128->127 129->126 143 5caaff2-5caaff6 132->143 144 5cab000-5cab004 132->144 133->132 143->144 147 5caaff8 143->147 145 5cab006-5cab00a 144->145 146 5cab014-5cab018 144->146 145->146 148 5cab00c 145->148 149 5cab01a-5cab01e 146->149 150 5cab028-5cab02c 146->150 147->144 148->146 149->150 151 5cab020 149->151 152 5cab03e-5cab045 150->152 153 5cab02e-5cab034 150->153 151->150 154 5cab05c 152->154 155 5cab047-5cab056 152->155 153->152 156 5cab05d 154->156 155->154 156->156
            APIs
            • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 05CAAF4E
            Memory Dump Source
            • Source File: 00000000.00000002.2178230247.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_5ca0000_SecuriteInfo.jbxd
            Similarity
            • API ID: CreateProcess
            • String ID:
            • API String ID: 963392458-0
            • Opcode ID: 345de4ae45173e9eb86fe0625fb38499132cd6b0924c4653f0f0a378b090cda8
            • Instruction ID: f69730929bc868294f4d9fda0f26de680e36527717d917c63f7bd3790b537dfe
            • Opcode Fuzzy Hash: 345de4ae45173e9eb86fe0625fb38499132cd6b0924c4653f0f0a378b090cda8
            • Instruction Fuzzy Hash: EB917C71D0061ADFEB24CF68CC41BEDBBB2BF49308F048569E819A7240DB759A85CF91
            Function 030FAD68 Relevance: 1.7, APIs: 1, Instructions: 208COMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 158 30fad68-30fad77 159 30fad79-30fad86 call 30fa08c 158->159 160 30fada3-30fada7 158->160 167 30fad9c 159->167 168 30fad88 159->168 162 30fadbb-30fadfc 160->162 163 30fada9-30fadb3 160->163 169 30fadfe-30fae06 162->169 170 30fae09-30fae17 162->170 163->162 167->160 217 30fad8e call 30faff0 168->217 218 30fad8e call 30fb000 168->218 169->170 171 30fae3b-30fae3d 170->171 172 30fae19-30fae1e 170->172 174 30fae40-30fae47 171->174 175 30fae29 172->175 176 30fae20-30fae27 call 30fa098 172->176 173 30fad94-30fad96 173->167 177 30faed8-30faf54 173->177 180 30fae49-30fae51 174->180 181 30fae54-30fae5b 174->181 178 30fae2b-30fae39 175->178 176->178 208 30faf56-30faf7e 177->208 209 30faf80-30faf98 177->209 178->174 180->181 184 30fae5d-30fae65 181->184 185 30fae68-30fae71 call 30fa0a8 181->185 184->185 189 30fae7e-30fae83 185->189 190 30fae73-30fae7b 185->190 191 30fae85-30fae8c 189->191 192 30faea1-30faea5 189->192 190->189 191->192 194 30fae8e-30fae9e call 30fa0b8 call 30fa0c8 191->194 215 30faea8 call 30fb300 192->215 216 30faea8 call 30fb2d0 192->216 194->192 197 30faeab-30faeae 199 30faed1-30faed7 197->199 200 30faeb0-30faece 197->200 200->199 208->209 210 30faf9a-30faf9d 209->210 211 30fafa0-30fafcb GetModuleHandleW 209->211 210->211 212 30fafcd-30fafd3 211->212 213 30fafd4-30fafe8 211->213 212->213 215->197 216->197 217->173 218->173
            APIs
            • GetModuleHandleW.KERNEL32(00000000), ref: 030FAFBE
            Memory Dump Source
            • Source File: 00000000.00000002.2166233983.00000000030F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 030F0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_30f0000_SecuriteInfo.jbxd
            Similarity
            • API ID: HandleModule
            • String ID:
            • API String ID: 4139908857-0
            • Opcode ID: 7989c73e215e36e6277935e07efab175d7a2152db454135580fd3b305e8a6e75
            • Instruction ID: 0e71df529e37ed7ff1a02c11a3cda09257bdc4608621483cc0334c05583ea234
            • Opcode Fuzzy Hash: 7989c73e215e36e6277935e07efab175d7a2152db454135580fd3b305e8a6e75
            • Instruction Fuzzy Hash: 77813670A01B058FDB64DF6AD04179ABBF1BF89304F048A2ED18ADBA50D735E849CF91
            Function 030F58ED Relevance: 1.6, APIs: 1, Instructions: 125COMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 219 30f58ed-30f58f4 220 30f58f6-30f59b9 CreateActCtxA 219->220 221 30f5890-30f58b9 219->221 224 30f59bb-30f59c1 220->224 225 30f59c2-30f5a1c 220->225 226 30f58bb-30f58c1 221->226 227 30f58c2-30f58e3 221->227 224->225 235 30f5a1e-30f5a21 225->235 236 30f5a2b-30f5a2f 225->236 226->227 235->236 237 30f5a31-30f5a3d 236->237 238 30f5a40 236->238 237->238 240 30f5a41 238->240 240->240
            APIs
            • CreateActCtxA.KERNEL32(?), ref: 030F59A9
            Memory Dump Source
            • Source File: 00000000.00000002.2166233983.00000000030F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 030F0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_30f0000_SecuriteInfo.jbxd
            Similarity
            • API ID: Create
            • String ID:
            • API String ID: 2289755597-0
            • Opcode ID: 9015229162f400eade8a6b341bd6bb65e04130e0c97534e3c3e5f00fb4ff1313
            • Instruction ID: 08351c461e21a38c8dc64a73e24cf134c0a900934101b84187ffca782c70497b
            • Opcode Fuzzy Hash: 9015229162f400eade8a6b341bd6bb65e04130e0c97534e3c3e5f00fb4ff1313
            • Instruction Fuzzy Hash: 095111B1C00719CFEB24CFA9C8847DEBBF1AF49304F2481AAD148AB251D775A949CF91
            Function 030F44B4 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 241 30f44b4-30f59b9 CreateActCtxA 244 30f59bb-30f59c1 241->244 245 30f59c2-30f5a1c 241->245 244->245 252 30f5a1e-30f5a21 245->252 253 30f5a2b-30f5a2f 245->253 252->253 254 30f5a31-30f5a3d 253->254 255 30f5a40 253->255 254->255 257 30f5a41 255->257 257->257
            APIs
            • CreateActCtxA.KERNEL32(?), ref: 030F59A9
            Memory Dump Source
            • Source File: 00000000.00000002.2166233983.00000000030F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 030F0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_30f0000_SecuriteInfo.jbxd
            Similarity
            • API ID: Create
            • String ID:
            • API String ID: 2289755597-0
            • Opcode ID: 2b936a2a2ff80ecb20caa232f69f7c226cd317898eb3bc7d8995da8690d61f2e
            • Instruction ID: dbd2aef0dd9224812854767bffc4ca60cd32f5dca9eb36aa1fe3537a31999ffa
            • Opcode Fuzzy Hash: 2b936a2a2ff80ecb20caa232f69f7c226cd317898eb3bc7d8995da8690d61f2e
            • Instruction Fuzzy Hash: 6841CDB0C0071DCFDB24DFA9C884B9EBBB5AF89304F2081AAD508AB251DB756945CF91
            Function 05CAAA89 Relevance: 1.6, APIs: 1, Instructions: 71injectionCOMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 258 5caaa89-5caaade 260 5caaaee-5caab2d WriteProcessMemory 258->260 261 5caaae0-5caaaec 258->261 263 5caab2f-5caab35 260->263 264 5caab36-5caab66 260->264 261->260 263->264
            APIs
            • WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 05CAAB20
            Memory Dump Source
            • Source File: 00000000.00000002.2178230247.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_5ca0000_SecuriteInfo.jbxd
            Similarity
            • API ID: MemoryProcessWrite
            • String ID:
            • API String ID: 3559483778-0
            • Opcode ID: f6fbfc9a820ae80211f439c07ab3999ec0edde77101d292d951097c6c83ad408
            • Instruction ID: bca60dc537383d4c03b592319dd4fee86b693ea339a47e99d41bebcb4cba313e
            • Opcode Fuzzy Hash: f6fbfc9a820ae80211f439c07ab3999ec0edde77101d292d951097c6c83ad408
            • Instruction Fuzzy Hash: B72115B69003599FDB10CFA9C981BDEBBF5BF48314F10882AE919A7640D7789944CBA4
            Function 05CAAA90 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 268 5caaa90-5caaade 270 5caaaee-5caab2d WriteProcessMemory 268->270 271 5caaae0-5caaaec 268->271 273 5caab2f-5caab35 270->273 274 5caab36-5caab66 270->274 271->270 273->274
            APIs
            • WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 05CAAB20
            Memory Dump Source
            • Source File: 00000000.00000002.2178230247.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_5ca0000_SecuriteInfo.jbxd
            Similarity
            • API ID: MemoryProcessWrite
            • String ID:
            • API String ID: 3559483778-0
            • Opcode ID: cce8d74b6cdb8a7ec57cbc02d65e9492893c645c5bb95e3ee846c1ac8fada4d9
            • Instruction ID: 7e4c3722ff7d1781eb2ceb033af3cd299c4590b29f772741a84b7ba67d1a27eb
            • Opcode Fuzzy Hash: cce8d74b6cdb8a7ec57cbc02d65e9492893c645c5bb95e3ee846c1ac8fada4d9
            • Instruction Fuzzy Hash: F421F4729003599FDB10DFAAC885BDEBBF5FF48314F10882AE919A7240D7789954CBA4
            Function 030FD648 Relevance: 1.6, APIs: 1, Instructions: 68COMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 278 30fd648-30fd64c 279 30fd64e-30fd68f 278->279 280 30fd692-30fd6e4 DuplicateHandle 278->280 279->280 281 30fd6ed-30fd70a 280->281 282 30fd6e6-30fd6ec 280->282 282->281
            APIs
            • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 030FD6D7
            Memory Dump Source
            • Source File: 00000000.00000002.2166233983.00000000030F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 030F0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_30f0000_SecuriteInfo.jbxd
            Similarity
            • API ID: DuplicateHandle
            • String ID:
            • API String ID: 3793708945-0
            • Opcode ID: a54356bb3c71d852994ecfeebbf853b1fab410e538517d3ed0ca9a79df86f03a
            • Instruction ID: 95489c6118c474fe8aaacaaac987fa422ea1dfe31362d7e2a26453459f339e0f
            • Opcode Fuzzy Hash: a54356bb3c71d852994ecfeebbf853b1fab410e538517d3ed0ca9a79df86f03a
            • Instruction Fuzzy Hash: B72124B5900249DFDB10CFA9D984BDEBFF4AF09320F18855AE958A7350C338A945CF61
            Function 05CAA4BA Relevance: 1.6, APIs: 1, Instructions: 65threadCOMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 285 5caa4ba-5caa50b 287 5caa51b-5caa54b Wow64SetThreadContext 285->287 288 5caa50d-5caa519 285->288 290 5caa54d-5caa553 287->290 291 5caa554-5caa584 287->291 288->287 290->291
            APIs
            • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 05CAA53E
            Memory Dump Source
            • Source File: 00000000.00000002.2178230247.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_5ca0000_SecuriteInfo.jbxd
            Similarity
            • API ID: ContextThreadWow64
            • String ID:
            • API String ID: 983334009-0
            • Opcode ID: 9f4832fd226a1887019f71ee316d9baca6a535dba062279d1fbcce45bc1c63ab
            • Instruction ID: e51647412b2e234ba7aeb553b0d3624308214784df2af74e9bb76c5a57702852
            • Opcode Fuzzy Hash: 9f4832fd226a1887019f71ee316d9baca6a535dba062279d1fbcce45bc1c63ab
            • Instruction Fuzzy Hash: 54213872D0070A8FEB10DFAAC9857EEBBF5AF88314F14842AD519A7240D7789545CFA4
            Function 05CAAB79 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 295 5caab79-5caac0d ReadProcessMemory 298 5caac0f-5caac15 295->298 299 5caac16-5caac46 295->299 298->299
            APIs
            • ReadProcessMemory.KERNEL32(?,?,?,?,?), ref: 05CAAC00
            Memory Dump Source
            • Source File: 00000000.00000002.2178230247.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_5ca0000_SecuriteInfo.jbxd
            Similarity
            • API ID: MemoryProcessRead
            • String ID:
            • API String ID: 1726664587-0
            • Opcode ID: 53308dc20043cbac28549fc1e64f178eace51c72aa4d40be161787a536d75fd9
            • Instruction ID: 5e99d12566b1a6b58f2c85a7095f411c3b34d3c060fb3516ec0314d379d45535
            • Opcode Fuzzy Hash: 53308dc20043cbac28549fc1e64f178eace51c72aa4d40be161787a536d75fd9
            • Instruction Fuzzy Hash: 592136B2C00349DFDB10CFAAC9817EEBBF5BF48310F14882AE519A7240D7389544CBA0
            Function 05CAA4C0 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 315 5caa4c0-5caa50b 317 5caa51b-5caa54b Wow64SetThreadContext 315->317 318 5caa50d-5caa519 315->318 320 5caa54d-5caa553 317->320 321 5caa554-5caa584 317->321 318->317 320->321
            APIs
            • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 05CAA53E
            Memory Dump Source
            • Source File: 00000000.00000002.2178230247.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_5ca0000_SecuriteInfo.jbxd
            Similarity
            • API ID: ContextThreadWow64
            • String ID:
            • API String ID: 983334009-0
            • Opcode ID: 154b80ad96dabade6d79da876b52e495cd908a1fb070a586f26035aedf745ba8
            • Instruction ID: 077efe89cc86d89e26ed82b5d40c63d0f83da2dcd363ea5928b658b14841b2fd
            • Opcode Fuzzy Hash: 154b80ad96dabade6d79da876b52e495cd908a1fb070a586f26035aedf745ba8
            • Instruction Fuzzy Hash: 712138719007099FDB10DFAAC8857AEBBF5AF88314F148429D519A7240C7789945CFA4
            Function 05CAA40A Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 303 5caa40a-5caa40c 304 5caa3da-5caa3e9 303->304 305 5caa40e-5caa47f ResumeThread 303->305 308 5caa3f1-5caa3fa 304->308 310 5caa488-5caa4ad 305->310 311 5caa481-5caa487 305->311 311->310
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.2178230247.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_5ca0000_SecuriteInfo.jbxd
            Similarity
            • API ID: ResumeThread
            • String ID:
            • API String ID: 947044025-0
            • Opcode ID: c083716cb1aad4ce8eda778829aad3663568f41df6fbfe048bddcc93c622c46c
            • Instruction ID: f9276ac414e44d40625f7d403f10227eba808cb850c3cb127e2103b7e48bcae3
            • Opcode Fuzzy Hash: c083716cb1aad4ce8eda778829aad3663568f41df6fbfe048bddcc93c622c46c
            • Instruction Fuzzy Hash: D62177B6D00249CFDB10DFA9D8457AEFBF5EF88214F24886AD419A7340C7399A01CBA0
            Function 05CAAB80 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 325 5caab80-5caac0d ReadProcessMemory 328 5caac0f-5caac15 325->328 329 5caac16-5caac46 325->329 328->329
            APIs
            • ReadProcessMemory.KERNEL32(?,?,?,?,?), ref: 05CAAC00
            Memory Dump Source
            • Source File: 00000000.00000002.2178230247.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_5ca0000_SecuriteInfo.jbxd
            Similarity
            • API ID: MemoryProcessRead
            • String ID:
            • API String ID: 1726664587-0
            • Opcode ID: 19357cdc36dd42dc716b7ff7715de043af28ff7d44fbfb6c5d9ac95f8ce03441
            • Instruction ID: 8a25f2a3841dfeb88105fa9bd7e8b18d79427be4b9f4f55722e4a3457c37ad17
            • Opcode Fuzzy Hash: 19357cdc36dd42dc716b7ff7715de043af28ff7d44fbfb6c5d9ac95f8ce03441
            • Instruction Fuzzy Hash: 3D2116B18003499FDB10DFAAC881ADEFBF5FF48310F148429E519A7240C7399940CBA4
            Function 030FD650 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
            Download Yara Rule
            APIs
            • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 030FD6D7
            Memory Dump Source
            • Source File: 00000000.00000002.2166233983.00000000030F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 030F0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_30f0000_SecuriteInfo.jbxd
            Similarity
            • API ID: DuplicateHandle
            • String ID:
            • API String ID: 3793708945-0
            • Opcode ID: 6768a162d8c9577d80f0ff8ca5237be33eafdbbc3afbdb1afaebf2063fc62182
            • Instruction ID: fbb661b9fe7aa5b749d222fe54955dcf7f2121c502333b77bb8fb80a2b3ea0fc
            • Opcode Fuzzy Hash: 6768a162d8c9577d80f0ff8ca5237be33eafdbbc3afbdb1afaebf2063fc62182
            • Instruction Fuzzy Hash: 1521F8B5900249DFDB10CF9AD484ADEFBF5FB48310F14841AE918A7350C374A944CF65
            Function 05CAA9C8 Relevance: 1.6, APIs: 1, Instructions: 55memoryCOMMON
            Download Yara Rule
            APIs
            • VirtualAllocEx.KERNEL32(?,?,?,?,?), ref: 05CAAA3E
            Memory Dump Source
            • Source File: 00000000.00000002.2178230247.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_5ca0000_SecuriteInfo.jbxd
            Similarity
            • API ID: AllocVirtual
            • String ID:
            • API String ID: 4275171209-0
            • Opcode ID: 6243b320bb9d217dd8e0490736388f41236428968ef0d7350598e11e86d6f96f
            • Instruction ID: ab61106726953ef2be193ed05f16ff53741cc46a615ea9b72f0aeecd363b6a7d
            • Opcode Fuzzy Hash: 6243b320bb9d217dd8e0490736388f41236428968ef0d7350598e11e86d6f96f
            • Instruction Fuzzy Hash: 2E116776800349DFDF10DFA9C945BDEBBF5AF88314F14881AE519A7250C7399941CFA0
            Function 05CAA9D0 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
            Download Yara Rule
            APIs
            • VirtualAllocEx.KERNEL32(?,?,?,?,?), ref: 05CAAA3E
            Memory Dump Source
            • Source File: 00000000.00000002.2178230247.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_5ca0000_SecuriteInfo.jbxd
            Similarity
            • API ID: AllocVirtual
            • String ID:
            • API String ID: 4275171209-0
            • Opcode ID: 656d1e5ab8331a8c7ba89e5ab834d78cacae1bff06eb69136797c7dd1afb7988
            • Instruction ID: 02d4b36e4c7067cc39f857bbddc8b6350c5c2ee57c50150316df41b7b3f4dbd7
            • Opcode Fuzzy Hash: 656d1e5ab8331a8c7ba89e5ab834d78cacae1bff06eb69136797c7dd1afb7988
            • Instruction Fuzzy Hash: 261123729003499FDB10DFAAC845BDEBBF5AF88324F248819E519A7250C779A944CFA4
            Function 05CAA410 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.2178230247.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_5ca0000_SecuriteInfo.jbxd
            Similarity
            • API ID: ResumeThread
            • String ID:
            • API String ID: 947044025-0
            • Opcode ID: b82e8edb588b58053aa52cdd8e8fcefc5fc2abd1edc31df0cb443101ef597e66
            • Instruction ID: 9ac896a2c8857a7bde36390baefdab9372de7bdea709e227a22b8ad92607d439
            • Opcode Fuzzy Hash: b82e8edb588b58053aa52cdd8e8fcefc5fc2abd1edc31df0cb443101ef597e66
            • Instruction Fuzzy Hash: BE1166B1C003498FDB10DFAAC8457AEFBF4EF88324F208819D519A7240CB39A900CFA4
            Function 030FAF58 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
            Download Yara Rule
            APIs
            • GetModuleHandleW.KERNEL32(00000000), ref: 030FAFBE
            Memory Dump Source
            • Source File: 00000000.00000002.2166233983.00000000030F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 030F0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_30f0000_SecuriteInfo.jbxd
            Similarity
            • API ID: HandleModule
            • String ID:
            • API String ID: 4139908857-0
            • Opcode ID: 2cac72395a9d91e82e6475dad9cbf5a45a1574297f72f65c62475acfe14cd0f9
            • Instruction ID: c112c2d1d07d0d394c111c3f6ba86f2d82b595d8e12f0ce78a71c693e632e0d4
            • Opcode Fuzzy Hash: 2cac72395a9d91e82e6475dad9cbf5a45a1574297f72f65c62475acfe14cd0f9
            • Instruction Fuzzy Hash: 94110FB6D006498FDB10CF9AC444ADEFBF4AF88324F14842AD518A7610C379A549CFA1
            Function 05CA9328 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
            Download Yara Rule
            APIs
            • PostMessageW.USER32(?,00000010,00000000,?), ref: 05CAD645
            Memory Dump Source
            • Source File: 00000000.00000002.2178230247.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_5ca0000_SecuriteInfo.jbxd
            Similarity
            • API ID: MessagePost
            • String ID:
            • API String ID: 410705778-0
            • Opcode ID: d997c3c1c7ce574821ffbf65fe4f5d9058f89f7eb0f8634372cf6ccf3a2aea7d
            • Instruction ID: 8a091ba18e39a863d66cf4068f1bd06b6ddd031448ca3b35fe6ceb11068c5f94
            • Opcode Fuzzy Hash: d997c3c1c7ce574821ffbf65fe4f5d9058f89f7eb0f8634372cf6ccf3a2aea7d
            • Instruction Fuzzy Hash: 0D1125B5800349DFDB10DF8AC444BDEBFF8EB48314F10885AE519A7600C375A944CFA5
            Function 05CAD5E0 Relevance: 1.5, APIs: 1, Instructions: 44windowCOMMON
            Download Yara Rule
            APIs
            • PostMessageW.USER32(?,00000010,00000000,?), ref: 05CAD645
            Memory Dump Source
            • Source File: 00000000.00000002.2178230247.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_5ca0000_SecuriteInfo.jbxd
            Similarity
            • API ID: MessagePost
            • String ID:
            • API String ID: 410705778-0
            • Opcode ID: acb562c185becc547e2dd43d8cdb6a9c7cfef09e7d3810ce6d4f517c198afc22
            • Instruction ID: b9e32f167768ec5ffdf7a28690678ff45eff26f72267fd5f34bd254da01e8be8
            • Opcode Fuzzy Hash: acb562c185becc547e2dd43d8cdb6a9c7cfef09e7d3810ce6d4f517c198afc22
            • Instruction Fuzzy Hash: FA1122B580028ADFDB10CF99C584BDEBFF4EB88320F10884AE558A3600C374A644CFA1
            Function 0149D3D8 Relevance: .1, Instructions: 75COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2164418086.000000000149D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0149D000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_149d000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 1e31a76d716d66fa23f6bac658ec52b0d49129a2852989019bf3248c5ca289be
            • Instruction ID: 22bfe863823b6a2b696dacdcb7ddc1a16014d4a5c67f2bd28f0ad66844049d65
            • Opcode Fuzzy Hash: 1e31a76d716d66fa23f6bac658ec52b0d49129a2852989019bf3248c5ca289be
            • Instruction Fuzzy Hash: 9521C471904204EFDF15DF54D9C0B66BF65FB84314F24C57AD9090B266C336E456CAA2
            Function 014BD01C Relevance: .1, Instructions: 72COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2164612713.00000000014BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 014BD000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_14bd000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 06471762f98f2bef5645ab2c6937c8fb3d122b8890ae52c05dfe8242a275b44c
            • Instruction ID: cda5ef1cfb349f0f0fbf7560e2576f422bc1b76a58436ca10baf5f10c4d4f4bf
            • Opcode Fuzzy Hash: 06471762f98f2bef5645ab2c6937c8fb3d122b8890ae52c05dfe8242a275b44c
            • Instruction Fuzzy Hash: 2F2103B1A04200EFDB15DF68D9C0B16BB61EB8431CF20C5AED90A0B366C33AD447CA71
            Function 014BD1D4 Relevance: .1, Instructions: 72COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2164612713.00000000014BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 014BD000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_14bd000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: ce0197043c5931cf458bf4252baa1eb4105aeda0f54809d234fd48581e2f63cd
            • Instruction ID: 8d3125db47e726a197ae0519fed512b8b79e268f392ac426e8be0bc0e89daf07
            • Opcode Fuzzy Hash: ce0197043c5931cf458bf4252baa1eb4105aeda0f54809d234fd48581e2f63cd
            • Instruction Fuzzy Hash: EE210771904244EFDB09DFA4D9C0B66BB65FB84328F20C5AED9094B362C336D846CB71
            Function 014BD006 Relevance: .1, Instructions: 62COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2164612713.00000000014BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 014BD000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_14bd000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: ee8124c5a02dee506946da9398bcd39f5ad4ae89733a9bdee18072a6c122a27e
            • Instruction ID: a7500fea454c911f95d55b1f275dba7a0b4db228b594d5e4b0f94417e4d206c4
            • Opcode Fuzzy Hash: ee8124c5a02dee506946da9398bcd39f5ad4ae89733a9bdee18072a6c122a27e
            • Instruction Fuzzy Hash: F6217F755093809FCB02CF24D5D0716BF71EB46218F28C5DAD8498B2A7C33A980ACB62
            Function 0149D3D3 Relevance: .1, Instructions: 56COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2164418086.000000000149D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0149D000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_149d000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 77fadd82fdc2d56cf39070efea1a70d2bd0433e89b8e3a9964b57efaebe0ac53
            • Instruction ID: f2a58867bebb94e21cffad710404b575135a77b27c1898da6b2adeb12c0eff7c
            • Opcode Fuzzy Hash: 77fadd82fdc2d56cf39070efea1a70d2bd0433e89b8e3a9964b57efaebe0ac53
            • Instruction Fuzzy Hash: 0E11CD72904240DFCF02CF44D9C0B56BF61FB84224F2482AAD8090B267C33AE45ACBA2
            Function 014BD1CF Relevance: .1, Instructions: 53COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2164612713.00000000014BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 014BD000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_14bd000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 42a98d763aa616cafc5cdf308aa0cc1e619621035a6359fb41dac703237424f2
            • Instruction ID: 44ca574fab1b4c91075f1e72dc3dee5775e8334d5e3d2dde31492c41351843cd
            • Opcode Fuzzy Hash: 42a98d763aa616cafc5cdf308aa0cc1e619621035a6359fb41dac703237424f2
            • Instruction Fuzzy Hash: 0411BB75904280DFCB06CF54C5C0B16FFA1FB84228F24C6AAD8494B3A6C33AD40ACB62

            Non-executed Functions

            Function 05CAA598 Relevance: .3, Instructions: 312COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2178230247.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_5ca0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 678c6d29bf3fb70c2c5c0496cb4cb0370a1fc47b58e4f3002c4d8e5587f7b009
            • Instruction ID: 91a4b7eb3d16af34d76738609834712dd5006e918d77e8d61803fd26249af682
            • Opcode Fuzzy Hash: 678c6d29bf3fb70c2c5c0496cb4cb0370a1fc47b58e4f3002c4d8e5587f7b009
            • Instruction Fuzzy Hash: 8FE1FAB5E002198FDB14DFA9C980AAEBBB2FF89305F24C559D458A7355D730AD42CFA0
            Function 05CA83E8 Relevance: .3, Instructions: 312COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2178230247.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_5ca0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 78bd65a5c99b7a98f56f7967238af5c3252efd8f2d9c08ca93f3f3892bff2dd9
            • Instruction ID: c0d03f4e7819996f63e58fe321486587059ea4f4b8d485b0ecea05c730d7f6ff
            • Opcode Fuzzy Hash: 78bd65a5c99b7a98f56f7967238af5c3252efd8f2d9c08ca93f3f3892bff2dd9
            • Instruction Fuzzy Hash: D2E11AB5E002198FDB14DFA9C580AAEFBB2FF89305F248569D819A7355C730AD41CFA0
            Function 05CA7FB0 Relevance: .3, Instructions: 312COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2178230247.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_5ca0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: ee0733830b327795e5082d6d6941b79c2638dfcbbedc2099d89ddc01d6a22242
            • Instruction ID: c085072481d07bb3c0b807ee402f8f3d424e885da95083593ab3b51ff9559368
            • Opcode Fuzzy Hash: ee0733830b327795e5082d6d6941b79c2638dfcbbedc2099d89ddc01d6a22242
            • Instruction Fuzzy Hash: 57E1FBB5E002198FDB14DFA9C580AAEFBB2FF89305F248659D819A7355D730AD42CF60
            Function 05CA9BE8 Relevance: .3, Instructions: 312COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2178230247.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_5ca0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 6787ed13ac044713115e79692ef3c17f43475da92701d2939c5844ad017372d9
            • Instruction ID: 550ba57c787551cebeae7e6a7caeb5859c218d0d5ede8957811528d4754afec0
            • Opcode Fuzzy Hash: 6787ed13ac044713115e79692ef3c17f43475da92701d2939c5844ad017372d9
            • Instruction Fuzzy Hash: 00E11AB5E042198FDB14DFA9C580AAEFBB2FF89305F248559D419A7356C730AD41CFA0
            Function 05CA7B78 Relevance: .3, Instructions: 312COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2178230247.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_5ca0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: c68090c9ee3b9563c84d63d849dc801cd3a9931a161c1dff3cbc74a2a66118bb
            • Instruction ID: b6766aaf4bb3965238672cf47aa5857c7c94274a9eb1592b741cec8359820f77
            • Opcode Fuzzy Hash: c68090c9ee3b9563c84d63d849dc801cd3a9931a161c1dff3cbc74a2a66118bb
            • Instruction Fuzzy Hash: C9E11AB5E001198FDB14DFA9C580AAEBBF2FF89305F248559D418A7355D734AD42CFA0
            Function 030FD57C Relevance: .3, Instructions: 264COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2166233983.00000000030F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 030F0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_30f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 157ebbb4c424ebcb38748538b1d0fefd54ded78be7093e6999dd133403a9a0a6
            • Instruction ID: fa9898d06eab0840b2012a00f3961e84e131366f325617d71f9588aa016a4537
            • Opcode Fuzzy Hash: 157ebbb4c424ebcb38748538b1d0fefd54ded78be7093e6999dd133403a9a0a6
            • Instruction Fuzzy Hash: 7CA16F36E013068FCF05DFB5C8845DEB7B2FF89300B1585AAEA05AB265DB71E956CB40
            Function 05CA14F0 Relevance: .2, Instructions: 169COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2178230247.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_5ca0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 36804537aba12837b1a6b334ee90e5140b3406574c8c73f32c571dd5ef560a9f
            • Instruction ID: 70c8f57091ab097b9d946ad82823f02d9a32a863a70f3bec6b08645791710699
            • Opcode Fuzzy Hash: 36804537aba12837b1a6b334ee90e5140b3406574c8c73f32c571dd5ef560a9f
            • Instruction Fuzzy Hash: 02717D75E006198FDB04DFAAC584A9EFBF2FF88311F18C56AD819AB215DB349942CF50
            Function 05CA1260 Relevance: .1, Instructions: 140COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2178230247.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_5ca0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 9b8db2edd1132f433e2c6fcabc42ae54d56cab60af6b59202c24532097cb47fc
            • Instruction ID: 7a61be68eb11b16812cface8fa43efbc990229520e7cc5f14d53263419c82d7a
            • Opcode Fuzzy Hash: 9b8db2edd1132f433e2c6fcabc42ae54d56cab60af6b59202c24532097cb47fc
            • Instruction Fuzzy Hash: 3C519075D016199FDB08CFEAC8446EEBBF2BF89300F14842AE819AB254DB345A46CF40
            Function 05CA14DF Relevance: .1, Instructions: 135COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2178230247.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_5ca0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: cb4028aa89c72cac3c6d0e047387119319230c81a100c5e87debe19a4a3c7157
            • Instruction ID: 0a9b59b0a3c5221529bd4c073ab1482516acf5c76bc09b5fc6b56926634bc102
            • Opcode Fuzzy Hash: cb4028aa89c72cac3c6d0e047387119319230c81a100c5e87debe19a4a3c7157
            • Instruction Fuzzy Hash: E15173B5E006598FDB08DFAAD94469EFFF2BF88300F18C16AD419AB315DB345946CB50
            Function 05CA9BD8 Relevance: .1, Instructions: 131COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2178230247.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_5ca0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: e7e0214f8984d4ee5ec77c3e83674f1cfee577703675aa138bc0eddbd97d588a
            • Instruction ID: d10d68e5bad70fbc7baa2fb3d9cbc82b61e30fd65e0a9d6df61308c0d21b19e7
            • Opcode Fuzzy Hash: e7e0214f8984d4ee5ec77c3e83674f1cfee577703675aa138bc0eddbd97d588a
            • Instruction Fuzzy Hash: BF515CB1E002198BDB14CFA9C9815AEFBF2FF89305F24C56AD418A7316D7349942CFA0
            Function 05CA7B72 Relevance: .1, Instructions: 129COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2178230247.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_5ca0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: c6d4f024d196e01ea1d70325952727a85ba4d34ecf9e9f18b662edb905808ca8
            • Instruction ID: 699de26f121e9aeacebd713f1c1f5bc35acd9b357699aa0fa6d8c6b172cbcc2f
            • Opcode Fuzzy Hash: c6d4f024d196e01ea1d70325952727a85ba4d34ecf9e9f18b662edb905808ca8
            • Instruction Fuzzy Hash: 1B5109B5E0021A8BDB14CFA9C9805AEFBF2FF89305F24C569D418A7355D7349A42CFA1
            Function 05CA1251 Relevance: .1, Instructions: 102COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.2178230247.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_5ca0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 2b0dbdbf3b9de28ff14a49a4ff4c79f00dbbbd061bfbb56c8e66fc48aa594b34
            • Instruction ID: 1a53c618048f3b9bd103faaa186f1beee2bff29ac042fae3f01f4b8478edc265
            • Opcode Fuzzy Hash: 2b0dbdbf3b9de28ff14a49a4ff4c79f00dbbbd061bfbb56c8e66fc48aa594b34
            • Instruction Fuzzy Hash: CF41B375E006199FDB08CFEAD88569EFBF6BF88300F14C12AD419AB254DB345A46CF40

            Execution Graph

            Execution Coverage:0.6%
            Dynamic/Decrypted Code Coverage:5.6%
            Signature Coverage:5.6%
            Total number of Nodes:72
            Total number of Limit Nodes:8
            execution_graph 94693 42f763 94694 42f773 94693->94694 94695 42f779 94693->94695 94698 42e683 94695->94698 94697 42f79f 94701 42c813 94698->94701 94700 42e69b 94700->94697 94702 42c830 94701->94702 94703 42c841 RtlAllocateHeap 94702->94703 94703->94700 94704 424c83 94709 424c9c 94704->94709 94705 424d29 94706 424ce4 94712 42e5a3 94706->94712 94709->94705 94709->94706 94710 424d24 94709->94710 94711 42e5a3 RtlFreeHeap 94710->94711 94711->94705 94715 42c863 94712->94715 94714 424cf4 94716 42c87d 94715->94716 94717 42c88e RtlFreeHeap 94716->94717 94717->94714 94753 42bad3 94754 42baed 94753->94754 94757 1b22df0 LdrInitializeThunk 94754->94757 94755 42bb15 94757->94755 94758 4248f3 94759 42490f 94758->94759 94760 424937 94759->94760 94761 42494b 94759->94761 94762 42c4e3 NtClose 94760->94762 94768 42c4e3 94761->94768 94764 424940 94762->94764 94765 424954 94771 42e6c3 RtlAllocateHeap 94765->94771 94767 42495f 94769 42c4fd 94768->94769 94770 42c50e NtClose 94769->94770 94770->94765 94771->94767 94772 41e3f3 94773 41e419 94772->94773 94777 41e510 94773->94777 94778 42f893 94773->94778 94775 41e4b1 94776 42bb23 LdrInitializeThunk 94775->94776 94775->94777 94776->94777 94779 42f803 94778->94779 94780 42e683 RtlAllocateHeap 94779->94780 94781 42f860 94779->94781 94782 42f83d 94780->94782 94781->94775 94783 42e5a3 RtlFreeHeap 94782->94783 94783->94781 94718 401c64 94719 401c7e 94718->94719 94722 42fc33 94719->94722 94725 42e153 94722->94725 94724 401ce9 94726 42e179 94725->94726 94731 4074f3 94726->94731 94728 42e18f 94730 42e1ae 94728->94730 94734 41b023 NtClose 94728->94734 94730->94724 94733 407500 94731->94733 94735 4163a3 94731->94735 94733->94728 94734->94730 94736 4163c0 94735->94736 94738 4163d6 94736->94738 94739 42cf53 94736->94739 94738->94733 94741 42cf6d 94739->94741 94740 42cf9c 94740->94738 94741->94740 94746 42bb23 94741->94746 94744 42e5a3 RtlFreeHeap 94745 42d015 94744->94745 94745->94738 94747 42bb3d 94746->94747 94750 1b22c0a 94747->94750 94748 42bb69 94748->94744 94751 1b22c11 94750->94751 94752 1b22c1f LdrInitializeThunk 94750->94752 94751->94748 94752->94748

            Executed Functions

            Function 0042C4E3 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 28 42c4e3-42c51c call 404873 call 42d733 NtClose
            APIs
            • NtClose.NTDLL(?,?,00000000,00000000,0000001F,?,FA0A1F00), ref: 0042C517
            Memory Dump Source
            • Source File: 00000008.00000002.2204974095.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_400000_SecuriteInfo.jbxd
            Yara matches
            Similarity
            • API ID: Close
            • String ID:
            • API String ID: 3535843008-0
            • Opcode ID: e9cdab559d7ec7bf5155d117a313f9e6409ac217aa759235a9e10d3125478c55
            • Instruction ID: 2e7f3fb3884b6e8e9fb0e7dcd219f262dbfc7f4d195fe0be80c2e43ff28bfd8d
            • Opcode Fuzzy Hash: e9cdab559d7ec7bf5155d117a313f9e6409ac217aa759235a9e10d3125478c55
            • Instruction Fuzzy Hash: 30E086366002147BD260FB9AEC01FDB77ACDFC5710F40842AFA4867141CA74B90187F4
            Function 01B22DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 37 1b22df0-1b22dfc LdrInitializeThunk
            APIs
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID: InitializeThunk
            • String ID:
            • API String ID: 2994545307-0
            • Opcode ID: 7757c0b8df5a340ec4b3cf89d92f74b4dc8c6128e7300e89c9483919e06cd762
            • Instruction ID: ee518ae32cfe74a9af3a36ffc9ec195fefa6e03df53a17d5c97e3d35f1e9e78e
            • Opcode Fuzzy Hash: 7757c0b8df5a340ec4b3cf89d92f74b4dc8c6128e7300e89c9483919e06cd762
            • Instruction Fuzzy Hash: 9290023220140413D11571584504707101997D0241F95C552B0428559DD7568A63B222
            Function 0042C863 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 29memoryCOMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 0 42c863-42c8a4 call 404873 call 42d733 RtlFreeHeap
            APIs
            • RtlFreeHeap.NTDLL(00000000,00000004,00000000,?,00000007,00000000,00000004,00000000,?,000000F4), ref: 0042C89F
            Strings
            Memory Dump Source
            • Source File: 00000008.00000002.2204974095.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_400000_SecuriteInfo.jbxd
            Yara matches
            Similarity
            • API ID: FreeHeap
            • String ID: 4dA
            • API String ID: 3298025750-3697888251
            • Opcode ID: d45dd4416ad7f3a90ec090a28f93a4118255ba9b713096ae3f43c4bfbed4663a
            • Instruction ID: 95c6e1cf8f50921438346b2c019ee274ecc2e822df50c29a14df8959a2e7ed7d
            • Opcode Fuzzy Hash: d45dd4416ad7f3a90ec090a28f93a4118255ba9b713096ae3f43c4bfbed4663a
            • Instruction Fuzzy Hash: C6E06D76604204BBD610EE99DC41FDB73ACEFC4710F00441AF908A7241DA74B911C7F8
            Function 0042C813 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 23 42c813-42c857 call 404873 call 42d733 RtlAllocateHeap
            APIs
            • RtlAllocateHeap.NTDLL(?,0041E4B1,?,?,00000000,?,0041E4B1,?,?,?), ref: 0042C852
            Memory Dump Source
            • Source File: 00000008.00000002.2204974095.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_400000_SecuriteInfo.jbxd
            Yara matches
            Similarity
            • API ID: AllocateHeap
            • String ID:
            • API String ID: 1279760036-0
            • Opcode ID: c0c97e144f40e868a9476a0e994ce902a3f535a152f54a84e659e6420cbf2a46
            • Instruction ID: 83fbc1a649b13180b5dbe8e154e75011721def11b2ca418cc7d3df61b031a839
            • Opcode Fuzzy Hash: c0c97e144f40e868a9476a0e994ce902a3f535a152f54a84e659e6420cbf2a46
            • Instruction Fuzzy Hash: 80E06D76204254BBD610EE99DC41EDF77ACEFC5710F00441AF908A7241C770B91187B8
            Function 01B22C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 33 1b22c0a-1b22c0f 34 1b22c11-1b22c18 33->34 35 1b22c1f-1b22c26 LdrInitializeThunk 33->35
            APIs
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID: InitializeThunk
            • String ID:
            • API String ID: 2994545307-0
            • Opcode ID: 7395257a69dba4066eabadaeba2ad33801a4479321b1ef426fed29786f6748e7
            • Instruction ID: 8b038c21ee79a47ade4de09a6fb777216aad15b36f71fbed5419097ce22d9fab
            • Opcode Fuzzy Hash: 7395257a69dba4066eabadaeba2ad33801a4479321b1ef426fed29786f6748e7
            • Instruction Fuzzy Hash: 15B09B729015D5C5DA15E76446087177910B7D0701F15C1E1E2074742F4738C1D5F276

            Non-executed Functions

            Function 01B62349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
            • API String ID: 0-2160512332
            • Opcode ID: 472333843d5236ab82e94401f78772c67fdf55afc7fe49e7322753eb5fcb5bf4
            • Instruction ID: 9cafbcbc794999a8bd84681df1c0e2d059cb687ff428212bd5625375c63a8128
            • Opcode Fuzzy Hash: 472333843d5236ab82e94401f78772c67fdf55afc7fe49e7322753eb5fcb5bf4
            • Instruction Fuzzy Hash: BA92AF71604342ABEB29DF18C840B6BB7E8FFA4750F0449ADFA98D7251D778E844CB52
            Function 01B18620 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
            Download Yara Rule
            Strings
            • Critical section debug info address, xrefs: 01B5541F, 01B5552E
            • 8, xrefs: 01B552E3
            • corrupted critical section, xrefs: 01B554C2
            • Thread is in a state in which it cannot own a critical section, xrefs: 01B55543
            • Address of the debug info found in the active list., xrefs: 01B554AE, 01B554FA
            • Thread identifier, xrefs: 01B5553A
            • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 01B554CE
            • Critical section address, xrefs: 01B55425, 01B554BC, 01B55534
            • Invalid debug info address of this critical section, xrefs: 01B554B6
            • Critical section address., xrefs: 01B55502
            • undeleted critical section in freed memory, xrefs: 01B5542B
            • double initialized or corrupted critical section, xrefs: 01B55508
            • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 01B554E2
            • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 01B5540A, 01B55496, 01B55519
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
            • API String ID: 0-2368682639
            • Opcode ID: 7d6ad773a216c9d1568e63572cd69c17da7e8fa0c57827b77a2971b90a27b25d
            • Instruction ID: 326a8065448ccbafb5b39e3c5bbb7454d905e08537582681b747ac425429a05e
            • Opcode Fuzzy Hash: 7d6ad773a216c9d1568e63572cd69c17da7e8fa0c57827b77a2971b90a27b25d
            • Instruction Fuzzy Hash: B481ADB0A00358BFDB64CF99C941BAEBBB5FB08B14F20419DF909B7241D379A941CB50
            Function 01B129F9 Relevance: 14.2, Strings: 11, Instructions: 411COMMON
            Download Yara Rule
            Strings
            • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 01B52412
            • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 01B52602
            • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 01B525EB
            • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 01B522E4
            • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 01B52498
            • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 01B52624
            • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 01B524C0
            • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 01B52506
            • RtlpResolveAssemblyStorageMapEntry, xrefs: 01B5261F
            • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 01B52409
            • @, xrefs: 01B5259B
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
            • API String ID: 0-4009184096
            • Opcode ID: 311c306f142f94d1cf71b94cfb5760158e0191ab3ac84060d2915c2f8da37f1c
            • Instruction ID: 08cd3a88692c9aeaa40f924aee30aa5a47a2aba7c750eaf4548803963294bb40
            • Opcode Fuzzy Hash: 311c306f142f94d1cf71b94cfb5760158e0191ab3ac84060d2915c2f8da37f1c
            • Instruction Fuzzy Hash: BC027FB1D012299FDF65DB54CC80BAAB7B8AF54704F4141DAEB09A7241EB309F84CF69
            Function 01B88B42 Relevance: 12.6, Strings: 10, Instructions: 146COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
            • API String ID: 0-2515994595
            • Opcode ID: 1dad19b1841d2640c9059ebd5f737a4f7682e7b5108ad68583cc10859a112e4c
            • Instruction ID: 2b952a5a57df087654d55616dda9c084660ecf1b514e8fbf1657396b0fb67a70
            • Opcode Fuzzy Hash: 1dad19b1841d2640c9059ebd5f737a4f7682e7b5108ad68583cc10859a112e4c
            • Instruction Fuzzy Hash: 7F51DE711043519BC72AEF588884BABBBECFF94B40F940A5DE958C3285E770D648CB92
            Function 01B90274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
            • API String ID: 0-1700792311
            • Opcode ID: 8fb1bf0865f449eb07f51938c68d7efb5bed4c7a472088582fba71de3152f98a
            • Instruction ID: c64efab2b752fff5372b9a0adf9c7011acd6f118cf4945d449eea9889c6f62d8
            • Opcode Fuzzy Hash: 8fb1bf0865f449eb07f51938c68d7efb5bed4c7a472088582fba71de3152f98a
            • Instruction Fuzzy Hash: C1D11231500682EFDF2AEF68C450AAEBBF5FF5A710F0980A9F5469B612D734D942CB50
            Function 01B689B3 Relevance: 9.0, Strings: 7, Instructions: 259COMMON
            Download Yara Rule
            Strings
            • VerifierDebug, xrefs: 01B68CA5
            • AVRF: -*- final list of providers -*- , xrefs: 01B68B8F
            • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 01B68A3D
            • VerifierDlls, xrefs: 01B68CBD
            • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 01B68A67
            • HandleTraces, xrefs: 01B68C8F
            • VerifierFlags, xrefs: 01B68C50
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
            • API String ID: 0-3223716464
            • Opcode ID: 79706b30cf5b7d0924fdb330b6f8691e4e96f25fdaa56c0d0f032c31ca83b879
            • Instruction ID: 8ce37221a5cb80f7192a4e4122aa02bf71314e76bbdcab619341e5b6994528d9
            • Opcode Fuzzy Hash: 79706b30cf5b7d0924fdb330b6f8691e4e96f25fdaa56c0d0f032c31ca83b879
            • Instruction Fuzzy Hash: D8914672601706AFDB3DDF6C9890B1A7BACEB74714F04059CFA41AB240D7389C04CBA5
            Function 01AEEA80 Relevance: 8.6, Strings: 6, Instructions: 1073COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T${
            • API String ID: 0-1109411897
            • Opcode ID: d08568ee6849a6a9ff0f665a332967d24061d6ac457dd19d7ac4721c52cd783b
            • Instruction ID: 10362f03b863400df0cbb3bb7bb432f0133a9cbebaf6235ee787f5ad4e122819
            • Opcode Fuzzy Hash: d08568ee6849a6a9ff0f665a332967d24061d6ac457dd19d7ac4721c52cd783b
            • Instruction Fuzzy Hash: 88A24974A0562A8FDF68DF18CD987A9BBB5EF45304F1482E9D90DA7290DB309E95CF00
            Function 01B163FF Relevance: 7.8, Strings: 6, Instructions: 261COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
            • API String ID: 0-792281065
            • Opcode ID: 51399432d1341513f95b198486508f03198a59142805ba65068e5e72af37d0f4
            • Instruction ID: f3c1b055cc4a98d9e2f4c9784f9e5d0a17d7b8224effe20b5d028df4ae314738
            • Opcode Fuzzy Hash: 51399432d1341513f95b198486508f03198a59142805ba65068e5e72af37d0f4
            • Instruction Fuzzy Hash: 32915571A413259BEB3DDF18D894BAA7BB1FB10B24F0501EDE9046B289F7B49841C791
            Function 01AD645D Relevance: 7.6, Strings: 6, Instructions: 150COMMON
            Download Yara Rule
            Strings
            • Getting the shim user exports failed with status 0x%08lx, xrefs: 01B39A01
            • Loading the shim user DLL failed with status 0x%08lx, xrefs: 01B39A2A
            • Building shim user DLL system32 filename failed with status 0x%08lx, xrefs: 01B399ED
            • LdrpInitShimEngine, xrefs: 01B399F4, 01B39A07, 01B39A30
            • minkernel\ntdll\ldrinit.c, xrefs: 01B39A11, 01B39A3A
            • apphelp.dll, xrefs: 01AD6496
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: Building shim user DLL system32 filename failed with status 0x%08lx$Getting the shim user exports failed with status 0x%08lx$LdrpInitShimuser$Loading the shim user DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
            • API String ID: 0-204845295
            • Opcode ID: 1fe828fb931c4c3147353c8f0b9b2e7d634f6dd8fe883ebb336e67de405cfc43
            • Instruction ID: dcc4a90b385d57529bc97af4e82a1f6022387a61e7401ebcad7af963e302e436
            • Opcode Fuzzy Hash: 1fe828fb931c4c3147353c8f0b9b2e7d634f6dd8fe883ebb336e67de405cfc43
            • Instruction Fuzzy Hash: 4351E471208705AFE728DF24C891FAB77E8FB84744F440A1EF58A97161E770E945CB92
            Function 01B1C6A6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
            Download Yara Rule
            Strings
            • Unable to build import redirection Table, Status = 0x%x, xrefs: 01B581E5
            • LdrpInitializeProcess, xrefs: 01B1C6C4
            • minkernel\ntdll\ldrredirect.c, xrefs: 01B58181, 01B581F5
            • Loading import redirection DLL: '%wZ', xrefs: 01B58170
            • LdrpInitializeImportRedirection, xrefs: 01B58177, 01B581EB
            • minkernel\ntdll\ldrinit.c, xrefs: 01B1C6C3
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
            • API String ID: 0-475462383
            • Opcode ID: 89011f5bb95ea7b29c05a5f65212d517fcd327907ea907cdf7cf6d009422575a
            • Instruction ID: 13ca2fac63475d8f303b076dbfb48f483b96f419084c356e22168e1ce0543d63
            • Opcode Fuzzy Hash: 89011f5bb95ea7b29c05a5f65212d517fcd327907ea907cdf7cf6d009422575a
            • Instruction Fuzzy Hash: 87310471644746AFC72CEF29D945E2A7BE4FF94B10F05099CF984AB291E720EC04C7A2
            Function 01B12674 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
            Download Yara Rule
            Strings
            • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 01B52178
            • RtlGetAssemblyStorageRoot, xrefs: 01B52160, 01B5219A, 01B521BA
            • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 01B521BF
            • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 01B5219F
            • SXS: %s() passed the empty activation context, xrefs: 01B52165
            • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 01B52180
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
            • API String ID: 0-861424205
            • Opcode ID: 948d7ade9d0ad54885fe1b3a4c43b65d57002975bed2a285454e885b9219ba04
            • Instruction ID: 8b1a6f8b9c70b85a3909d8f16f2d0e4d15c9ec17ce2e002839950e00bc22eccf
            • Opcode Fuzzy Hash: 948d7ade9d0ad54885fe1b3a4c43b65d57002975bed2a285454e885b9219ba04
            • Instruction Fuzzy Hash: DF31083AF41215B7EB298BDBDC41F6B7A68EB64E50F1600DDBB0467144D3709E00CBA0
            Function 01B2096E Relevance: 6.6, APIs: 4, Instructions: 606COMMON
            Download Yara Rule
            APIs
              • Part of subcall function 01B22DF0: LdrInitializeThunk.NTDLL ref: 01B22DFA
            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01B20BA3
            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01B20BB6
            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01B20D60
            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01B20D74
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
            • String ID:
            • API String ID: 1404860816-0
            • Opcode ID: a06cab8440887afbada208989820324b37503ffbc4fbe4425eff59dfa1732bc6
            • Instruction ID: eadc3eb3541ef267bb680d0c729b6e87c5ab72b0243a73f4547f7ae56e908d11
            • Opcode Fuzzy Hash: a06cab8440887afbada208989820324b37503ffbc4fbe4425eff59dfa1732bc6
            • Instruction Fuzzy Hash: 33424771900715DFDB65DF28C880BAAB7F5FF08314F1445E9E989AB241E770AA89CF60
            Function 01AEA3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
            • API String ID: 0-379654539
            • Opcode ID: 6e8dfc8d21dd3ca000252532c483eaefa259d2297c4490b4db1772a9eb8fd846
            • Instruction ID: 62a79951e9ef95c817d3a800b5b566fbe6822fa9c73da0d629bc9cf0876482d3
            • Opcode Fuzzy Hash: 6e8dfc8d21dd3ca000252532c483eaefa259d2297c4490b4db1772a9eb8fd846
            • Instruction Fuzzy Hash: 54C17A75108382CFD715DF68C148B6ABBF4FF84704F0489AAF9968B252E734C949CB66
            Function 01B18402 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
            Download Yara Rule
            Strings
            • LdrpInitializeProcess, xrefs: 01B18422
            • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 01B1855E
            • minkernel\ntdll\ldrinit.c, xrefs: 01B18421
            • @, xrefs: 01B18591
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
            • API String ID: 0-1918872054
            • Opcode ID: 77dc0f52122f40f77329e380ec678ed0f9cf5e717e0c4ccb93771a1a3cbaa68f
            • Instruction ID: b2dd246d522d42085ba878ec0b0914460ef24a31c770a5562d123a14bf8a656c
            • Opcode Fuzzy Hash: 77dc0f52122f40f77329e380ec678ed0f9cf5e717e0c4ccb93771a1a3cbaa68f
            • Instruction Fuzzy Hash: 3D919D71548345AFDB25DF65CC80FABBAECFB88644F8009AEFA84D2155E734D9048B62
            Function 01B1273C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
            Download Yara Rule
            Strings
            • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 01B521D9, 01B522B1
            • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 01B522B6
            • .Local, xrefs: 01B128D8
            • SXS: %s() passed the empty activation context, xrefs: 01B521DE
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
            • API String ID: 0-1239276146
            • Opcode ID: 10dde9ec4070c994a7aa0ef7c0039728c42ef02bcb13fd730c50ec8810cedd94
            • Instruction ID: e70c2704bccbeaa034612ab3aac83a6d36fb5febe3b8a9b3c76804278ce814e9
            • Opcode Fuzzy Hash: 10dde9ec4070c994a7aa0ef7c0039728c42ef02bcb13fd730c50ec8810cedd94
            • Instruction Fuzzy Hash: 51A1C135901229DFDB28CF68D884BA9B7B1FF58394F2641F9D908A7255D7309E80CF90
            Function 01B14AD0 Relevance: 5.2, Strings: 4, Instructions: 228COMMON
            Download Yara Rule
            Strings
            • SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix, xrefs: 01B53456
            • SXS: %s() called with invalid cookie type 0x%08Ix, xrefs: 01B53437
            • RtlDeactivateActivationContext, xrefs: 01B53425, 01B53432, 01B53451
            • SXS: %s() called with invalid flags 0x%08lx, xrefs: 01B5342A
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: RtlDeactivateActivationContext$SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix$SXS: %s() called with invalid cookie type 0x%08Ix$SXS: %s() called with invalid flags 0x%08lx
            • API String ID: 0-1245972979
            • Opcode ID: 64010ad5f74c37bd3cca2e50237b93121e6a004bb74c48f09d589d010822897d
            • Instruction ID: 4eafc608c01f22f9f3b181bad7755eb8f34832f7c517ba5ea34e73d959743186
            • Opcode Fuzzy Hash: 64010ad5f74c37bd3cca2e50237b93121e6a004bb74c48f09d589d010822897d
            • Instruction Fuzzy Hash: BF6135326007129BDB2ACF1DC891B2ABBE5FF90B50F5686ADF9559B350C770E801CB91
            Function 01AE64AB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
            Download Yara Rule
            Strings
            • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 01B40FE5
            • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 01B41028
            • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 01B410AE
            • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 01B4106B
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
            • API String ID: 0-1468400865
            • Opcode ID: 209db622d01e7c58a94cb577ea3b2d08706cd8e73cc5a5f5855c9f1a41d5fccb
            • Instruction ID: fddb46d4bb2baa69174455a7a5851caf226a76741f65753da02755c389973c44
            • Opcode Fuzzy Hash: 209db622d01e7c58a94cb577ea3b2d08706cd8e73cc5a5f5855c9f1a41d5fccb
            • Instruction Fuzzy Hash: C271B271A043159FCB21EF28C884B977FE8EF64754F4448A8F9498B146D734D588CBE2
            Function 01B0245A Relevance: 5.1, Strings: 4, Instructions: 111COMMON
            Download Yara Rule
            Strings
            • LdrpDynamicShimModule, xrefs: 01B4A998
            • minkernel\ntdll\ldrinit.c, xrefs: 01B4A9A2
            • apphelp.dll, xrefs: 01B02462
            • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 01B4A992
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
            • API String ID: 0-176724104
            • Opcode ID: 337137439ca4b50959ba7f3e7bf35c67b7eff17780e2252029b1c10abb2520c1
            • Instruction ID: f58cbe2cb51f29d2be3c340422c505f92d0005da4c49506afca20994e9d40e9a
            • Opcode Fuzzy Hash: 337137439ca4b50959ba7f3e7bf35c67b7eff17780e2252029b1c10abb2520c1
            • Instruction Fuzzy Hash: DF317975681202EBDB3D9F6DC895E6EBBF4FB84B00F16409AF90267255E7705841DB80
            Function 01AF29A0 Relevance: 4.7, Strings: 3, Instructions: 966COMMON
            Download Yara Rule
            Strings
            • HEAP[%wZ]: , xrefs: 01AF3255
            • Unable to release memory at %p for %Ix bytes - Status == %x, xrefs: 01AF327D
            • HEAP: , xrefs: 01AF3264
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
            • API String ID: 0-617086771
            • Opcode ID: 35fe185cb85c8ac11b8aa419f51ca080de50dba6b6926b405773bdad66ad13d9
            • Instruction ID: 1e6ddacb09713aef9220b19968bcb245e1e95aa9b533c608a0b994efc743d375
            • Opcode Fuzzy Hash: 35fe185cb85c8ac11b8aa419f51ca080de50dba6b6926b405773bdad66ad13d9
            • Instruction Fuzzy Hash: A0928B71A042499FDF29CFA8C4447AEBBF1FF48310F18809EEA59AB391D735A945CB50
            Function 01AF0770 Relevance: 4.2, Strings: 3, Instructions: 414COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
            • API String ID: 0-4253913091
            • Opcode ID: dd3fb5797fe946096002f3cdb51822860fb1c8cca99882dee08a835e19104069
            • Instruction ID: dfb2eda05dba94d7d2929bed84a3b10f646de4d8bb446ff737312bbe86a3fd60
            • Opcode Fuzzy Hash: dd3fb5797fe946096002f3cdb51822860fb1c8cca99882dee08a835e19104069
            • Instruction Fuzzy Hash: E6F19E70600A06DFEB29CFA9C994B6AB7B6FF44304F1481ADF6169B352D734E941CB90
            Function 01B06962 Relevance: 4.0, Strings: 2, Instructions: 1492COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: $@
            • API String ID: 0-1077428164
            • Opcode ID: 3f5130222ee95eca756c6cff17f755a04af470fc8cb313e1f2bd16a866cfab37
            • Instruction ID: 420cf3a1508af66faac8d0ab10c3a416f78641b97af601f9e0a7f6c24406678f
            • Opcode Fuzzy Hash: 3f5130222ee95eca756c6cff17f755a04af470fc8cb313e1f2bd16a866cfab37
            • Instruction Fuzzy Hash: 76C260716093419FDB2ACF28C841BABBFE5EF88754F04895DE9C987291DB34E805CB52
            Function 01ADA197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: FilterFullPath$UseFilter$\??\
            • API String ID: 0-2779062949
            • Opcode ID: 4cb2f962e2229002e80e4cea675e0e6af073cc496043ced09fb16a478a9409e0
            • Instruction ID: cc9763116913797845007c0f6ca58bce162498a84a5eee769ebdea0198e269aa
            • Opcode Fuzzy Hash: 4cb2f962e2229002e80e4cea675e0e6af073cc496043ced09fb16a478a9409e0
            • Instruction Fuzzy Hash: 7DA14B759016299BDF359F68CC88BAABBB8FF48710F1001EAE909E7250D7359E85CF50
            Function 01B00BCB Relevance: 4.0, Strings: 3, Instructions: 210COMMON
            Download Yara Rule
            Strings
            • Failed to allocated memory for shimmed module list, xrefs: 01B4A10F
            • minkernel\ntdll\ldrinit.c, xrefs: 01B4A121
            • LdrpCheckModule, xrefs: 01B4A117
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
            • API String ID: 0-161242083
            • Opcode ID: 38bbfb91b6e17e838d578213681c6a023df3b65c51088e3a6b596095891d226f
            • Instruction ID: ea5d9131b7298ec822847649b9dd229921c49cc9d8dd8d32f5e3edba3e0834e7
            • Opcode Fuzzy Hash: 38bbfb91b6e17e838d578213681c6a023df3b65c51088e3a6b596095891d226f
            • Instruction Fuzzy Hash: 1F71C270A412069FDF2EEF68C991BAEBBF4FB48744F1480ADE906D7251E734A941CB50
            Function 01B1C720 Relevance: 3.9, Strings: 3, Instructions: 141COMMON
            Download Yara Rule
            Strings
            • LdrpInitializePerUserWindowsDirectory, xrefs: 01B582DE
            • Failed to reallocate the system dirs string !, xrefs: 01B582D7
            • minkernel\ntdll\ldrinit.c, xrefs: 01B582E8
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
            • API String ID: 0-1783798831
            • Opcode ID: d774ae0d64a2c229c2aaa4a8c2d716b24da38d469aa53dd03b0464ef6028c3a3
            • Instruction ID: 7783eb11feca115938cb12f5b2a214cff31281127e0984b07538bed69d581d8a
            • Opcode Fuzzy Hash: d774ae0d64a2c229c2aaa4a8c2d716b24da38d469aa53dd03b0464ef6028c3a3
            • Instruction Fuzzy Hash: 0F4122B1645301ABCB2DEB68D944B9B7BE8FF48750F01496EF948D3294E7B0D800CB91
            Function 01B9C188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
            Download Yara Rule
            Strings
            • PreferredUILanguages, xrefs: 01B9C212
            • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 01B9C1C5
            • @, xrefs: 01B9C1F1
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
            • API String ID: 0-2968386058
            • Opcode ID: 37c75391346aa1ee3169ff13f536b4adf3e1e3092d4ed4c5782f35489968e658
            • Instruction ID: 880ea03af616e4f63e0a511d85b92902989844b80018246d0f8d88d760306397
            • Opcode Fuzzy Hash: 37c75391346aa1ee3169ff13f536b4adf3e1e3092d4ed4c5782f35489968e658
            • Instruction Fuzzy Hash: 86416271E00219ABDF19DFD8C851BEEBBB8EB15700F1441FAE609E7280D7749A458B50
            Function 01B74144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
            • API String ID: 0-1373925480
            • Opcode ID: 96a2dbf6585a0fcaecd2bde1ff1a0fc64f05733efda94d0d686a91b88dcc2b1a
            • Instruction ID: 59618ee09ef57b56b0902b0be85545f5f29f9dba0dfa83845a35defddb8713ee
            • Opcode Fuzzy Hash: 96a2dbf6585a0fcaecd2bde1ff1a0fc64f05733efda94d0d686a91b88dcc2b1a
            • Instruction Fuzzy Hash: 99412531A042598FEB2AEBE9D940BADBBB8FF55340F140499D921EB791DB348905CB10
            Function 01B64755 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
            Download Yara Rule
            Strings
            • minkernel\ntdll\ldrredirect.c, xrefs: 01B64899
            • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 01B64888
            • LdrpCheckRedirection, xrefs: 01B6488F
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
            • API String ID: 0-3154609507
            • Opcode ID: 13ec6124a2a61e06fa26639dd2a8940fbdfc4cd3adc92ec5bf14f3f65ec491a6
            • Instruction ID: 11a38f07a1d34b67dcc5b18776c58977839a165bdeef4674b23e4e55dc025b96
            • Opcode Fuzzy Hash: 13ec6124a2a61e06fa26639dd2a8940fbdfc4cd3adc92ec5bf14f3f65ec491a6
            • Instruction Fuzzy Hash: 3441C332A05A519FCB29CE68D940A667BECFFA9650B0506D9ED44D7251E738D800CB91
            Function 01AF0BBE Relevance: 3.8, Strings: 3, Instructions: 70COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
            • API String ID: 0-2558761708
            • Opcode ID: 9bcc3a56595644213bb4716442130658f396ffe27793b1d2f92902cf0dd58193
            • Instruction ID: 4d869154fa48fe6fbfab8e21c5fdae14eb8cd550a78cdba6a7625958a4bca16f
            • Opcode Fuzzy Hash: 9bcc3a56595644213bb4716442130658f396ffe27793b1d2f92902cf0dd58193
            • Instruction Fuzzy Hash: 2A11DF313169469FDB2DDB28C590B7AB3A6EF41A16F18819EF506CF256DB30E840C750
            Function 01B620DE Relevance: 3.8, Strings: 3, Instructions: 41COMMON
            Download Yara Rule
            Strings
            • LdrpInitializationFailure, xrefs: 01B620FA
            • minkernel\ntdll\ldrinit.c, xrefs: 01B62104
            • Process initialization failed with status 0x%08lx, xrefs: 01B620F3
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
            • API String ID: 0-2986994758
            • Opcode ID: a9e491862091c712a0aad5463855b6ecd2e73a3ab9c25241b47299ebc07f7fd3
            • Instruction ID: 7ab66ee7aa4f675000d6bee606520eec5bfb7d9bce4ddca17de014fcc8bb578a
            • Opcode Fuzzy Hash: a9e491862091c712a0aad5463855b6ecd2e73a3ab9c25241b47299ebc07f7fd3
            • Instruction Fuzzy Hash: B0F0C875641308BBEB2CE74DCC56F9637ACFB50B54F550099FA0477682E3B4A900CB51
            Function 01AF03E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON
            Download Yara Rule
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID: ___swprintf_l
            • String ID: #%u
            • API String ID: 48624451-232158463
            • Opcode ID: 6c7ffbc7a6d9e9d179856029291f08812f78c76fb4cc11c5db2252b43dcdd41c
            • Instruction ID: 123be861135439a62a51b5692cefd334e9c2012ec01152dec09c46146b3d6396
            • Opcode Fuzzy Hash: 6c7ffbc7a6d9e9d179856029291f08812f78c76fb4cc11c5db2252b43dcdd41c
            • Instruction Fuzzy Hash: E4712C71A0014A9FDB15DF99C990BAEB7F8FF18704F144069EA05E7252EB34ED15CB60
            Function 01AEA9D0 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
            Download Yara Rule
            Strings
            • LdrResSearchResource Exit, xrefs: 01AEAA25
            • LdrResSearchResource Enter, xrefs: 01AEAA13
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
            • API String ID: 0-4066393604
            • Opcode ID: b4f413cf4252a0ac8ec20e31273cb50f62b9e3b20df3f289a340987dd95d4290
            • Instruction ID: 0179f2e7b31328fce5459281cb09b13ca268574eb569c00b3d3dbbe7c9486ecf
            • Opcode Fuzzy Hash: b4f413cf4252a0ac8ec20e31273cb50f62b9e3b20df3f289a340987dd95d4290
            • Instruction Fuzzy Hash: C8E1BF71E00219ABEF26DF99D988BAEBBF9FF58300F1485A6F901E7251D7349840DB10
            Function 01BAA352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: `$`
            • API String ID: 0-197956300
            • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
            • Instruction ID: c44ceb7ff8bbab230ca3bef68dde03858acb19a1a5cd7c515fc030ad0f6ea55f
            • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
            • Instruction Fuzzy Hash: F4C1B0312083429BEB29CF28C841B6BBBE5EFC4318F484A6DF696CB290D775D505CB61
            Function 01B5E6F2 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID: InitializeThunk
            • String ID: Legacy$UEFI
            • API String ID: 2994545307-634100481
            • Opcode ID: f4cb834946c53bedd9141756ce9cd897031dcc893de3ab037ce7ade890f3e6a9
            • Instruction ID: 09cdd16a642def9b02560e2a52458856f3f9a477a3fbbbdbdf01984be1f6c13b
            • Opcode Fuzzy Hash: f4cb834946c53bedd9141756ce9cd897031dcc893de3ab037ce7ade890f3e6a9
            • Instruction Fuzzy Hash: 17615D71E006199FEB59DFA8C940BAEFBB5FB48700F1441ADEA49EB251D731EA40CB50
            Function 01B843D4 Relevance: 2.7, Strings: 2, Instructions: 169COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: @$MUI
            • API String ID: 0-17815947
            • Opcode ID: b819e9e205d038655d498335c1c25de72a5768ede3991b50caf07e093347a04e
            • Instruction ID: 767d1d87fdaf9a67249944ddada6ea699a0408e8dcf6a02c4392e4b154c0c82c
            • Opcode Fuzzy Hash: b819e9e205d038655d498335c1c25de72a5768ede3991b50caf07e093347a04e
            • Instruction Fuzzy Hash: 60513871D0021EAFDF15EFA9CD80BEEBBB8EB18B54F100569E615B7290D7309905CB60
            Function 01AE04E5 Relevance: 2.7, Strings: 2, Instructions: 153COMMON
            Download Yara Rule
            Strings
            • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 01AE063D
            • kLsE, xrefs: 01AE0540
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
            • API String ID: 0-2547482624
            • Opcode ID: 2ffac28b1a9ab203d6670ba2f294bdab894f7862a2af70282459c5629749e1a4
            • Instruction ID: f00d4596ed00262fe37cabcad56efd2244b862aa09343614f2579ff97f47b70a
            • Opcode Fuzzy Hash: 2ffac28b1a9ab203d6670ba2f294bdab894f7862a2af70282459c5629749e1a4
            • Instruction Fuzzy Hash: 7351AE716047429BD724EF78C6487A7BBE4AF84304F14883EF6D987241E7B49545CFA2
            Function 01AEA2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
            Download Yara Rule
            Strings
            • RtlpResUltimateFallbackInfo Exit, xrefs: 01AEA309
            • RtlpResUltimateFallbackInfo Enter, xrefs: 01AEA2FB
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
            • API String ID: 0-2876891731
            • Opcode ID: 0b4a2ab4374f79158d702c35ba0fce6c344673cd43ddf63763e174c8f4de7339
            • Instruction ID: d0be499bd8353674125c9d80f2a04b1e5ae4e747d83868163296ada741b87705
            • Opcode Fuzzy Hash: 0b4a2ab4374f79158d702c35ba0fce6c344673cd43ddf63763e174c8f4de7339
            • Instruction Fuzzy Hash: 7441CF34A04646DBDB15CF59D848B6EBBF4FF84700F1880E9E914DB291E3B5D940DB50
            Function 01B607C3 Relevance: 2.6, Strings: 2, Instructions: 114COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: S6_Q$S6_Q(
            • API String ID: 0-572331816
            • Opcode ID: 4f3dd86a23aed372488f5a2b55ff584fa1d49541a1b8c485a9c6bc75f4020384
            • Instruction ID: f4bfc50e327bb7d8e9d3c42dcda07ee020444a25b5fb3d57c839eedec493f73a
            • Opcode Fuzzy Hash: 4f3dd86a23aed372488f5a2b55ff584fa1d49541a1b8c485a9c6bc75f4020384
            • Instruction Fuzzy Hash: 66418E71508305AFD724EF29C844B9BBBE8FF98764F004A6EF598C7251E7749904CB92
            Function 01B1A5D0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID: InitializeThunk
            • String ID: Cleanup Group$Threadpool!
            • API String ID: 2994545307-4008356553
            • Opcode ID: 4c2ccbc02279a89b67b2951866c757d444bf4d23f9a0836b20a51c60c68a3354
            • Instruction ID: 5403cfb6ce1345cc9d4cc92c5a6a1d7a65360678d9490434c274074f891dd9a8
            • Opcode Fuzzy Hash: 4c2ccbc02279a89b67b2951866c757d444bf4d23f9a0836b20a51c60c68a3354
            • Instruction Fuzzy Hash: CE012CB2206780AFE321CF24CD45B2677E8E780B25F0289B9F208C7180E330E804CB46
            Function 01AEC7C0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: MUI
            • API String ID: 0-1339004836
            • Opcode ID: 73a3b60785efee3a31c223b6c72f9230b5e8b18392e449720f0e63e04e6de90d
            • Instruction ID: 056f4f27b2a2bc0f3861219cb59b9599ec0c2fd1f9fbb09e99d443bc16140ee9
            • Opcode Fuzzy Hash: 73a3b60785efee3a31c223b6c72f9230b5e8b18392e449720f0e63e04e6de90d
            • Instruction Fuzzy Hash: 22825A75E002199FEF25CFA9C988BEDBBF1BF48320F148169E919AB395D7309941CB50
            Function 01B66420 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID: 0-3916222277
            • Opcode ID: e1f734c042ba8b2fd5206446cef4e1a694663a8018379b6b95b2e042f4d9fd6a
            • Instruction ID: eb3c6a5b2133450638914c5e3a4dc8b0f01653aff3146d333efbb9e9bbb7026c
            • Opcode Fuzzy Hash: e1f734c042ba8b2fd5206446cef4e1a694663a8018379b6b95b2e042f4d9fd6a
            • Instruction Fuzzy Hash: 0E915E71A00219AFEF25DF95DD95FAEBBB8EF18B50F1000A5F600AB190D774AD04CBA0
            Function 01B8E10E Relevance: 1.5, Strings: 1, Instructions: 255COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID: 0-3916222277
            • Opcode ID: 5df1f5a6e085f6fa1a76aca6bd20aec25f24cf618d232f98a7d2a4269b47f742
            • Instruction ID: c2ac59b561440c19bdff8bd42fb6a43e87b99243322770eb1aa9420c4b935631
            • Opcode Fuzzy Hash: 5df1f5a6e085f6fa1a76aca6bd20aec25f24cf618d232f98a7d2a4269b47f742
            • Instruction Fuzzy Hash: 1491BE3190060ABEDF2AAFA5DC84FAFBBB9EF45B50F000069F605A7250DB74D905CB90
            Function 01B1A660 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: GlobalTags
            • API String ID: 0-1106856819
            • Opcode ID: a6a0a37c20d9f64d3b291cfea17af66ece8763163a8c025de95f28a147d1d8f9
            • Instruction ID: 8d8ed80fc716252eb88d0c58b7bc32f2e9ded6a0f8de21133615085de72417a5
            • Opcode Fuzzy Hash: a6a0a37c20d9f64d3b291cfea17af66ece8763163a8c025de95f28a147d1d8f9
            • Instruction Fuzzy Hash: 46716BB5E0020A9FDF6CCF98D590BADBBB1FF58710F5481AAE905A7245EB309841CB60
            Function 01B84978 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: .mui
            • API String ID: 0-1199573805
            • Opcode ID: d75bd56bdb959e11196d4ea9f0c5af3255f179d131b0beeacda629aacc9ba606
            • Instruction ID: 48abd2b2bc1d50a9bc53d1384fbb5517e592873d70cefe556c1670d1cd8c3a54
            • Opcode Fuzzy Hash: d75bd56bdb959e11196d4ea9f0c5af3255f179d131b0beeacda629aacc9ba606
            • Instruction Fuzzy Hash: BF518F72D0022ADBDF18EF99D944BAEFBB4EF15F10F0541A9EA11BB250D7749801CBA4
            Function 01AFE627 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: EXT-
            • API String ID: 0-1948896318
            • Opcode ID: 41f97a1dae70232cab3ac374c91dea2480dfb7010f7d6e65bba2e8faf3243c8d
            • Instruction ID: 94367c3cee59428052526ced11fc33581298056748f34d74a00b9ccabd4e5ff5
            • Opcode Fuzzy Hash: 41f97a1dae70232cab3ac374c91dea2480dfb7010f7d6e65bba2e8faf3243c8d
            • Instruction Fuzzy Hash: 8441A172608342ABD720DBB5C980B6FBBE8AF88754F05092DF784E7190E774D908C796
            Function 01B5C730 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: BinaryHash
            • API String ID: 0-2202222882
            • Opcode ID: 53c53a551727145af09a1d5becb6d3cb9c4a51f15e310cb009d4910cc132f5b3
            • Instruction ID: 2067c873893a97d70f8853912c5bc81ab696181f1dad2dd1ea151b7066f55e12
            • Opcode Fuzzy Hash: 53c53a551727145af09a1d5becb6d3cb9c4a51f15e310cb009d4910cc132f5b3
            • Instruction Fuzzy Hash: 4F4152B1D0022DAADF65DB50CC84FEEBB7DAB45714F0045E5EA08AB140DB709E898FA4
            Function 01B76B40 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: #
            • API String ID: 0-1885708031
            • Opcode ID: 8d4f39e8761a5458452042a6c5a92f0d6827fbba7de762b62ab2994281a1d6f6
            • Instruction ID: baf446518e86fa91f7f57bdcf4096e8dfb98ef3725347254065c2cb1549c33ba
            • Opcode Fuzzy Hash: 8d4f39e8761a5458452042a6c5a92f0d6827fbba7de762b62ab2994281a1d6f6
            • Instruction Fuzzy Hash: 5731F631E00B199AFB2ADB79C850BAE7BB8DF05704F1440A8EA65AB282D775D905CB50
            Function 01B5CA72 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: BinaryName
            • API String ID: 0-215506332
            • Opcode ID: 612372f8ace93c690c80f2868567caa35e5b54e471b7fe42917890a415905b64
            • Instruction ID: 477996813286a4d3e36a5d7e6eff37c400ad35695f39a53bb0edafc451bdac2d
            • Opcode Fuzzy Hash: 612372f8ace93c690c80f2868567caa35e5b54e471b7fe42917890a415905b64
            • Instruction Fuzzy Hash: 0031F436900619AFEF19DB58C845F6BBF7AEB80710F0141A9EE05E7250D7309E05DBE0
            Function 01B6892A Relevance: 1.3, Strings: 1, Instructions: 47COMMON
            Download Yara Rule
            Strings
            • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 01B6895E
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
            • API String ID: 0-702105204
            • Opcode ID: 2bca97023373c10d6e6833c1129a4bf15398dd0ab5c57ad01c5b418fafaf9921
            • Instruction ID: bb5a7a526ffb698580d8b367a444a1fc94f64cadd50013be64a81e874c805a05
            • Opcode Fuzzy Hash: 2bca97023373c10d6e6833c1129a4bf15398dd0ab5c57ad01c5b418fafaf9921
            • Instruction Fuzzy Hash: 72012B32201306AFEB3D5B5ADD84B567B7DEFB5654B0424ACF64107191CB246844C792
            Function 01B82000 Relevance: .8, Instructions: 757COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 5bd3e6257fc2e18f5c5d6119617639af95589846c41eb1577e1361b3b351b9f4
            • Instruction ID: d23eab5f3a207ec94755ae2df77f18007c9111081a07d680d6415041f74fd35a
            • Opcode Fuzzy Hash: 5bd3e6257fc2e18f5c5d6119617639af95589846c41eb1577e1361b3b351b9f4
            • Instruction Fuzzy Hash: 3242E7756083419FDB29EF69C890A6BBBE5FF84B00F1809EDFA8687250D731D845CB52
            Function 01B78158 Relevance: .6, Instructions: 617COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 05e6dbd609c5d49fed99f8d1277b470178fd59104dbfcba665102bf404a65f2c
            • Instruction ID: 54cb28ee1d999c9af9ce180008ad7ae15fc322e418676ca9da986ab6a86b65e7
            • Opcode Fuzzy Hash: 05e6dbd609c5d49fed99f8d1277b470178fd59104dbfcba665102bf404a65f2c
            • Instruction Fuzzy Hash: 44426A71A002198FEB29CF69C885BADBBF5FF48300F1581D9E959AB242D7349981CF60
            Function 01AF2840 Relevance: .6, Instructions: 605COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: a7e2163db29008a2027cfd26522deaa0ba50dc2961fa403f460726f1971e302e
            • Instruction ID: cbae576f3c34f6cd8c89bd78c874c221fe93b586f91064a80e63a4194c3bee96
            • Opcode Fuzzy Hash: a7e2163db29008a2027cfd26522deaa0ba50dc2961fa403f460726f1971e302e
            • Instruction Fuzzy Hash: BE320170A007558BEF29CFA9C8447BEBBF2FF86300F14819EE5469B285D735A845DB50
            Function 01B8A118 Relevance: .6, Instructions: 591COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 4dc608b90747905af437137804efa3da65d34bf08a2115dcbbdbdcccfedc3594
            • Instruction ID: ea3d1dfd5ebbad368be4c3321e6e91b8130dea4a5d520743b6743aaa38f3e697
            • Opcode Fuzzy Hash: 4dc608b90747905af437137804efa3da65d34bf08a2115dcbbdbdcccfedc3594
            • Instruction Fuzzy Hash: 8D22A2742046518BEB29EF3DC090372BBF1EF45B04F0885DBE9968B286D775E492DB60
            Function 01B04A35 Relevance: .4, Instructions: 423COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
            • Instruction ID: be407b0f011b54cdf4d8e867acbdc165f84ecd66c299e07ea99c29c8692d0b28
            • Opcode Fuzzy Hash: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
            • Instruction Fuzzy Hash: 5FF12071E0061A9BDF2ACF99D590BAEBBF5FF48710F0481A9EA05AB281D774DC41CB50
            Function 01B7892B Relevance: .4, Instructions: 386COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 33db4fa0d196501f989fdfe0ebb1b542b230f83560bccc4f8bb49fc0bc054911
            • Instruction ID: 44d3488b2e877e5002a2dfbc45d27f203482282a3154c0ee18d0e1bd31bc7f1a
            • Opcode Fuzzy Hash: 33db4fa0d196501f989fdfe0ebb1b542b230f83560bccc4f8bb49fc0bc054911
            • Instruction Fuzzy Hash: 5BD1E071A0060A9BDF19CF69C845BFEBBF1EF88304F1881A9D965E7241E735E905CB60
            Function 01AE65D0 Relevance: .4, Instructions: 383COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 5cd95eeec379932410bc8b346bf521dbf7ec39abab45a4f24058c8ac76293568
            • Instruction ID: 536126deb1bdac4130c618d97d05aa6ea4d0304280340a97921344b6c50a9c8d
            • Opcode Fuzzy Hash: 5cd95eeec379932410bc8b346bf521dbf7ec39abab45a4f24058c8ac76293568
            • Instruction Fuzzy Hash: 77E19C71608342CFC715CF28C594A6ABBF0FF99314F058A6DE99987351EB31E909CB92
            Function 01AD8397 Relevance: .4, Instructions: 380COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 6fded15864bd4bbe60ba1dc679897d329305e65188d422808bda149d19c0305e
            • Instruction ID: 63aea47ae1b4ef5bbfdc330e6eeb0742828704b2ed1180494324f4a8e4fcf0df
            • Opcode Fuzzy Hash: 6fded15864bd4bbe60ba1dc679897d329305e65188d422808bda149d19c0305e
            • Instruction Fuzzy Hash: B9D105B1A00A069BCF18DF68C991ABEB7B5FF94304F05416DF916DB285E738D950CB50
            Function 01B68243 Relevance: .3, Instructions: 322COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
            • Instruction ID: 256456beef1fd9b521914c9fb15cb49aa8086616f12aab9c2f81ad8ec17f2d77
            • Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
            • Instruction Fuzzy Hash: 33B16274A007059FDF28DF99C940AABBBBEFF94304F54449DAA4297794DB38E905CB10
            Function 01AF0535 Relevance: .3, Instructions: 300COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
            • Instruction ID: 372b577545fa64aa4a227e6619e5c7912f71a61a30c3ba8f3752e99243363ca4
            • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
            • Instruction Fuzzy Hash: 61B10431600646AFDF29DBA8C944BBEBBB6AF48300F188599F646D7382D770E941DB50
            Function 01AE83C0 Relevance: .3, Instructions: 281COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: f544980fe96aa46448dff8d41e5a60feb3b827fb6485bbb3383e0aa19c561423
            • Instruction ID: cbd323a4dd27b1f5d0e8027cc01bdb4665cb5ebe293339680c51227753605c5b
            • Opcode Fuzzy Hash: f544980fe96aa46448dff8d41e5a60feb3b827fb6485bbb3383e0aa19c561423
            • Instruction Fuzzy Hash: FCC148745083418FD764CF29C484BABB7E5FF88304F44895DE98987291DB78E948CFA2
            Function 01ADC427 Relevance: .3, Instructions: 280COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: a966a25e7f8de1c1f61d7a773cf443a70d3641f48829639bbb9d0d8358f09264
            • Instruction ID: 7a091b3f7957cab82e2a47effd4c670632a5b5a085ec1554f69ba5e07e7c6832
            • Opcode Fuzzy Hash: a966a25e7f8de1c1f61d7a773cf443a70d3641f48829639bbb9d0d8358f09264
            • Instruction Fuzzy Hash: C7B18170A006668BDB29CF68C990BA9B7B1EF44710F5485EDD54AE7285EB309D86CF20
            Function 01B0E5E7 Relevance: .3, Instructions: 278COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 15eed8d3328cb487b8ea7181cab04ad22c31d839a11e5235d2cc6d7d12cd7f7d
            • Instruction ID: 1ead6e0d603d560a1ff56a8ad3c6f0506b941b3c740becd6bac9324e205ed128
            • Opcode Fuzzy Hash: 15eed8d3328cb487b8ea7181cab04ad22c31d839a11e5235d2cc6d7d12cd7f7d
            • Instruction Fuzzy Hash: 6DA10331E006159FEF2A9BACD944BBEBFB4EB01714F0546A9EA00AB2D1D774DD40CB91
            Function 01B20185 Relevance: .3, Instructions: 276COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 007ee782d3b07160d0c81cca5cbce1c9340d3afadea9a0a5e2b9421f294beb96
            • Instruction ID: 52ebb9bbb09a8b205e82979364c22df6dfdf70f069ff21cbd0862b710a797f2e
            • Opcode Fuzzy Hash: 007ee782d3b07160d0c81cca5cbce1c9340d3afadea9a0a5e2b9421f294beb96
            • Instruction Fuzzy Hash: FFA1D470B00626DFDB2DEF69C590BAAB7B1FF54314F0041A9FA5997281DB34E819CB50
            Function 01BB4500 Relevance: .3, Instructions: 275COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 3b90b2b96aae96d405e9c49c9a9e95234530e225965c86b75ac336addc4829ae
            • Instruction ID: 7db83a412f77b0f4389c213be45521e060e0c23ca3253a22265cc45eabf23c18
            • Opcode Fuzzy Hash: 3b90b2b96aae96d405e9c49c9a9e95234530e225965c86b75ac336addc4829ae
            • Instruction Fuzzy Hash: 4FA1DF72A046129FCB19DF18C980BAAB7E9FF48704F0505ADF686DBA52D374EC01CB91
            Function 01BB2B57 Relevance: .3, Instructions: 266COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
            • Instruction ID: d2ba4874bbc3cc25fe9074b197a1c614f0d92e9eaa33ff557e8fd47d54c2113c
            • Opcode Fuzzy Hash: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
            • Instruction Fuzzy Hash: DEB13871E0061ADFDF29CFA9C880AEDBBB5FF48310F1481A9E914AB754D770A945CB90
            Function 01B660E0 Relevance: .3, Instructions: 264COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 7d73e1d48a2890516498f90c42914349313a9f25b2bc4b96f36b5cf83fdcb21a
            • Instruction ID: ede5e6215a0080c64b4ebfe480d198a8bc86116310cdd1a4e80220bc64f29bdb
            • Opcode Fuzzy Hash: 7d73e1d48a2890516498f90c42914349313a9f25b2bc4b96f36b5cf83fdcb21a
            • Instruction Fuzzy Hash: AF918571D00216AFDF19CF69D894BAEBFB9EF58710F154199E610EB341D738E9009BA0
            Function 01AFE3F0 Relevance: .3, Instructions: 261COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: b77b1723af506a5d4ada95955e17ddc8962bdf428216cd12859a2a4e3b1901a5
            • Instruction ID: 5dac97584942ed64af4e537a691f37f69ccb071ad214cbc15f9db3089ed61a96
            • Opcode Fuzzy Hash: b77b1723af506a5d4ada95955e17ddc8962bdf428216cd12859a2a4e3b1901a5
            • Instruction Fuzzy Hash: CA911631A00616CBEB28DBADC444B7E7BB1EF98714F0A80ADFA059B3A1E734D901C751
            Function 01B36ACC Relevance: .2, Instructions: 226COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 8b417d7caf8ff040618de2a6e6dd474f79f9c6f8d908e4503a2b366fc5d71978
            • Instruction ID: 8bc915bef0d133089cd8e51f7969da8aba978652bccaed4a0389724c1ff79aa2
            • Opcode Fuzzy Hash: 8b417d7caf8ff040618de2a6e6dd474f79f9c6f8d908e4503a2b366fc5d71978
            • Instruction Fuzzy Hash: AC81A371E0061AABDB1CCF69C940ABEBBF9FB48700F04856EE545D7640E734DA51CBA4
            Function 01BAAB40 Relevance: .2, Instructions: 222COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
            • Instruction ID: 065aef23f82512659fe4489c61be493c46a9bf24001f35fc4a6d2e298da69884
            • Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
            • Instruction Fuzzy Hash: BB818171A042059FDF1DCFA9C880AAEBBB2FF84310F5485A9D9569B344EB34E901CB90
            Function 01B1E284 Relevance: .2, Instructions: 212COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: f24e3af585348e9f04ae61f763cf7b8f404b17e65fafb99c66f1860f3e7c946b
            • Instruction ID: 9980d8eec33e2805fe3f065f5b6373fef28b833c16153ef21adc9f6d725b64c4
            • Opcode Fuzzy Hash: f24e3af585348e9f04ae61f763cf7b8f404b17e65fafb99c66f1860f3e7c946b
            • Instruction Fuzzy Hash: 04818E71A00609EFDB2ACFA9D880BEEBBB9FF48314F554469E955A7214D730EC05CB60
            Function 01AFC640 Relevance: .2, Instructions: 206COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: bc4d1a037612b9e4569ebfeb716d2a7962d7ea23bdff255c458ccc6c32dbf893
            • Instruction ID: 1499fd4647760d0888360111b17e96dbf95def32fdb67e0cfad88d15e17d617c
            • Opcode Fuzzy Hash: bc4d1a037612b9e4569ebfeb716d2a7962d7ea23bdff255c458ccc6c32dbf893
            • Instruction Fuzzy Hash: A071D475C05629DBCB29CF99D890BBDBBB0FF58710F14815EE982AB354E3349800CB90
            Function 01B947A0 Relevance: .2, Instructions: 202COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 112faedb8ffa577130a51583a9c3428df72edbbc2e17ce1e688731a6ef837097
            • Instruction ID: 1b1092466b86a59ed449a5530f9411521cfbb32b2420927af0187bd49512829f
            • Opcode Fuzzy Hash: 112faedb8ffa577130a51583a9c3428df72edbbc2e17ce1e688731a6ef837097
            • Instruction Fuzzy Hash: 8D718F71901205EFDF2CDF99EA50A9EBBF8EF94300B1441EAE614AB258E7358942CF54
            Function 01AF260B Relevance: .2, Instructions: 201COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: b39647f8987fd95bf8d3f3610a2a19729c03b2ce16132ac88f5149b41f07225d
            • Instruction ID: 66ff2e4cd1f8d31ebe68415064303e4704b690d6ce17547fb4bc675c9befc593
            • Opcode Fuzzy Hash: b39647f8987fd95bf8d3f3610a2a19729c03b2ce16132ac88f5149b41f07225d
            • Instruction Fuzzy Hash: 6E71CF316046429FD756DF68C480B2AB7E5FF85310F0885AEF999CB352DB38D846CB91
            Function 01B6035C Relevance: .2, Instructions: 198COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
            • Instruction ID: 4dcc8840115cda49dcf406bd1c8deb167edf317f06018eea15f5fd6bb1c41964
            • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
            • Instruction Fuzzy Hash: 2B715F71A00619EFDF14DFAAC984EAEBBB9FF58700F104569E505E7250DB34EA05CB50
            Function 01B762A0 Relevance: .2, Instructions: 198COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: c12588e1e254069ed892ee12ab7e244a01448b25e90f347c46aeccb65836e24f
            • Instruction ID: 476e106f33e1d551fd84fefe84e3261f20fa55679e2204406916b2c78faba8d4
            • Opcode Fuzzy Hash: c12588e1e254069ed892ee12ab7e244a01448b25e90f347c46aeccb65836e24f
            • Instruction Fuzzy Hash: 7371E332200B01AFFB3ADF18C894F66BBB6EF44760F154598E2668B2A0D775E944CB50
            Function 01AE8AA0 Relevance: .2, Instructions: 197COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 06d5148756ac18fbea0019769d529946b66bab8ee3b27d4a7fa8695d4577be13
            • Instruction ID: 39dd803505af756f0bab4eb848f1fbaad50e6d4c164e36ebb222e9a0b9105da0
            • Opcode Fuzzy Hash: 06d5148756ac18fbea0019769d529946b66bab8ee3b27d4a7fa8695d4577be13
            • Instruction Fuzzy Hash: 4881C172A053058FDB28CF98D588BAD77F2FF48310F1581E9E904AB691D7749D40EB90
            Function 01BB8324 Relevance: .2, Instructions: 192COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: e568c52af6467353184c8fdb14f24d7f00961f6f61a59b525700e0b31593dffd
            • Instruction ID: 9135ae32a3d8df825109994a4ba41ceb17d8f3eef6915a9014f198409ffa7993
            • Opcode Fuzzy Hash: e568c52af6467353184c8fdb14f24d7f00961f6f61a59b525700e0b31593dffd
            • Instruction Fuzzy Hash: 94710A71E00219AFDF19DF94C881FFEBBB9FB04350F104199E615A7690D7B4AA45CB90
            Function 01B9A250 Relevance: .2, Instructions: 184COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: a6546ede24d73862b6cbc10382d333e9b345a618a9d93702a7fcee9f219d0da6
            • Instruction ID: b62153bfa3671f2588ae4dbc567a9415d01dd637a6624cbad4b73dc01060268d
            • Opcode Fuzzy Hash: a6546ede24d73862b6cbc10382d333e9b345a618a9d93702a7fcee9f219d0da6
            • Instruction Fuzzy Hash: 8751C172504612AFDB15DE78C894E5BBBE8EBC5750F0109B9FA44DB250D730ED06CBA2
            Function 01B88350 Relevance: .2, Instructions: 161COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 5ec387ce7d7c51f036ef7dfb28f83aafbbca542d6ab34c7f1ec8193e7cc380b8
            • Instruction ID: 206123262e78b93aa697daa5b7a26f5612c4eb8c41d13f671a6ed791478e3b7b
            • Opcode Fuzzy Hash: 5ec387ce7d7c51f036ef7dfb28f83aafbbca542d6ab34c7f1ec8193e7cc380b8
            • Instruction Fuzzy Hash: 61513370900705DFDB28EF5AC880AABFBF9FF54B10F50065EE292976A1C770A544CB90
            Function 01B1E443 Relevance: .2, Instructions: 158COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 19420bf39ab4cb7d786ade1731310208827d011f7d55e9fea5c7a1372ec96e15
            • Instruction ID: 5d03c5fb5d561d0104565751378c8937a4406cbbabdb3315b9e8d4f4a7ae6aad
            • Opcode Fuzzy Hash: 19420bf39ab4cb7d786ade1731310208827d011f7d55e9fea5c7a1372ec96e15
            • Instruction Fuzzy Hash: 25518F31200615DFCB2ADFA9C990F6AB3F9FF14784F4204ADEA4697260D734E945CB50
            Function 01B84180 Relevance: .2, Instructions: 156COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 5d60eb009acd7e0542bc7e7f911ca7f95365dae3a3a81ef1d28316652ea3e4a6
            • Instruction ID: 75d6d9aba3ac7d4f85be6584f2cacf71fad1fac38610f0a39d5a0a91d3e3ca43
            • Opcode Fuzzy Hash: 5d60eb009acd7e0542bc7e7f911ca7f95365dae3a3a81ef1d28316652ea3e4a6
            • Instruction Fuzzy Hash: DB5135716083429FD758EF29D880A6BBBE5FBD8A04F444A6DF589C7250EB30D905CB92
            Function 01B045B1 Relevance: .2, Instructions: 156COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
            • Instruction ID: 739a6fa237d8cfd3f7bf4c25880f271d60b7976cf26c0435ec9264619fb8fa99
            • Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
            • Instruction Fuzzy Hash: A7517171D0021AABDF1ADF98C440BEEBFB9EF45754F0481A9EA01AB290D774DD44CB90
            Function 01B6E9E0 Relevance: .2, Instructions: 154COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
            • Instruction ID: 2e63485c1e15acbefba3c0fbc5f6975cdc48267a0274df4ed94889e71298f750
            • Opcode Fuzzy Hash: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
            • Instruction Fuzzy Hash: E251B535D0021AAFDF19DE94C8C4BAEBB7DEB10354F1946E5D611E7190D738DD448BA0
            Function 01BA8B28 Relevance: .2, Instructions: 152COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 52c00a1466e42174722163eb498008d4be81620e46a50604128e1a4e20795710
            • Instruction ID: ea95dd106db795c4d31b2ebafc8605752df14ce8940ce748b90c6457e25787c0
            • Opcode Fuzzy Hash: 52c00a1466e42174722163eb498008d4be81620e46a50604128e1a4e20795710
            • Instruction Fuzzy Hash: 244129707096019BDB2DDB2DC894B7BBB9AFF94721F848298F915C7A90EB31D841C790
            Function 01B6CBF0 Relevance: .1, Instructions: 148COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: fe0933ec416769d79d55482aaa64150c0cf4ad5ca39bd04f301854b58e2c6b6d
            • Instruction ID: 395f6778223c05bdd89e2b58ec223ff7595405bf5a6cb20713b80e185cfe46b2
            • Opcode Fuzzy Hash: fe0933ec416769d79d55482aaa64150c0cf4ad5ca39bd04f301854b58e2c6b6d
            • Instruction Fuzzy Hash: D5518E75900216DFCB28DFA9C59099EBBB9FB68314B10455AE585A3305E739ED01CBD0
            Function 01B1A430 Relevance: .1, Instructions: 139COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 7c15a634ee0dcc7e42f4f38d4aa307e141a25dacb67534d4bb49a23dd566c1d3
            • Instruction ID: 35eeeeab9bd6ba287fb9f91df96cb095ab6e36edd9ff3ddee23b641a1d54526c
            • Opcode Fuzzy Hash: 7c15a634ee0dcc7e42f4f38d4aa307e141a25dacb67534d4bb49a23dd566c1d3
            • Instruction Fuzzy Hash: 574128717422429BDF2DEF78D891B6A7765EB15708F8200ADFE069B249E7B1E800C760
            Function 01BAA9D3 Relevance: .1, Instructions: 139COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
            • Instruction ID: 4380bf99d8031886a07f46683d1c27b5fc3e2ffc11ea6e22c057676e2836d479
            • Opcode Fuzzy Hash: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
            • Instruction Fuzzy Hash: DD41FD716087169FDB2DCF78C994A6AB7D9FF80310B4546AEE91287640EB30ED04C7E0
            Function 01B101F8 Relevance: .1, Instructions: 138COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: d9e9310e2660f5d38df638c3f80a774b32fd1804a1123800c031e930ff8a4a5e
            • Instruction ID: 6feaeb7ced2fa4baf35d71139299803a6ace17d123f95c29cde399e830c4b350
            • Opcode Fuzzy Hash: d9e9310e2660f5d38df638c3f80a774b32fd1804a1123800c031e930ff8a4a5e
            • Instruction Fuzzy Hash: D141CE31900215DBDF18EF98C480AEEBBB4FF58710F5682AAF805E7244D7349D81CBA4
            Function 01B0EBFC Relevance: .1, Instructions: 138COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: a3e144de29625a01e93c7a40545e66b520900abab8d77d202e6234dd0df9330e
            • Instruction ID: f970505d7ce4b208b5a20a403f37233214bf2297badf8f1750c3f3fdb250a2f1
            • Opcode Fuzzy Hash: a3e144de29625a01e93c7a40545e66b520900abab8d77d202e6234dd0df9330e
            • Instruction Fuzzy Hash: FE41B3716043029FDB2ADF68C884A67BBE5FF84314F004DAEE697C7651EB35E8448B51
            Function 01B22750 Relevance: .1, Instructions: 137COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
            • Instruction ID: 8e6644d324f4d97bfc40bc6280eeb8c695164fe4687245da6f00ef732cf9734d
            • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
            • Instruction Fuzzy Hash: B1518C35A00215CFCB59CFA9C480AADFBF2FF84714F2482A9D915A7351D730AE42CB90
            Function 01AE6154 Relevance: .1, Instructions: 133COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: a9a8b82851b2aa3f259a176f8ae60fad6e10c8891587847bea59d6b263c4d388
            • Instruction ID: 11caafa4b9eac4ed5b35a046b896752244be21602049716c0f97b14369cfc89a
            • Opcode Fuzzy Hash: a9a8b82851b2aa3f259a176f8ae60fad6e10c8891587847bea59d6b263c4d388
            • Instruction Fuzzy Hash: 6151E770900216DBDB299B6CCD14BE8BBF1EF21314F1486E9E629972D1E7349981DF40
            Function 01AE0BCD Relevance: .1, Instructions: 130COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: cd41f0420157b38f468c94877778fe81865c3cf11f508184e504187f27f62b5a
            • Instruction ID: 3082d9b7dad2c629ff9db25e52dd9797a3a579c20375092439b4adf1afc62399
            • Opcode Fuzzy Hash: cd41f0420157b38f468c94877778fe81865c3cf11f508184e504187f27f62b5a
            • Instruction Fuzzy Hash: 0341A331A002299BDF25DF68CA44BEA77B4EF85740F0500AAE908AB241D774DE85CF91
            Function 01BA866E Relevance: .1, Instructions: 129COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
            • Instruction ID: 357bf68c674c3e3514edaec9881556cc0472a2a571b2eb0ee4f45916cb921848
            • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
            • Instruction Fuzzy Hash: 5341A175B04205ABEF19DF99CC84AAFBFBAEF88601F5440A9E900A7751DB70DD01C7A0
            Function 01AE0887 Relevance: .1, Instructions: 128COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: af4e88501e92e124812aab00a85ef25ae7baa9851cb8ef7c317ee947824c5187
            • Instruction ID: f8f3c80cfeda7deae94db1f8343137358de2801058974b6c4cc495f03365f98d
            • Opcode Fuzzy Hash: af4e88501e92e124812aab00a85ef25ae7baa9851cb8ef7c317ee947824c5187
            • Instruction Fuzzy Hash: 6B41B0707007029FE725CF68C694A26B7F9FF48314B144A6EF556C7A51E7B0E845CB90
            Function 01B0A470 Relevance: .1, Instructions: 127COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 64a1ede153c45a0581d02f731c34ab84f0efe3077476066cb17503fd71913b0d
            • Instruction ID: 6b2a782d75dd60857d62a5cd3b4306df58483f2373046b2ca96a047988edcf14
            • Opcode Fuzzy Hash: 64a1ede153c45a0581d02f731c34ab84f0efe3077476066cb17503fd71913b0d
            • Instruction Fuzzy Hash: 1A419C32941206CFDB2ADF68D5A47AD7BB0FF18350F054AD9D419AB2D1EB35D900CBA0
            Function 01AE8BF0 Relevance: .1, Instructions: 124COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 3b914c07dc6be14fc39e2591e3890d612aacc2f9d8c323dc7cde92b29b04abcf
            • Instruction ID: 06005aad506e4c4f4b7a06080c158241e5e8ed5e08ca251192643cb6e8bc89fe
            • Opcode Fuzzy Hash: 3b914c07dc6be14fc39e2591e3890d612aacc2f9d8c323dc7cde92b29b04abcf
            • Instruction Fuzzy Hash: 06412672901602CFD728EF48D988BAABBF5FF95704F1480AEE5059B665D739D802CF90
            Function 01AD8918 Relevance: .1, Instructions: 123COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: f1e89796bdbd719cf180a43e6ec59e059040ac63bb56e7e4e660926458bbfed3
            • Instruction ID: 75db4fb61463da7062d91bc720d023254556ef523d48c7b81e282b54ea568932
            • Opcode Fuzzy Hash: f1e89796bdbd719cf180a43e6ec59e059040ac63bb56e7e4e660926458bbfed3
            • Instruction Fuzzy Hash: 92419D315087069ED712DF68C940A6BBBE8EF84B54F40096EFA85D7250E730DE158B93
            Function 01ADA020 Relevance: .1, Instructions: 122COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
            • Instruction ID: 993a60496fb9d45bc359a1d5121b35461bcfd447cc6c74761f94a738bbac99b8
            • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
            • Instruction Fuzzy Hash: BF412C31A00611DBDB19EF6985507BABB71EBD0764F1580AAE9469B244D7328E50CB90
            Function 01AE09AD Relevance: .1, Instructions: 122COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: e3480ea78363a881a3ce8b4ce2f8a083fdbe10b755225e749b9678499f1c4975
            • Instruction ID: 226fff61aff3ed36ac78ae1bd78a7119882027bc5645ed0162e3c01c0004843a
            • Opcode Fuzzy Hash: e3480ea78363a881a3ce8b4ce2f8a083fdbe10b755225e749b9678499f1c4975
            • Instruction Fuzzy Hash: 6A417771A00605EFD725CF28D944B2ABBF4FF58314F248A6AF549CB251E7B0E942CB90
            Function 01B10710 Relevance: .1, Instructions: 121COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
            • Instruction ID: 44745de62cf9d049c700a98acce0263f8d6403f34e6aa9de46843e6f451fe202
            • Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
            • Instruction Fuzzy Hash: C2412B71A04705EFDB28DF98C980AAABBF4FF18700B5149ADE556DB654D330EA84CF90
            Function 01AE262C Relevance: .1, Instructions: 119COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 9cb4ea1add29a28496ce36d37301b6f71dbbf645f3463745892dce1d56696e66
            • Instruction ID: 5d3de2b89fe1d69be98e11db1ca5cd459e856458da95f3662fa9718ff543d6b8
            • Opcode Fuzzy Hash: 9cb4ea1add29a28496ce36d37301b6f71dbbf645f3463745892dce1d56696e66
            • Instruction Fuzzy Hash: 9C41BEB1941705CFCB2AEF28C944B69B7F9FF98310F1482AAC4068B2A1EB309941CF51
            Function 01B1C8F9 Relevance: .1, Instructions: 116COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 48e858dc349e58f6fcc8adcceba2ddf0176703e03f4b1c3bfddbea30301f68c7
            • Instruction ID: f906edd5f95cf2d61a91b2507ee0894247075aa34a8ac8463bee17de9d773db1
            • Opcode Fuzzy Hash: 48e858dc349e58f6fcc8adcceba2ddf0176703e03f4b1c3bfddbea30301f68c7
            • Instruction Fuzzy Hash: 093197B2A40245DFDB5ACFA8C140799BBF0FB09724F2181AED519EB251D3729902CB90
            Function 01AD80A0 Relevance: .1, Instructions: 111COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: f326a001dee3dee922ceecf58c054611ef15153cfea808848cc380803bfc142e
            • Instruction ID: d58a930cca7eeb8e0dc5e1122d16ca918dad6c49310a72d8d09217f3b620bd67
            • Opcode Fuzzy Hash: f326a001dee3dee922ceecf58c054611ef15153cfea808848cc380803bfc142e
            • Instruction Fuzzy Hash: E941D471E05B16AFDB01DF68C940AA8B7B1FF54760F148229E817A7280D738ED458BD0
            Function 01B605A7 Relevance: .1, Instructions: 111COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 43b823406c641c44c011ced2e30afe7e611523d14b97c9a39e1ebd03ee1afed3
            • Instruction ID: 4ad9c5323dba3e8cec9c41ed2cdb4e471372c0127d8ba2aac0edc814ac914989
            • Opcode Fuzzy Hash: 43b823406c641c44c011ced2e30afe7e611523d14b97c9a39e1ebd03ee1afed3
            • Instruction Fuzzy Hash: B441E4725086469FC324EF6DC840A6AB7E9FFD8700F14065DF95887680E734DD04C7A6
            Function 01AE4859 Relevance: .1, Instructions: 111COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 5c3feb6eeefeb7e78e7527be30e12e47f5cfcf66c223228351e55493085a91f4
            • Instruction ID: 0f3ef15214ca69bb9dd6ed53b1d7db03590412b014f6de6c8a30e8af83964be8
            • Opcode Fuzzy Hash: 5c3feb6eeefeb7e78e7527be30e12e47f5cfcf66c223228351e55493085a91f4
            • Instruction Fuzzy Hash: 5941D1306003028BDB25DF2CD998B2ABBEAEF88354F15446DFA45DB291EB34D841CB91
            Function 01AD8B50 Relevance: .1, Instructions: 111COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 9c5d0407580bbca996feb363a24ac6a36327ad58c45e1f905410da58505076e3
            • Instruction ID: 284590ee0419b79e3bc6c272cf0f2833d9cda9f52416ce26ed84349dea970968
            • Opcode Fuzzy Hash: 9c5d0407580bbca996feb363a24ac6a36327ad58c45e1f905410da58505076e3
            • Instruction Fuzzy Hash: 1E4192B1E01A05DFCB15CF69C9809ADBBF1FF88320B14866ED467A7260DB38A941CF40
            Function 01AF02E1 Relevance: .1, Instructions: 106COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
            • Instruction ID: 8b0040eca258283617dfd60c96dbcf290153f2f14e08526cfcecbf13f689b69e
            • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
            • Instruction Fuzzy Hash: BD31E731A04245AFDB229BA8CD44B9BBFF9EF14350F0882A9F955D7353C7749844CBA4
            Function 01B8E3DB Relevance: .1, Instructions: 105COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 58b29d04541ce5916e278125d43c177bd73d1a2f6be09cc524c9f82bed9c50f4
            • Instruction ID: 8f57399997f8a6d62f1452f81bc2d4aff6d402d5f5d5ce78e6ae8f0b02973c86
            • Opcode Fuzzy Hash: 58b29d04541ce5916e278125d43c177bd73d1a2f6be09cc524c9f82bed9c50f4
            • Instruction Fuzzy Hash: BD31C875740716ABDB26AF999C41FAF7AA4AF58F50F000068F604AB2D1DBA4DD01C7A0
            Function 01B94B4B Relevance: .1, Instructions: 104COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: a8d679594174ef2ea8d9ec587e32db8e6bc69752bd2b9343fcbf1d8a4ab4855f
            • Instruction ID: fe88aabd7cad37b8253b19b9f520f9ffc2889148627b990dea11122913d4a43a
            • Opcode Fuzzy Hash: a8d679594174ef2ea8d9ec587e32db8e6bc69752bd2b9343fcbf1d8a4ab4855f
            • Instruction Fuzzy Hash: C131D2322052019FCB29DF1DDA90E26B7F5FB84360F0A44BEE9958B351E731E806CB91
            Function 01AE4260 Relevance: .1, Instructions: 102COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 091d53aab9ac8bf38ff5b253974addcd496ea4b5e74348f7a451c9f8adbe483f
            • Instruction ID: de82f45ea51415100dd22ba14669a5d7dba4fcd8826f5c3b6961151c2ceb33c7
            • Opcode Fuzzy Hash: 091d53aab9ac8bf38ff5b253974addcd496ea4b5e74348f7a451c9f8adbe483f
            • Instruction Fuzzy Hash: 1741BD31200B469FDB2ADF28C994BD67BE8FB48314F05846DF6A9CB290C770E804DB50
            Function 01B94BB0 Relevance: .1, Instructions: 101COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 58bacc70bc45d1fe859aad2ab1a1c2abb7b03ce7324dbc7215b72cc78743ea5b
            • Instruction ID: c11334807bdf0b0df7bb35fc4acc1257af5e2c31e271c1fc2fa51d3c6d34e9ce
            • Opcode Fuzzy Hash: 58bacc70bc45d1fe859aad2ab1a1c2abb7b03ce7324dbc7215b72cc78743ea5b
            • Instruction Fuzzy Hash: 8C319C716042419FDB28DF28DA90A2AB7F5FB84720F0949BDF9559B391E730E806CB91
            Function 01B5EB1D Relevance: .1, Instructions: 100COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 053f66b21ee64e1170344eb70cb59cd8f9b20e22079296532448c1be95029007
            • Instruction ID: 17772e25bacee5461c2f2e05d05647983ec52b8808ccf3c99a55d7aaa358825f
            • Opcode Fuzzy Hash: 053f66b21ee64e1170344eb70cb59cd8f9b20e22079296532448c1be95029007
            • Instruction Fuzzy Hash: CE31A1726016C29BF76A9B9D8A88B25BBD8FF40744F1904E4BF45DB6D2DB68D940C220
            Function 01BA61C3 Relevance: .1, Instructions: 97COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: e9320723fb3d7e560b9d920440f7b076e5952275bac8911da984291ed3b6be17
            • Instruction ID: d2967c553fae0b3d38fd64fc9d23ea9ed44a294658304f31026e8a6866ae138a
            • Opcode Fuzzy Hash: e9320723fb3d7e560b9d920440f7b076e5952275bac8911da984291ed3b6be17
            • Instruction Fuzzy Hash: 4B31C4B5E0021AABDB19DF98CD40FAEB7B5FB44740F4541A9E904EB244D770ED41CB94
            Function 01B8483A Relevance: .1, Instructions: 96COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: f2e606dc919f157a069a66a400bec573e164df920234fd9fd7bfd55812dbef1b
            • Instruction ID: 3c5dde0fdf0a7410468f440722b6e8d231b147e04555312596536ef57a7528a0
            • Opcode Fuzzy Hash: f2e606dc919f157a069a66a400bec573e164df920234fd9fd7bfd55812dbef1b
            • Instruction Fuzzy Hash: B5314176A4012EABCF35AE54DD84BDEBBB5EB98750F1100E5E508A7250DB309E91CF90
            Function 01B0EB20 Relevance: .1, Instructions: 96COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 01039b35214ae023cde96fffa0dd89a57b3ddf299c7889b15c6d951b78909f4d
            • Instruction ID: e81f80f5f01b83926f5ddafb752bb3e602ce15e873c70e29fbc5851481a9f1af
            • Opcode Fuzzy Hash: 01039b35214ae023cde96fffa0dd89a57b3ddf299c7889b15c6d951b78909f4d
            • Instruction Fuzzy Hash: BF31D972E00615AFDB26DFADC980BAEBBF8EF44750F0145A5E556D7290D770DE008BA0
            Function 01BA60B8 Relevance: .1, Instructions: 95COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 637734907d8f07bb5b9d817c36e7a7b8cb1a2a9f44ad1841686ce485187dbc05
            • Instruction ID: 9a675a03836798ca87063906211b94ac39c824bdbf95298e206bc9b61d85519c
            • Opcode Fuzzy Hash: 637734907d8f07bb5b9d817c36e7a7b8cb1a2a9f44ad1841686ce485187dbc05
            • Instruction Fuzzy Hash: 4931C7B1644606ABDB2E9FAAC850B6E7BB5EF48754F4400B9E505DB352DB30EC018B90
            Function 01AE07AF Relevance: .1, Instructions: 95COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 540068f8ff6783c903d791097bbf7ed8e18b1db8aded012f036d52b024c59e6e
            • Instruction ID: c803e649ba70039b7ecdcdf4bb1cb61982273e0ed773346b3661ddf8d94f58ab
            • Opcode Fuzzy Hash: 540068f8ff6783c903d791097bbf7ed8e18b1db8aded012f036d52b024c59e6e
            • Instruction Fuzzy Hash: 6931F132B04612DBCB13EE68CA84A6BBBE5AFD4260F054529FD55EB210EB70DC1187E1
            Function 01AE8550 Relevance: .1, Instructions: 94COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: cbc230e5f078005537f975ec75fd0b5bfa8afe3a63a5d13b14ac0b3d140cc3a9
            • Instruction ID: 60a714a1ee9e1d896080e0c257064fcea81f3f09e7cef62b4d57f562e3b4160a
            • Opcode Fuzzy Hash: cbc230e5f078005537f975ec75fd0b5bfa8afe3a63a5d13b14ac0b3d140cc3a9
            • Instruction Fuzzy Hash: D131AF716093018FE725CF19D844B2ABBE5FB98700F048AADF98897351D774E844DBA2
            Function 01B1A6C7 Relevance: .1, Instructions: 92COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
            • Instruction ID: a7fad23082c4356c0c3cd12748bf5eb9de237771df65b599af7f98249f91ff3e
            • Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
            • Instruction Fuzzy Hash: A3311AB2B01B41AFE769CF79D940B56BBF8EB08B50F55056DA59AC3650E730F9008B60
            Function 01B8EBD0 Relevance: .1, Instructions: 91COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: f075c7cc8a2c9565f90acf2a904ab6639321e59ff4606334bff0b8a29819560b
            • Instruction ID: 1c96a56fd215390c34f7256e574bcb4095a97f54b175a379277c95cca76f8f4a
            • Opcode Fuzzy Hash: f075c7cc8a2c9565f90acf2a904ab6639321e59ff4606334bff0b8a29819560b
            • Instruction Fuzzy Hash: 6D3187B19093029FCB19EF19C54095ABBF1FF89B14F0549AEF4889B262E330D945CF92
            Function 01B0438F Relevance: .1, Instructions: 89COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 7125ed9e0da10154c8804e85cfc76009b3afc9f325b9578418eba6937f5e668e
            • Instruction ID: 17544b91def333c8467d3dbe28ac32e825036c4a61389195ab3567916adec0a7
            • Opcode Fuzzy Hash: 7125ed9e0da10154c8804e85cfc76009b3afc9f325b9578418eba6937f5e668e
            • Instruction Fuzzy Hash: 7531D631B002469FDB29DFA8C981A6EBFF9EF84304F0185AAE605D7294DB30D945CB50
            Function 01ADCB7E Relevance: .1, Instructions: 89COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
            • Instruction ID: 6ac6b7a6566bb397f686f2f541f24153d01cba4d0739b53af1bdd525df75d053
            • Opcode Fuzzy Hash: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
            • Instruction Fuzzy Hash: 47213432E0165BAADB159BB98840BBFBBB5EF40750F158079AE56E7340E370C900C7A0
            Function 01ADC156 Relevance: .1, Instructions: 88COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: e00b30596051e4348c85a05b738e9f8de637ad0936bc4f7f1366f3937808e22c
            • Instruction ID: 35a69c8083b8a481103b399e296244d4b040e7ed488eed20bc43a0c97b7d441a
            • Opcode Fuzzy Hash: e00b30596051e4348c85a05b738e9f8de637ad0936bc4f7f1366f3937808e22c
            • Instruction Fuzzy Hash: E7313B715002119BDB2AAF68CC44BB977B4EF90314F9481EDE9469B382EB74D986CB90
            Function 01B9C3CD Relevance: .1, Instructions: 88COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
            • Instruction ID: f3525232a2e05d92cc85a3d096160770e0149ed575c073c3b682027cd54aa40c
            • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
            • Instruction Fuzzy Hash: C2212B3A700652A6CF1DABA58800ABEBFB4EF40710F40806AFA9587791E734D941C3B0
            Function 01ADE420 Relevance: .1, Instructions: 88COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 8b040e3e74618d05f378251733d99dc10c7530c081ada348a7cf4bdeb0ffd707
            • Instruction ID: 4f50fb3bdd82ede51d2d8140bcb28410a64373dc32b7a15eb624e3f25cbfd1aa
            • Opcode Fuzzy Hash: 8b040e3e74618d05f378251733d99dc10c7530c081ada348a7cf4bdeb0ffd707
            • Instruction Fuzzy Hash: D6310571A0092C9BDB31DF28CD41FEE77B9EB15780F0101A5E656AB291D7709E80CF90
            Function 01B14588 Relevance: .1, Instructions: 87COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
            • Instruction ID: f68f80249b32615ad999cd3ab6658163b74d6086c7501d9d390c6b9d0d1f779e
            • Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
            • Instruction Fuzzy Hash: 9021A231A00709EBCF19CF98C980A8EBBA5FF49358F5184E5FE159F244D771DA058B50
            Function 01B144B0 Relevance: .1, Instructions: 87COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 4df041a93751ce06961dfdbc12a77e3579dfe9b9e4adb4759f332f4e7898f848
            • Instruction ID: 9d03f52bd1ad14116c37ba11b6daae17a74bcfdd7d0cebafdee34162bbc5cc49
            • Opcode Fuzzy Hash: 4df041a93751ce06961dfdbc12a77e3579dfe9b9e4adb4759f332f4e7898f848
            • Instruction Fuzzy Hash: 1F2106726047469BCB26CF18C880B6B7BE4FF8D760F424659FD449B644D730E901CBA2
            Function 01ADE388 Relevance: .1, Instructions: 86COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
            • Instruction ID: 27dfda8d525aea343df4785e950af32ebc3640758f6e6e77a07b2328dce9aa0c
            • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
            • Instruction Fuzzy Hash: C7319A71600A05EFDB25CFA8C984F6AB7B9EF85354F1445A9E512CB281E730EE02CB50
            Function 01B5E609 Relevance: .1, Instructions: 86COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 176fa45267fa1b48c819e880c148673ed58c0d466c9572d949a7b9715c721579
            • Instruction ID: 2be5dcca008f9d8d3d6615b265a3994588492521836a79801e31f2049880e1ac
            • Opcode Fuzzy Hash: 176fa45267fa1b48c819e880c148673ed58c0d466c9572d949a7b9715c721579
            • Instruction Fuzzy Hash: 80315C756002059FCB5CCF1CC884AAEB7B5EF88354B15459AFC099B391EB71EA50CBA1
            Function 01B606F1 Relevance: .1, Instructions: 79COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: a7f1ef3181f7047bf39b70d3012e9e5b3b073d3ade612b761b2b1ca67bb84e40
            • Instruction ID: 48b58e76c703ac2c83057949dc4a4348cab7e0b703cc887cd5f4310e7dc8c40b
            • Opcode Fuzzy Hash: a7f1ef3181f7047bf39b70d3012e9e5b3b073d3ade612b761b2b1ca67bb84e40
            • Instruction Fuzzy Hash: 9A218071A0062A9BCF28DF59C881ABEB7F8FF48740B5100A9F541E7240D778AD41CFA1
            Function 01B6019F Relevance: .1, Instructions: 78COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: a88ed18dd8fa337c3852af5584addb7a6b808f79d2b7e65e25b347018f93259b
            • Instruction ID: 529de6ddc8abff69a158672f5db71951ced56830bb5c69fe63273ae61205133b
            • Opcode Fuzzy Hash: a88ed18dd8fa337c3852af5584addb7a6b808f79d2b7e65e25b347018f93259b
            • Instruction Fuzzy Hash: BD218B71600645ABDB19EBA9D940F6AB7A8FF58740F1440A9FA04D76A0D738ED40CB64
            Function 01B60283 Relevance: .1, Instructions: 74COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 95c1fd32ef12bbf427813e43a130b84d622b698d3e05fd9e0f1d31a8c1fefdb2
            • Instruction ID: c5fd74dbd36675d9e1c36166604f990bc23d9df97c9ad244f56b411a4e9b5538
            • Opcode Fuzzy Hash: 95c1fd32ef12bbf427813e43a130b84d622b698d3e05fd9e0f1d31a8c1fefdb2
            • Instruction Fuzzy Hash: 1621C8725043459FD716EF5AC944B6BBBDCEFA4240F08449ABE84C7251D738D509C6A1
            Function 01B02835 Relevance: .1, Instructions: 73COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: d66305c664d5b3a31bd1dc6e6e7bb25bd1db0f67984597ee1069ebb9e04ec5f3
            • Instruction ID: 4950b1330ab8b6749fecafaa4729470bf41124774cce9e6f29d3c326a8c61dee
            • Opcode Fuzzy Hash: d66305c664d5b3a31bd1dc6e6e7bb25bd1db0f67984597ee1069ebb9e04ec5f3
            • Instruction Fuzzy Hash: 0D212331A857819BF72B677C8D48B243F94EF41B70F2843E4FA619B6E2DB68C805C200
            Function 01B1A30B Relevance: .1, Instructions: 70COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 1453a61a0da450fd80c483acfa82de25b84e1dc5fd9d8272b494917d9d200777
            • Instruction ID: 9d5ae16526ffd6676138585b2aaa2bf97e39ba2d9f77a4bc0c394ab37fa21435
            • Opcode Fuzzy Hash: 1453a61a0da450fd80c483acfa82de25b84e1dc5fd9d8272b494917d9d200777
            • Instruction Fuzzy Hash: F721BE752416419FCB29DF29CD41B56B7F5FF08708F1484ACA509CBB61E331E842CB94
            Function 01B9A49A Relevance: .1, Instructions: 70COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 907caa78d57b586719a1afc470b5badfb78625762682a058379d37c092512ae4
            • Instruction ID: 549cc66ac6d008b519580ce01c04259864477d1f6ddf13219446e5fe735fa6ae
            • Opcode Fuzzy Hash: 907caa78d57b586719a1afc470b5badfb78625762682a058379d37c092512ae4
            • Instruction Fuzzy Hash: FD110672380A11BFEF266679AC41F277A99DBD4B60F1105B8B718DB290EF70DC028795
            Function 01B60946 Relevance: .1, Instructions: 70COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 7517fb4f94eb25264c8a9b8680ce27f08169a7d704d9ad81a0d19ada517f4bb8
            • Instruction ID: 4d7a1e57e6e6257644a579ec9fffffedf691155dcc84855255f14ccf9bd7ef0e
            • Opcode Fuzzy Hash: 7517fb4f94eb25264c8a9b8680ce27f08169a7d704d9ad81a0d19ada517f4bb8
            • Instruction Fuzzy Hash: 91212CB1E41209ABCB24DF9AD9809AEFBF9FF98710F10016FE405A7250DB749941CF50
            Function 01B780A8 Relevance: .1, Instructions: 69COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
            • Instruction ID: 230141207d8475385ad1b5758dbc196f682c1de33247741bd53d7ff83a259dcc
            • Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
            • Instruction Fuzzy Hash: 31218E72A0020AEFDF129F99DC44BAEBBB9EF48310F214859F924A7251D734D951DB50
            Function 01B10124 Relevance: .1, Instructions: 68COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
            • Instruction ID: 10f786146e4d122992e6993ba29b0787d88146725cd3159c96d7ca9a06201507
            • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
            • Instruction Fuzzy Hash: D7110473600605BFDB26AF46DD41F9ABBB8EB84754F1140A9F6048B180D775ED94CB50
            Function 01AE8770 Relevance: .1, Instructions: 68COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 4433caa5c689a5e1f6f4d47509ef0dd4e8913da69d22bac3011b66d9dc1f184a
            • Instruction ID: 7b4a19e0dbe4a59ca34306bf458e2aa3af1d716c17c855b5dc5bc07f5c2f8c76
            • Opcode Fuzzy Hash: 4433caa5c689a5e1f6f4d47509ef0dd4e8913da69d22bac3011b66d9dc1f184a
            • Instruction Fuzzy Hash: 4211C1357416119BDB16CF4DC5C4A26BBE9AF4A750B1880ADEE089F205D7B6D901CB90
            Function 01B1AAEE Relevance: .1, Instructions: 68COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
            • Instruction ID: aaeef21db4fd429725a9102de7143aef50e487d7dd5f26aa76407ccf0d7db58c
            • Opcode Fuzzy Hash: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
            • Instruction Fuzzy Hash: F721AC71601681DFDB399F99C540A26BBE6FB94B10F5289BDEA4AC7614C730EC01CB40
            Function 01AE80E9 Relevance: .1, Instructions: 66COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 9f9ae62e97072cf8dc6e977ce21bc7ad1ae0275475d1519d36728ade2fde021f
            • Instruction ID: 40fc0f941c2937e8e6ce5d481f9195ab8d4db45217615f9df949f98e3c327388
            • Opcode Fuzzy Hash: 9f9ae62e97072cf8dc6e977ce21bc7ad1ae0275475d1519d36728ade2fde021f
            • Instruction Fuzzy Hash: D4215875A4020ADFCB14CF98C591AAEBBF5FB88718F24416DD105AB311DB75EE06CB90
            Function 01B1674D Relevance: .1, Instructions: 65COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 38d262539046cd595659c584951c7f59417036ea6be70a980708d5de903405c0
            • Instruction ID: 28b814d250c0a730c0636d73875a34364b415622f23fba709704fa24d84f6ca4
            • Opcode Fuzzy Hash: 38d262539046cd595659c584951c7f59417036ea6be70a980708d5de903405c0
            • Instruction Fuzzy Hash: 56219071600A01EFD7298F68C881F66B7F8FF44350F45886DE9AAC7250EBB0A840CB60
            Function 01B0E8C0 Relevance: .1, Instructions: 63COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: c51b4cdead15c5fc0e42f03caff11405b726f9c8d9e48df6f2f7813b0724ccf9
            • Instruction ID: 449d07faefac853560dc08ac6d197682470c4bdf0b5bb8057a3c0122822ec688
            • Opcode Fuzzy Hash: c51b4cdead15c5fc0e42f03caff11405b726f9c8d9e48df6f2f7813b0724ccf9
            • Instruction Fuzzy Hash: E511E5333001149FCF1EDB29CD81A7B7656EFD5370B2589ADE9268B291EB30DC02C690
            Function 01B76870 Relevance: .1, Instructions: 63COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 6af5e49f54f92b26497205841b4c87b4f9d446f1ae43e22d18757199eb349ffd
            • Instruction ID: 9f52a678efdeb4c83ec47516aaadf2714ae403af65637e6fd5461aa64d7c4eb5
            • Opcode Fuzzy Hash: 6af5e49f54f92b26497205841b4c87b4f9d446f1ae43e22d18757199eb349ffd
            • Instruction Fuzzy Hash: 6F112332640A05EFEB26CB9DCD40F9A7BA8EF99750F0140A9F221CB250DB70ED01C7A0
            Function 01B166B0 Relevance: .1, Instructions: 61COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 0eca0208a98e9541545f520a06532d29034adac87f031b5e4b932821202c5814
            • Instruction ID: 2cb2f3cb97ae9875d72de8523c574c174a84e5f8f349d8c4509ab216a575377c
            • Opcode Fuzzy Hash: 0eca0208a98e9541545f520a06532d29034adac87f031b5e4b932821202c5814
            • Instruction Fuzzy Hash: 3D119D76A01205DBCB29CF99C590A5ABBA4EB94710B4240BEED059B319E7B0DD00CB90
            Function 01BAA8E4 Relevance: .1, Instructions: 61COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
            • Instruction ID: 466eb754c9c14eb1d0e7ed2a132024157f63bc3e47208961289f89c744a70ab5
            • Opcode Fuzzy Hash: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
            • Instruction Fuzzy Hash: 18110436A00905AFDF1DCB68C805B9DBBB5EF84310F0582A9E84597340E731FD01CB90
            Function 01AE0AD0 Relevance: .1, Instructions: 61COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
            • Instruction ID: 41235c4234d94a3de81e75f7d52d11bb86a052469c5167d12ebad7ba6cab809a
            • Opcode Fuzzy Hash: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
            • Instruction Fuzzy Hash: 182106B5A00B059FD7A0CF29D540B52BBF4FB48B10F10492EE98AC7B40E371E814CB90
            Function 01B6E7E1 Relevance: .1, Instructions: 59COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
            • Instruction ID: ea52bf20a0f9757bffcae3b2b2ddeb1c42a863da56fa08136ee52429622f8a55
            • Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
            • Instruction Fuzzy Hash: 7211023A600601EFEB28DF49C844F56BBE9EF61754F0584ACFA089B160EB39DC40CB90
            Function 01B027ED Relevance: .1, Instructions: 58COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 255bcd130216f132e87388afd1085ec58d209d635123ffef114eb3492b04fe56
            • Instruction ID: a016621f2e603cbc53b59ad3f44f5daa16d7ec645b43d1f0c1915bbaf884271b
            • Opcode Fuzzy Hash: 255bcd130216f132e87388afd1085ec58d209d635123ffef114eb3492b04fe56
            • Instruction Fuzzy Hash: C801D676645645ABE71FA26EDC88F276F9CEF50354F0540E5FA018B291DB24DC04D261
            Function 01AE4690 Relevance: .1, Instructions: 57COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 475895bdbb3ce979d583d24b0b160c1d878fe888df04e37dba70bed5c300548a
            • Instruction ID: c42d0ca6a20e00218958e80140b87762abdcfa34b58b7a3ef6fb04dcf90dc795
            • Opcode Fuzzy Hash: 475895bdbb3ce979d583d24b0b160c1d878fe888df04e37dba70bed5c300548a
            • Instruction Fuzzy Hash: 3B110E36284641AFDB25CF59D988F567BECEB8AB64F044119FA04CB741C370E800CFA0
            Function 01BB4B00 Relevance: .1, Instructions: 57COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 0576c80069363197aaac956ad80e7c6b48aa5b63187e102bcd8c44ff7ebf5508
            • Instruction ID: ce5560da499b8bd52965ca2e6ffe776fe60e5dfe7fac496896af4cc05a9acf58
            • Opcode Fuzzy Hash: 0576c80069363197aaac956ad80e7c6b48aa5b63187e102bcd8c44ff7ebf5508
            • Instruction Fuzzy Hash: AD11C636200A119FDB3A9A6DD880FB6BBA5FFC4710F154559E747C7A91DB70E802C790
            Function 01B16620 Relevance: .1, Instructions: 56COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 27ee9b4b573fb401dcd5e686abb5584169de18d58252e041bad66958c052d556
            • Instruction ID: c125fb02c042e14d0fd27cd9cfe1ac9f0650e531cd09765ad14ae7e565765d44
            • Opcode Fuzzy Hash: 27ee9b4b573fb401dcd5e686abb5584169de18d58252e041bad66958c052d556
            • Instruction Fuzzy Hash: 3111E976A00716ABDB25DF59C980B9EFBB8FF84740F920898EA00A7208D770ED01CB50
            Function 01B0EA2E Relevance: .1, Instructions: 56COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 9224632409de856ba81c689e65e4362dd64cdd041603c0c8e6c5c56ad51ad3a6
            • Instruction ID: d674a5a202624aa06ab7b502409d81376cf9adce5ae846e88ebcab7ab75414f9
            • Opcode Fuzzy Hash: 9224632409de856ba81c689e65e4362dd64cdd041603c0c8e6c5c56ad51ad3a6
            • Instruction Fuzzy Hash: 7B0192716011099FC72EDB19D548F16BBF9EB95314F2585AAE1058B2A0D770DC82CBA4
            Function 01B0E53E Relevance: .1, Instructions: 55COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
            • Instruction ID: 4b313de56c4c9b589b4365e1675a623749ed3e1acc28838cd2ef4600105e2efd
            • Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
            • Instruction Fuzzy Hash: C11108722016C29FEB2B976CCA54B357BE4FF00748F1948E8EE41976D2F329C842D250
            Function 01B6E75D Relevance: .1, Instructions: 54COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
            • Instruction ID: 65b1e4b33250b1b851e76910cac8759a5d784f865e19441db9a6da05c65fe3f7
            • Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
            • Instruction Fuzzy Hash: 7301D23A601205AFEB29DF58C904F6A7AADEF60B50F0580A4EA059B260E77DDD40C790
            Function 01ADA250 Relevance: .1, Instructions: 52COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
            • Instruction ID: d84acae0145a528ba0d0ff69f91570d35e49d205e30047b2fa1aaaedaa60fa8d
            • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
            • Instruction Fuzzy Hash: 6101F572505F229BCB318F1AD840A767BF5FF55B607048A2DFD9A8B6A1D731D800CBA0
            Function 01BB4940 Relevance: .1, Instructions: 52COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 6bb872ab3972dd0acd4d70fc5461ea3491b21a49eda2c66f8bf7c043ae2f67d5
            • Instruction ID: 2629c015fca6eda2de8b5217d372a953b53b622931bd55a15e2178346124a447
            • Opcode Fuzzy Hash: 6bb872ab3972dd0acd4d70fc5461ea3491b21a49eda2c66f8bf7c043ae2f67d5
            • Instruction Fuzzy Hash: 3A0126324412019FC736DF1CC984FA6B7A8FB81370B1542A9EAEA9B593D770D801C7C0
            Function 01B5E1D0 Relevance: .1, Instructions: 51COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 31c79a18dcaf5f0d5cb8c29642faf0f238fee395fcb544770a77416a13c06b83
            • Instruction ID: 70e19c9d2e34a0313670990e2d48d2639e7325e6cd3c9ed378d6da0076be6715
            • Opcode Fuzzy Hash: 31c79a18dcaf5f0d5cb8c29642faf0f238fee395fcb544770a77416a13c06b83
            • Instruction Fuzzy Hash: 60118E31241241EFDB1AAF19C990F16BBB8FF58B94F1000A5E9059B661C735ED01CA90
            Function 01AE6259 Relevance: .1, Instructions: 51COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 459cd5170f983b8d58b04aebfec21ae2812008b0298b03f38c5f91fe787afa53
            • Instruction ID: de85472ddd26be8354ddfd7d1f2f524786375c10e81e26d5e4b52df45324c328
            • Opcode Fuzzy Hash: 459cd5170f983b8d58b04aebfec21ae2812008b0298b03f38c5f91fe787afa53
            • Instruction Fuzzy Hash: 44115A70941229ABDF29AB64CD56FE9B3B4BF18710F5045D4E318E60E0DB709E89CF84
            Function 01AE208A Relevance: .0, Instructions: 50COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
            • Instruction ID: c2943ec9c3f5e30640cc9e896f93dd3eff229c7a176218f15d6cc153cf11b33f
            • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
            • Instruction Fuzzy Hash: DB0128326001008BDF199A5DD884BA27BABFFC4710F5944AAED058F286DB71CC81C390
            Function 01B66050 Relevance: .0, Instructions: 50COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 744fa0d9697fa3b3745cb3ae88659027d8aedc590b41677940d4f850435c1441
            • Instruction ID: 2d3d1522ca7194f30cf56463f94a76954c2252c533f855444b4fe9eede00e539
            • Opcode Fuzzy Hash: 744fa0d9697fa3b3745cb3ae88659027d8aedc590b41677940d4f850435c1441
            • Instruction Fuzzy Hash: B2111772900019ABCB15DB94CC80EDFBBBCEF58354F044166E916E7211EB34AA15CBA0
            Function 01B76500 Relevance: .0, Instructions: 50COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 9b90313d76373359c0ed076b964cd98509adc53535aa6288c4a6bb70e3306cf4
            • Instruction ID: e3a4c8ad08b58bbcfe1951849c115458dce31c0ae428007ad3d0eeca0912e157
            • Opcode Fuzzy Hash: 9b90313d76373359c0ed076b964cd98509adc53535aa6288c4a6bb70e3306cf4
            • Instruction Fuzzy Hash: 1611043260054A9FE319CF58D810BA2BBB9FB5A304F088199E859CB315D732EC80DBA0
            Function 01B6C810 Relevance: .0, Instructions: 50COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 016b532568a0762c3c1f12b2c991d4d40bfb36ef3e369a37e7e75221978eb21c
            • Instruction ID: 4ce4a40e962e771823f270ffd2cabb73e6086f0c0f94dfb3867fcfef604f4615
            • Opcode Fuzzy Hash: 016b532568a0762c3c1f12b2c991d4d40bfb36ef3e369a37e7e75221978eb21c
            • Instruction Fuzzy Hash: F811ECB1E002199BCB14DF99D541AAEBBF8FF58350F10406AF905E7351D778EA01CBA4
            Function 01B8EA60 Relevance: .0, Instructions: 50COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 306705bb0c0ae4416847633aa23fb02db6785bb2f8b71737c60624f38bbb3b67
            • Instruction ID: 07382da79af5409c5aea389f8a9724b72a68700cac57439935ea1c217cd4baff
            • Opcode Fuzzy Hash: 306705bb0c0ae4416847633aa23fb02db6785bb2f8b71737c60624f38bbb3b67
            • Instruction Fuzzy Hash: 1B01B1321402119BCB3ABB29C544E36FBA9FF51F50B0544AEF6555B211CB30DC41CB91
            Function 01B220F0 Relevance: .0, Instructions: 49COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: b38a7ed3b6795b9d5a303e638e23a26e2917f5f4e7e592ea448514b55ee76383
            • Instruction ID: 0a67803a7cfa30ace903d34b18f525fafbf13e23e0f3b5d0a28e3c7faaf08ff9
            • Opcode Fuzzy Hash: b38a7ed3b6795b9d5a303e638e23a26e2917f5f4e7e592ea448514b55ee76383
            • Instruction Fuzzy Hash: 9411AD35A0020DAFCF09DFA5C850FAE7BB5EB45340F104098FA059B290DB34AE05CB90
            Function 01ADC020 Relevance: .0, Instructions: 49COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
            • Instruction ID: 9d705a8255e7e5addc583a8884246d1d403673c7841a3cacd03f407f09acc192
            • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
            • Instruction Fuzzy Hash: 7601D832100B059FEF26A6A9C940EA777FDFFC5260F85885DAA468B584DF70E402C750
            Function 01B1E5CF Relevance: .0, Instructions: 49COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 87f847155b3c5c98c869b0bf415a89cffd3fc8202ef4da8eecaea0c7df5bf0dc
            • Instruction ID: c66556619472c033e78207e89386dee3d554ed3ca4e04c4d268a5dd1fd980f1f
            • Opcode Fuzzy Hash: 87f847155b3c5c98c869b0bf415a89cffd3fc8202ef4da8eecaea0c7df5bf0dc
            • Instruction Fuzzy Hash: 2901F771200502BFC715ABB9CE40F13BBACFF54794701067AB60583551DB75EC01C6E0
            Function 01B769C0 Relevance: .0, Instructions: 49COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 4eb1faf124666d82f685c9c69514dc5c2fa6137e668a6d72277e1c8899a8b8fe
            • Instruction ID: 50e36c73f4a97d2d0a68615cbcd44dd8936dc3773beb6fc0eff528f5a9b0d4c1
            • Opcode Fuzzy Hash: 4eb1faf124666d82f685c9c69514dc5c2fa6137e668a6d72277e1c8899a8b8fe
            • Instruction Fuzzy Hash: BC014C322146169FD728EF6DC888EA7BBA8FF98720F114269F968871C0E7309905C7D1
            Function 01B6C460 Relevance: .0, Instructions: 48COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: f96b43370351ccdd5e2d049d068fba16e884d2fc38737d7a1a03149004b44672
            • Instruction ID: 236ff51f40ceb2db74d02a0e6620ea3958153034e72c198faee585b666df2d59
            • Opcode Fuzzy Hash: f96b43370351ccdd5e2d049d068fba16e884d2fc38737d7a1a03149004b44672
            • Instruction Fuzzy Hash: 88115B71A01209ABDF19EFA8C844EAE7FB9EB58350F004099F94197390DB39E911CB90
            Function 01B6C97C Relevance: .0, Instructions: 48COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 9acd088ae9893eff213272314a61b9f774ebe46bb6c1234a38c458d5b3990553
            • Instruction ID: 9ac1095204188cdf4678cf610b074de539d672cc51e04e4e2f10100a59b02a3c
            • Opcode Fuzzy Hash: 9acd088ae9893eff213272314a61b9f774ebe46bb6c1234a38c458d5b3990553
            • Instruction Fuzzy Hash: FD1157B16083089FC704DF69C441A5BBBE8EF98310F00895EFA98D7390E734E900CBA2
            Function 01BB4A80 Relevance: .0, Instructions: 48COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
            • Instruction ID: 9e1902380597fff8852238894f2b115bc75743868cefc874451f1a85a60ddbf4
            • Opcode Fuzzy Hash: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
            • Instruction Fuzzy Hash: 2401B5322006019FDB299A99D884EE6BBEAFBC5310F044899E643CBA91DBB0F840C754
            Function 01B6CA11 Relevance: .0, Instructions: 48COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: a6e9c6c11c5b12c7d25ac46d0831d3269f3bd366b7c8723437c43b9f0d5c8828
            • Instruction ID: e025503b2531d993597c7c3f3a59366cf61499d1e2b47fb8357630569ac34877
            • Opcode Fuzzy Hash: a6e9c6c11c5b12c7d25ac46d0831d3269f3bd366b7c8723437c43b9f0d5c8828
            • Instruction Fuzzy Hash: 091157B16083089FC704DF69C541A4BBBE8EF99350F00895EF998D73A4E734E900CBA2
            Function 01AFE016 Relevance: .0, Instructions: 46COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
            • Instruction ID: cc572c8521323cfe0e5221ff4800087db9d51ced14cfffe14177916579bb8c15
            • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
            • Instruction Fuzzy Hash: 7B018F722405809FE32A975DC988F267BEDEF84764F0E04A5FA05CB6A1D778DC40C625
            Function 01AD826B Relevance: .0, Instructions: 46COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 588d5e3333324576ec7ed63adca5896167181c507a7c27a92aa359e390269559
            • Instruction ID: cdcc11e8c6fd1d15cce50fd8cdeac83243163f857aba94504466b51c117c1e02
            • Opcode Fuzzy Hash: 588d5e3333324576ec7ed63adca5896167181c507a7c27a92aa359e390269559
            • Instruction Fuzzy Hash: 0A01D472B00905EBCB18EB69DD549AE77B8EF90220B094069DA02A7655EF34E901C691
            Function 01B8EB50 Relevance: .0, Instructions: 46COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID: InitializeThunk
            • String ID:
            • API String ID: 2994545307-0
            • Opcode ID: 6b4291bf5593e1f3720c3409667d93b320b3d6182d152c5ee09550111f38c5c0
            • Instruction ID: dc09772c308a0c65a16aeaa1f17efb0ae7a0327f0b1311055347077dcdcdcb94
            • Opcode Fuzzy Hash: 6b4291bf5593e1f3720c3409667d93b320b3d6182d152c5ee09550111f38c5c0
            • Instruction Fuzzy Hash: 45018FB1281601AFD3396B59D940F06BAA8EF55F90F01446EF30ADB3A1E7B0D840CB58
            Function 01AE2582 Relevance: .0, Instructions: 45COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 07af056102afc82da31d44bb6ec5465ebf29dc0bf452af2ceb8ee2ea758cb02a
            • Instruction ID: 840b103014e46a9bc06a51c81addfc5a56408e5f50da002c7698430bf4bcd80b
            • Opcode Fuzzy Hash: 07af056102afc82da31d44bb6ec5465ebf29dc0bf452af2ceb8ee2ea758cb02a
            • Instruction Fuzzy Hash: 0AF0D632A41A11A7C7319B5A8E44F177AEDEB84B90F154429F60597600C634DD01C6B0
            Function 01B0C073 Relevance: .0, Instructions: 43COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
            • Instruction ID: 69c89d7f369dbae61590d4578e4bab56ca8d81dbd5447baa574f5e5bf733d644
            • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
            • Instruction Fuzzy Hash: 1AF0C2B2A00625ABD329CF4DDC40E57FBEADBD5A80F048169E619C7220EB31ED04CB90
            Function 01ADC310 Relevance: .0, Instructions: 43COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
            • Instruction ID: bc80126ccf38b76f51ffe7e977830b8ad9761e8f0744e0647e2c6db472bd4832
            • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
            • Instruction Fuzzy Hash: 89F0FC73244E239BD73217694940B6BE5A58FD5A74F5A003DF2079B24CCE608D02D6D0
            Function 01BB634F Relevance: .0, Instructions: 43COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: af0ffe24988b4aa39430502fb2228a97dbad61ac1354ba65497ba62b402f268e
            • Instruction ID: d984204136c1f3c7b428793fd69a9962443a757b8fed55652e442f8a69c3000c
            • Opcode Fuzzy Hash: af0ffe24988b4aa39430502fb2228a97dbad61ac1354ba65497ba62b402f268e
            • Instruction Fuzzy Hash: 0F012C71A11219ABDB04DFA9D591AAEBBF8FF58314F10406AF904E7390D7789A01CBA0
            Function 01BB62D6 Relevance: .0, Instructions: 43COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: a84d0013ddf45e5f1091c07a4874eb1b36e6e6e1ede93862d2e365daefff9480
            • Instruction ID: efe8dc9bd92ca35239965328a1b6955027673b2ec425fd648112eeda9aed00bf
            • Opcode Fuzzy Hash: a84d0013ddf45e5f1091c07a4874eb1b36e6e6e1ede93862d2e365daefff9480
            • Instruction Fuzzy Hash: C3017171A01209ABCB04DFA9D581AAEBBF8EF58300F50405AF904E7390D774DD048BA0
            Function 01BB625D Relevance: .0, Instructions: 43COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 88dcfa05b943ad71bfeebb0374bcbd3b9c19c775fb5038ebbae913ca2768206f
            • Instruction ID: 8d118c67c54c6f85da57b11c7206291301aec00021eb2c1c869879855395caf7
            • Opcode Fuzzy Hash: 88dcfa05b943ad71bfeebb0374bcbd3b9c19c775fb5038ebbae913ca2768206f
            • Instruction Fuzzy Hash: 66012171A10219ABDB04DFA9D591AAEB7F8EF58314F10405AF904E7351D7749D01CBA0
            Function 01B1CA6F Relevance: .0, Instructions: 42COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
            • Instruction ID: 9991114028b0669433bdec599e927c34d1f73df062b0a5f474776b29b3ea444f
            • Opcode Fuzzy Hash: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
            • Instruction Fuzzy Hash: 2801F4322406859BD72B975EC805F59BF98EF51750F0984E5FE448B6A9D778C800C650
            Function 01BB61E5 Relevance: .0, Instructions: 41COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 17a6c390daadbeaf5ba6ccf3c338c9e5853b9f7de51c1a326f4097115aa9ee4c
            • Instruction ID: dbd7f3d22d5d6619948cf6d648de71af8e90027f41e8a6f64dd4e235f911ba99
            • Opcode Fuzzy Hash: 17a6c390daadbeaf5ba6ccf3c338c9e5853b9f7de51c1a326f4097115aa9ee4c
            • Instruction Fuzzy Hash: B6018F71A002599FDF04DFA9D541AEEBBF8FF58310F14409AF504A7280D778EA01CBA4
            Function 01B663C0 Relevance: .0, Instructions: 41COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
            • Instruction ID: e337c01935e65389d97f2d2af47fe1b76c7929716f03bc320aceb4fd18784fdc
            • Opcode Fuzzy Hash: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
            • Instruction Fuzzy Hash: 10F0497220001EBFEF029F94DD80DAF7B7EEB68398B104164BA0092060D735DE21ABA0
            Function 01B6A4B0 Relevance: .0, Instructions: 40COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: efd618f2bb7db3acc1f236ccab2aff62e125a2a216a39d84885af9ce2be2b0e5
            • Instruction ID: 144d1e292c6a03f4fdee568218bb2901a49582285665182b30b949f6f0ba759c
            • Opcode Fuzzy Hash: efd618f2bb7db3acc1f236ccab2aff62e125a2a216a39d84885af9ce2be2b0e5
            • Instruction Fuzzy Hash: 3C019A36111119ABCF169F94DC50EDE7F6AFB5C754F058141FE1866220C336D970EB81
            Function 01ADC0F0 Relevance: .0, Instructions: 39COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 1e84afa59dd01a4c84da0d9cd63bcd2f4c056c8d43e4f4a2ebe9fbca5497397b
            • Instruction ID: ac5da0b9e7525e5390047da005600bcb7e7e9d326a2da62620108b63414a2500
            • Opcode Fuzzy Hash: 1e84afa59dd01a4c84da0d9cd63bcd2f4c056c8d43e4f4a2ebe9fbca5497397b
            • Instruction Fuzzy Hash: 65F0BB712047A15BF71497799C41B6236A9E7D0761FA5806EF7068B2C5FA71DC01C3A4
            Function 01B1656A Relevance: .0, Instructions: 39COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 47524450791fd86a9b85c1290716a24b3dab48b6f4f9893ab06e01ea014b1342
            • Instruction ID: 42d6629cba1e7ecf6a80e03c8c7c784d41589c573ab29db322bab10f3f6bc00c
            • Opcode Fuzzy Hash: 47524450791fd86a9b85c1290716a24b3dab48b6f4f9893ab06e01ea014b1342
            • Instruction Fuzzy Hash: 1101A4702016859BE77E976CCD48F2537A8FB40B44F9946E4FA01CB6EEE768D441C210
            Function 01B8437C Relevance: .0, Instructions: 37COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
            • Instruction ID: 548932b885854f1bc4acd18d4a9d0aac89612396436769851f63d48ede0ff239
            • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
            • Instruction Fuzzy Hash: C7F02736341E1357EF3EBA2E94A0B2FBA95EFA0E40B0506BC9611CB680DF20DC01C780
            Function 01B6C89D Relevance: .0, Instructions: 36COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 1ba9345c7d1ea10b5a41340feda76efa71d196811dabebdd8d8659fcdde2bdd2
            • Instruction ID: eabb6cb2c2b6dd7794158b3d4869ae1391117a24ce8a8c2355f464401ca85622
            • Opcode Fuzzy Hash: 1ba9345c7d1ea10b5a41340feda76efa71d196811dabebdd8d8659fcdde2bdd2
            • Instruction Fuzzy Hash: D2F081706053049FC714EF68C541A1ABBE4EF98710F40465AB898DB390E738E900C756
            Function 01B6E872 Relevance: .0, Instructions: 36COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
            • Instruction ID: bcacd4a546044c03f1682eaa29b315c83ec32b4fd7fa697faeaccca99b3067f1
            • Opcode Fuzzy Hash: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
            • Instruction Fuzzy Hash: FAF089377115129BD735DA4DCC80F16B76CEFE5A60F1A01A9B6049B260C764EC02C7D0
            Function 01B10854 Relevance: .0, Instructions: 35COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
            • Instruction ID: 0279bd377ad6b69c0e8842badcba078f2b5161aca5e6a2a23a537c8640a80564
            • Opcode Fuzzy Hash: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
            • Instruction Fuzzy Hash: D7F02472600200EFE718EF21CD00F46B6E9EF9C344F1580B8A945C7164FBB0DD40D654
            Function 01B6C912 Relevance: .0, Instructions: 34COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 46a2ae226169111a67fe6de1c6d99aa3c08c605e6b46286ae6ce9f550b267a22
            • Instruction ID: f386bedc9b99f72a8cc1f5eb658c6024654908074cbccda29950d7f73aa9d023
            • Opcode Fuzzy Hash: 46a2ae226169111a67fe6de1c6d99aa3c08c605e6b46286ae6ce9f550b267a22
            • Instruction Fuzzy Hash: 6DF04F70A012499FCB08EFA9C555A5EBBB4EF18300F408099F959EB395DB38EA05CB60
            Function 01AE47FB Relevance: .0, Instructions: 33COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 7272b6e28bbb83b32f2cbf40e7e6013a5e42f54b1a1594f01339bf10f2f761bc
            • Instruction ID: 311c9ef8220300136e4e9192f52b7d3a9e20810ca408bc18f9245cd77478de11
            • Opcode Fuzzy Hash: 7272b6e28bbb83b32f2cbf40e7e6013a5e42f54b1a1594f01339bf10f2f761bc
            • Instruction Fuzzy Hash: 4AF0E2319167E19FE733DBACC15CB61BBDC9B08630F09896AD589C7503C774D880C650
            Function 01BA0115 Relevance: .0, Instructions: 32COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 601ad329de903a26bd3885c98e0b62f4015ce6edcaddf396de4ecec3d53deff2
            • Instruction ID: 16841425d3ceae970e51d9407c3180b917d40dfd2d182b8731296c9128634e4c
            • Opcode Fuzzy Hash: 601ad329de903a26bd3885c98e0b62f4015ce6edcaddf396de4ecec3d53deff2
            • Instruction Fuzzy Hash: C9F0276681F6C006CF3E7B2D68A03D12F64E755214F5910D9F5A157206D778A483C720
            Function 01B1C5ED Relevance: .0, Instructions: 31COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 5f5aa03b82980562143ceb4e551151a5bf2a0aa775c56b671ca82e33b1b47b1d
            • Instruction ID: e46be34c8dc4720b3d279615165e59053d31d2963c12a6b66a617a77883fd2fb
            • Opcode Fuzzy Hash: 5f5aa03b82980562143ceb4e551151a5bf2a0aa775c56b671ca82e33b1b47b1d
            • Instruction Fuzzy Hash: 2AF05271481280DFE32A8B1CC148B657FE8EB407A0F8ABDE5F40A83907C370E880CA40
            Function 01B22619 Relevance: .0, Instructions: 31COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
            • Instruction ID: c41d700b6f5eacbff923ae00b0b09be4fd7ddb732bf33b4cb6ddbc6636b40498
            • Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
            • Instruction Fuzzy Hash: 86E092727006112BE7269E598D80F577B6EDF96B10F0400B9B6089E251CAE69C1D82A4
            Function 01B76030 Relevance: .0, Instructions: 29COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
            • Instruction ID: 9296cc90b9998332236e671f568e50b443a2ff323d015d2f8697a9c67d5fe83d
            • Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
            • Instruction Fuzzy Hash: D9F0E5B2100604DFF32A8F09D980F52BBF8EB19364F01C069E6199B560D339EC40CBA0
            Function 01AE0710 Relevance: .0, Instructions: 28COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
            • Instruction ID: 26cfe281f1b083494f645547d10b81ad66038e29bb35a6ec515933cb7a39d8fb
            • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
            • Instruction Fuzzy Hash: 93F0E539304741DBDB1ACF19C150A957BE4FB41350B040095F8428B351E775E982CB50
            Function 01B149D0 Relevance: .0, Instructions: 28COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
            • Instruction ID: a0d3149b34a1439763332e630400d274febe683a84833c576985ca3287ee924b
            • Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
            • Instruction Fuzzy Hash: 6EE0D833264245ABD7251E59C800B667BA5DBD07E0F970469E200CB154DB70DC40C7D8
            Function 01BB4164 Relevance: .0, Instructions: 27COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 7d428030977199bb9f71b8459a8be09b9a1599c0697ecec1fdcc3e06a5a7a6d8
            • Instruction ID: 03d94a3df5cbda210b615b2d98f36484b64c922b1f01458d5999e0d4068c88b6
            • Opcode Fuzzy Hash: 7d428030977199bb9f71b8459a8be09b9a1599c0697ecec1fdcc3e06a5a7a6d8
            • Instruction Fuzzy Hash: 75F03031E265918FE76AD72DE6D4BA57BE4FB10620F1A05D4D40687D13C7A4DC41C650
            Function 01B8678E Relevance: .0, Instructions: 27COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
            • Instruction ID: e3ed706ee125b40d3470e43fd365cf25106c4088e83ec918fd7f7f7071fab3c1
            • Opcode Fuzzy Hash: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
            • Instruction Fuzzy Hash: ECE0DF72A00110BBDF25A799CE01F9ABFACDB90FA0F050094BA00E70D0E630DE00C6D0
            Function 01BB08C0 Relevance: .0, Instructions: 25COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
            • Instruction ID: d8e2a20c4b7989fc9b0ceeb59e5a9f3540096758e0d13f6f4b387270404c39a4
            • Opcode Fuzzy Hash: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
            • Instruction Fuzzy Hash: 6EE09B316403508FCB299A1DD580AF3B7F8DF95660F1584F9E90547A12C3B1F942C6D0
            Function 01AE25E0 Relevance: .0, Instructions: 23COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: dd028612f2b5edbe9e6b546fbd2e55f2f72dc9fdaa65482c30d7630870111073
            • Instruction ID: 5dbd124247dc74dcaf8395af7cdc9087d9a932f6ccf022cce7dc7c5f432381c7
            • Opcode Fuzzy Hash: dd028612f2b5edbe9e6b546fbd2e55f2f72dc9fdaa65482c30d7630870111073
            • Instruction Fuzzy Hash: 50E092321005559BC725BF29DE15F9A77DAEF64360F014519F11597190CB30A810C784
            Function 01B9A456 Relevance: .0, Instructions: 23COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
            • Instruction ID: 4205c630fad2103b89975ae8a8db4ab13a1c643515fe62193dd0a479692d0b1c
            • Opcode Fuzzy Hash: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
            • Instruction Fuzzy Hash: 72E09231010612DFEF3A6F2AC90CB52BAE0FF50711F158CADE19A025B0C774D8C2CA40
            Function 01B64000 Relevance: .0, Instructions: 22COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
            • Instruction ID: 9fe438e003ff746bcef5c9ca07068d03c97bb7649be606f65b827d11e88e904b
            • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
            • Instruction Fuzzy Hash: A0E0C9343007158FE715CF19C040B527BBAFFD9610F28C0A8A9488F305EB36E842CB40
            Function 01B1CA38 Relevance: .0, Instructions: 22COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: d40275464a1f1341fdcc45f0f24e3ba9f10ff54a957516d738ee02ad7e86b0b2
            • Instruction ID: e92ee685946640f2d6d126da5db7cecc9c0d22f9df9fe5eefa76f6604a9052f9
            • Opcode Fuzzy Hash: d40275464a1f1341fdcc45f0f24e3ba9f10ff54a957516d738ee02ad7e86b0b2
            • Instruction Fuzzy Hash: ECD0C2334D10206ACB2FF558BC04F932E599B51260F0248A0F10892028D714CC8186C4
            Function 01AD823B Relevance: .0, Instructions: 21COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
            • Instruction ID: cdac3c71c6dcfaa2af7ea06ccfcc104156ccc11fcfa6ae97be3513e8c52c6bff
            • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
            • Instruction Fuzzy Hash: E9E0C231100E21EFDF362F19DD14F6176B5FFA8F10F1548A9F196460A48778AC96CB44
            Function 01AE2050 Relevance: .0, Instructions: 20COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 1590af53eb9c5c3e95a656ed35e3a6c1c57c6501de0c3ed1f84b434fee75f441
            • Instruction ID: 2e28fd7f384f060ca54aedc225f4a5f7a73e5423de364e1207906f4ccba7030c
            • Opcode Fuzzy Hash: 1590af53eb9c5c3e95a656ed35e3a6c1c57c6501de0c3ed1f84b434fee75f441
            • Instruction Fuzzy Hash: D7E08C321004516BC711FE5DDE10F9A739EEFA4360F010225F15097290CA20AC01C794
            Function 01B18A90 Relevance: .0, Instructions: 20COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
            • Instruction ID: f20e1639814196298a1db3f02e05c5fb769a88e4d37baab6eabc38e778d79ac9
            • Opcode Fuzzy Hash: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
            • Instruction Fuzzy Hash: 94E08633121A1487C728DE18D511B7277A4FF45720F09463EA61347794C634E544C794
            Function 01B36AA4 Relevance: .0, Instructions: 17COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
            • Instruction ID: a9eceef4d0659828efff3949b6fc82d6fea9530723464cca590da65e777c10b9
            • Opcode Fuzzy Hash: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
            • Instruction Fuzzy Hash: B9D05E36511A50AFC7329F1BEA00D13BBF9FFC4B10706066EA54583920C770A806CBA0
            Function 01B1E59C Relevance: .0, Instructions: 16COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
            • Instruction ID: 18f9cb9f5076bd2ed587a6dacfdab47b59e5910062ae7b0460ffd55684e4d9fc
            • Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
            • Instruction Fuzzy Hash: CBD0A932204620ABDB72AB1CFC00FD333E8BB88760F060499B008C7050C361AC82CA84
            Function 01B5E908 Relevance: .0, Instructions: 16COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
            • Instruction ID: ac7246b0fdd69ff560d0936e24aaca5f9d15e99a1ffb59d24bb133be7a99f776
            • Opcode Fuzzy Hash: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
            • Instruction Fuzzy Hash: 9EE0EC359506859BDF56DF99C644F5AFBF5FB94B40F150058A5085B660C734E901CB40
            Function 01ADA0E3 Relevance: .0, Instructions: 15COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
            • Instruction ID: a323a3022e7a64fd5bda12fe474dd10cf2a77b13550d3d0adb4ae97860c2632b
            • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
            • Instruction Fuzzy Hash: 88D0223331243193CF2897A56910F636915AF80AA0F0A002C350B93800C0148C43C2E0
            Function 01B1A830 Relevance: .0, Instructions: 14COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
            • Instruction ID: 75ad4e7034e63ae7e7ec30ce6d1f32ba7529f9d3904e1862809589c3571f4e31
            • Opcode Fuzzy Hash: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
            • Instruction Fuzzy Hash: CDD012371D054DBBCF119FA6DD01FA57BA9EB64BA0F454020B604875A0C63AE951D584
            Function 01B1CA24 Relevance: .0, Instructions: 14COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 4b4511ae7d94b5488866ef969839592947e6a1a12969ae27697a7416f92e6693
            • Instruction ID: 647c50e251389127a88e2ac1fec2aacd34c7e4a179727953f0775afe445a9e54
            • Opcode Fuzzy Hash: 4b4511ae7d94b5488866ef969839592947e6a1a12969ae27697a7416f92e6693
            • Instruction Fuzzy Hash: 43D09E355555029BDF5FDF59C621A6A7E74EB14640B8110ACEB4152524E325D901C650
            Function 01AF02A0 Relevance: .0, Instructions: 13COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
            • Instruction ID: c60ed7d92795584dcbaaf682f870192f517cb3dd0177e9e680c1faac12410ef4
            • Opcode Fuzzy Hash: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
            • Instruction Fuzzy Hash: A0D09239252A80CFD61A8B4CC6A4B1533A4BB44A44F854494F641CBB22D638D940CA10
            Function 01B1C700 Relevance: .0, Instructions: 12COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
            • Instruction ID: 2de5b537c9e3abf4fabdc13b158c240194c475c2370730ffed39887106dae2f2
            • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
            • Instruction Fuzzy Hash: 59C01232290648AFCB12AA99CE01F127BA9EBA8B40F010021F3048B670C631E821EA84
            Function 01B00310 Relevance: .0, Instructions: 11COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
            • Instruction ID: 726574f84acd22a64d3bcb5d4410dbd651f15edbe4f03f5a348446c863eba943
            • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
            • Instruction Fuzzy Hash: 57D01236100249EFCB06EF41C890E9A7B2AFBD8750F108019FD1907650CA31ED62DA50
            Function 01AE0750 Relevance: .0, Instructions: 9COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
            • Instruction ID: a8ca34ec4e48b8031a62802e8193c131e128f839b359de876db1a1e488fc3fde
            • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
            • Instruction Fuzzy Hash: A3C04879701A428FCF1ADB6ED394F4977E4FB84740F1548D0E905CBB22E724E815CA10
            Function 01B24340 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: c3705e093edce5f02934e8ade71f1748d89195ab7789a812254652ccc450154f
            • Instruction ID: 7b4d74e163d5370df2ea3d0e2e85c76195f2ecdfd2fd6e09df3b2a48111a44c5
            • Opcode Fuzzy Hash: c3705e093edce5f02934e8ade71f1748d89195ab7789a812254652ccc450154f
            • Instruction Fuzzy Hash: C0900232605800129144715848845465015A7E0301B55C151F0428555CCB148A676362
            Function 01B24650 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: a61d491679b23a549fd40e0bd2e784c7a2170665ef5f0611afe57867b1740f31
            • Instruction ID: 3783bb963329ad022093bb3b3dfaf696459a2f33ab0617720b8769bc9465b88f
            • Opcode Fuzzy Hash: a61d491679b23a549fd40e0bd2e784c7a2170665ef5f0611afe57867b1740f31
            • Instruction Fuzzy Hash: 56900262601500424144715848044067015A7E1301395C255B0558561CC7188966A36A
            Function 01B22BA0 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 3674dcf7059f4342ab0ed4d2001efc72c3e5a99abb42071dacf3fb0cad4161da
            • Instruction ID: 7cab49cc178c4daf4d8d1e68500ffe051aa5bc7cee8bea01e3585c70b3d5e89a
            • Opcode Fuzzy Hash: 3674dcf7059f4342ab0ed4d2001efc72c3e5a99abb42071dacf3fb0cad4161da
            • Instruction Fuzzy Hash: DF90023260540802D15471584414746101597D0301F55C151B0028655DC7558B6677A2
            Function 01B22B80 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: febb8b7005ef4d1ff9db8b1528f538038e7cfd6cc9eb4ceb4f6281083a1528d4
            • Instruction ID: ae15c1b00738f68ae3eb0fb400534d51dd6add4b045ffac70bc454a047516889
            • Opcode Fuzzy Hash: febb8b7005ef4d1ff9db8b1528f538038e7cfd6cc9eb4ceb4f6281083a1528d4
            • Instruction Fuzzy Hash: BA90023220140802D10871584804686101597D0301F55C151B6028656ED76589A27232
            Function 01B22BF0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: b76976d3ce4612a06b6e9d8ac1cf0df28f459edd168f385bc17b0e50e4f95766
            • Instruction ID: 257dbfdf85e1eb482b2b768379b7c75ebd4fe63f2a6d67d491b2e9f51d2c0b4d
            • Opcode Fuzzy Hash: b76976d3ce4612a06b6e9d8ac1cf0df28f459edd168f385bc17b0e50e4f95766
            • Instruction Fuzzy Hash: 8390023220140802D1847158440464A101597D1301F95C155B0029655DCB158B6A77A2
            Function 01B22BE0 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 3ae1e17ca08da4917edf4de8c6680841429db911782c11874c57729e6d75736d
            • Instruction ID: 68a61cad6cc2be31634c0251cf29fb481964a9c44b12a37f868c11a4033a66ad
            • Opcode Fuzzy Hash: 3ae1e17ca08da4917edf4de8c6680841429db911782c11874c57729e6d75736d
            • Instruction Fuzzy Hash: B190023220544842D14471584404A46102597D0305F55C151B0068695DD7258E66B762
            Function 01B22B60 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: d8d6a4513d9b5fc0cb23a6e12514108d8d06b5748bb4458c2f864007260b2a43
            • Instruction ID: 1b2e525ce30c3e24dab0411ffe9601b8b3d5bc7b595e578cf77d646bca2dcc70
            • Opcode Fuzzy Hash: d8d6a4513d9b5fc0cb23a6e12514108d8d06b5748bb4458c2f864007260b2a43
            • Instruction Fuzzy Hash: 9E90026220240003410971584414616501A97E0201B55C161F1018591DC62589A27226
            Function 01B22AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 1a2bb71d2b42786b79d1896e85aadca6138be0794abc67bb5c529e8bc88535a5
            • Instruction ID: ab0c396edef160062031b83d0aef71773f061851786ca46742e43e789e8ba9e4
            • Opcode Fuzzy Hash: 1a2bb71d2b42786b79d1896e85aadca6138be0794abc67bb5c529e8bc88535a5
            • Instruction Fuzzy Hash: C69002A2201540924504B2588404B0A551597E0201B55C156F1058561CC6258962A236
            Function 01B22AF0 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: e2a1702e3b03c411466c7d6f583894a845279df34611a19726a3deda0f71c47d
            • Instruction ID: c09abb72dbb526cd5fcaec38efc6c5f4c47fcadba18f29b5c16c1ba51948eedf
            • Opcode Fuzzy Hash: e2a1702e3b03c411466c7d6f583894a845279df34611a19726a3deda0f71c47d
            • Instruction Fuzzy Hash: 98900226221400020149B558060450B1455A7D6351395C155F141A591CC72189766322
            Function 01B22AD0 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: c8c5f92ba301a3bbaabef44d53b69d1b7a3b1df0001916bb01789c76b6a09835
            • Instruction ID: 8cde42b290d0b9e466960bfddf279894068fe0eb16ef5976ea013592dcc6cb71
            • Opcode Fuzzy Hash: c8c5f92ba301a3bbaabef44d53b69d1b7a3b1df0001916bb01789c76b6a09835
            • Instruction Fuzzy Hash: 90900226211400030109B5580704507105697D5351355C161F1019551CD72189726222
            Function 01B22DB0 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: dda2a3cb4224365976f6a96718b35ef20ca7ea2a9d9b830f61843a1ae23ea922
            • Instruction ID: a6e57af2dab9b416fdfc926709d7f6f6b2919a19041999834bfdee34047bcc43
            • Opcode Fuzzy Hash: dda2a3cb4224365976f6a96718b35ef20ca7ea2a9d9b830f61843a1ae23ea922
            • Instruction Fuzzy Hash: D890023224140402D145715844046061019A7D0241F95C152B0428555EC7558B67BB62
            Function 01B22DD0 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 8f6afed30b8157ff53466fb7819c261c3e7850cb31e518f061185887b16aba2a
            • Instruction ID: 7a387981486ca004323d27f1b3a043265035161e0e9fc238b79bffe150008915
            • Opcode Fuzzy Hash: 8f6afed30b8157ff53466fb7819c261c3e7850cb31e518f061185887b16aba2a
            • Instruction Fuzzy Hash: 9E900222242441525549B15844045075016A7E0241795C152B1418951CC6269967E722
            Function 01B22D30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 1cf1cc0231fb82f3e45e2dbc4db827c03f64462aba2bec71118e517100d94cd3
            • Instruction ID: 063b0106fd09d98f45d2cff11a7c8803ef9b3acbab63100976083703154fa6d9
            • Opcode Fuzzy Hash: 1cf1cc0231fb82f3e45e2dbc4db827c03f64462aba2bec71118e517100d94cd3
            • Instruction Fuzzy Hash: 2590022230140003D144715854186065015E7E1301F55D151F0418555CDA1589676323
            Function 01B22D10 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 7a3ea220c683c070dac3a3f8544d8a6722b2fb3c632e507ad9c57a9810e5916e
            • Instruction ID: 5a956ae79e00559c977fa86ac2f7b1ec04a493a0ea5ec8a7948071735c628c8b
            • Opcode Fuzzy Hash: 7a3ea220c683c070dac3a3f8544d8a6722b2fb3c632e507ad9c57a9810e5916e
            • Instruction Fuzzy Hash: A790022A21340002D1847158540860A101597D1202F95D555B0019559CCA15897A6322
            Function 01B22D00 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: b4fc8b0049ec486acad7e61f1d0872f586781c4ed9b08cfbca527ec10fb6a686
            • Instruction ID: 15213bac18cfaba1dfef19fe812858d7b4cedf88806b81f1df14a26f09070782
            • Opcode Fuzzy Hash: b4fc8b0049ec486acad7e61f1d0872f586781c4ed9b08cfbca527ec10fb6a686
            • Instruction Fuzzy Hash: 4890022220544442D10475585408A06101597D0205F55D151B1068596DC7358962B232
            Function 01B22CA0 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: f637832e37081462095fc4c313cb28619f1187156b4f27c4eb03fc34417066b8
            • Instruction ID: bdeb541d65563dbf3843d561823a0d03db04d17ae08eae926b0fd652d3f4c629
            • Opcode Fuzzy Hash: f637832e37081462095fc4c313cb28619f1187156b4f27c4eb03fc34417066b8
            • Instruction Fuzzy Hash: 3790023220140402D10475985408646101597E0301F55D151B5028556EC76589A27232
            Function 01B22CF0 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: cfb7ab845b35aab08d8b9b9ce47338d1b6aa5f8f4cde962ea150796324d964a9
            • Instruction ID: f7b9ab3e70c8b7a60a17e675df2b06a5eaeee4cc6f91a1e52aa7923af12f5dfb
            • Opcode Fuzzy Hash: cfb7ab845b35aab08d8b9b9ce47338d1b6aa5f8f4cde962ea150796324d964a9
            • Instruction Fuzzy Hash: 0790023220140403D10471585508707101597D0201F55D551B0428559DD75689627222
            Function 01B22CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 442af0a9fd6463e0d2bb60bb414f49993d0414ac600bde3deb397f0cefa08873
            • Instruction ID: 1072b6ece04fdfaeb377232ae08b98612ad458d5c8cdb443718d3ba2108f9e2a
            • Opcode Fuzzy Hash: 442af0a9fd6463e0d2bb60bb414f49993d0414ac600bde3deb397f0cefa08873
            • Instruction Fuzzy Hash: 9F90022260540402D14471585418706102597D0201F55D151B0028555DC7598B6677A2
            Function 01B22C70 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: f1c84731aff29ebb19d22fcec0f4cec9882bccb378c3d58c4a87674aa15e78d1
            • Instruction ID: eeab91dfb6e7bf586528a0ea087d40ac04b9d68c9686ec0e5fcb81cdcf741dd5
            • Opcode Fuzzy Hash: f1c84731aff29ebb19d22fcec0f4cec9882bccb378c3d58c4a87674aa15e78d1
            • Instruction Fuzzy Hash: F790023220148802D1147158840474A101597D0301F59C551B4428659DC79589A27222
            Function 01B22C60 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 06289d3e79050607d98d14d84286782f1cbdb6493537fc3810735a3d5a9c3b2c
            • Instruction ID: a30294611abe381d3ae07ea00b75c35eaacbbf042c2bd5cfb6b278cdd40c608c
            • Opcode Fuzzy Hash: 06289d3e79050607d98d14d84286782f1cbdb6493537fc3810735a3d5a9c3b2c
            • Instruction Fuzzy Hash: EF90023220140842D10471584404B46101597E0301F55C156B0128655DC715C9627622
            Function 01B22FB0 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 4baf5d3d9132d87f1da337c79627da904806e0aca31e8342e1c0d9313bc7a379
            • Instruction ID: 93186ba6c120df5e95e92a2d5a582a9cb56d555e53fe58c69b96ad689a36dcd0
            • Opcode Fuzzy Hash: 4baf5d3d9132d87f1da337c79627da904806e0aca31e8342e1c0d9313bc7a379
            • Instruction Fuzzy Hash: 47900222601400424144716888449065015BBE1211755C261B099C551DC65989766766
            Function 01B22FA0 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: d27f20e100c20c7d6564f6ff4921e2b05ae6f3b677f4d59c990ba851faf023c6
            • Instruction ID: acafc8722058cf663d4a11ce3efabe4d2dd1f83d6f6fc12a2cc921d360ad41dc
            • Opcode Fuzzy Hash: d27f20e100c20c7d6564f6ff4921e2b05ae6f3b677f4d59c990ba851faf023c6
            • Instruction Fuzzy Hash: 5090023220180402D10471584808747101597D0302F55C151B5168556EC765C9A27632
            Function 01B22F90 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: f7b96ee77fd0c623b333daa60c47a15352562c06039b9ef4d3a523bb1e4c5e21
            • Instruction ID: 13a231b0c711f74d00e886756f56495681cd98f1c754d9d3792257387f44c68a
            • Opcode Fuzzy Hash: f7b96ee77fd0c623b333daa60c47a15352562c06039b9ef4d3a523bb1e4c5e21
            • Instruction Fuzzy Hash: 0690023220180402D1047158481470B101597D0302F55C151B1168556DC72589627672
            Function 01B22FE0 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 424891b16fe4e5d65d92bc4dba33008686dc840ef040ade28aac799f47ced5ad
            • Instruction ID: 590b7f987b3ebb5f91cf107c39a1c1f649a8272244fa37929daafcf90d046f5c
            • Opcode Fuzzy Hash: 424891b16fe4e5d65d92bc4dba33008686dc840ef040ade28aac799f47ced5ad
            • Instruction Fuzzy Hash: BE900222211C0042D20475684C14B07101597D0303F55C255B0158555CCA1589726622
            Function 01B22F30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 9ed3416cdf04756add4aae1141bc7f1168a59e031c05cd9555adfafc520a6822
            • Instruction ID: 247e292533e1cfa7c0ba133372b0314cb8c44b4438ac25b58bd7117fda443358
            • Opcode Fuzzy Hash: 9ed3416cdf04756add4aae1141bc7f1168a59e031c05cd9555adfafc520a6822
            • Instruction Fuzzy Hash: 3890026234140442D10471584414B061015D7E1301F55C155F1068555DC719CD637227
            Function 01B22F60 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: d2a8050f58fa6412c12a0cc0ad845e8f70f2a29f7645e3edda4d4b6275e38b59
            • Instruction ID: 80490f6db33520b25f810aecfe66fffc5724b22b545c6f7a09594bca8a1349f0
            • Opcode Fuzzy Hash: d2a8050f58fa6412c12a0cc0ad845e8f70f2a29f7645e3edda4d4b6275e38b59
            • Instruction Fuzzy Hash: 2C90026221140042D10871584404706105597E1201F55C152B2158555CC6298D726226
            Function 01B22EA0 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 330d9d2eeba31e07b728dfc2b71e138913136fd1cb7864ac9c339a7911376521
            • Instruction ID: 0c0e2193087dc249d88df9b380cf384f9309d26fc43f49c3d12efd15d3b27ed5
            • Opcode Fuzzy Hash: 330d9d2eeba31e07b728dfc2b71e138913136fd1cb7864ac9c339a7911376521
            • Instruction Fuzzy Hash: 4890027220140402D14471584404746101597D0301F55C151B5068555EC7598EE67766
            Function 01B22E80 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: e903f19354fef174f57dc527fdf38d2088db9b11f3ddad94496f31458775c091
            • Instruction ID: 02d12b2a21dbb64f523e60de0ac3202824f24f0104e6dcb4b2b64fd3a9e472d2
            • Opcode Fuzzy Hash: e903f19354fef174f57dc527fdf38d2088db9b11f3ddad94496f31458775c091
            • Instruction Fuzzy Hash: E090022260140502D10571584404616101A97D0241F95C162B1028556ECB258AA3B232
            Function 01B22EE0 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 735d3ce16d44702d20a33272ab24a79909315c58a2ff99328d90de16002782ac
            • Instruction ID: b8c6db8d648999ad48eef2f7f9b726e447922ea768a6975ec399eab53a4920fd
            • Opcode Fuzzy Hash: 735d3ce16d44702d20a33272ab24a79909315c58a2ff99328d90de16002782ac
            • Instruction Fuzzy Hash: B990026220180403D14475584804607101597D0302F55C151B2068556ECB298D627236
            Function 01B22E30 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: f55a9296d72d9e6368c60462cacb31193dd89119b3cc82cb78af7e4a952c4fff
            • Instruction ID: 4e2b2875ba49364fc1cabad4d63098d1c727d682e328346453de54cbbfab6233
            • Opcode Fuzzy Hash: f55a9296d72d9e6368c60462cacb31193dd89119b3cc82cb78af7e4a952c4fff
            • Instruction Fuzzy Hash: D490022230140402D106715844146061019D7D1345F95C152F1428556DC7258A63B233
            Function 01B23090 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 9b2636456708d9baf6f39e90f067fb9eaba36aa4bd408b041f638c64ffa04d39
            • Instruction ID: ffb2ec67171d04b7816fc11b582e78d53ec4363ad5086d981b22bb7149e6e034
            • Opcode Fuzzy Hash: 9b2636456708d9baf6f39e90f067fb9eaba36aa4bd408b041f638c64ffa04d39
            • Instruction Fuzzy Hash: 2290022224140802D144715884147071016D7D0601F55C151B0028555DC7168A7677B2
            Function 01B23010 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: adddd87e449875c884630b8c600407bbec8aaa264e274c4f3e326638bfffbd83
            • Instruction ID: 8a7ce60e11a86db7c27f07192ad5e6792bd8dc0f413a87d7fed4420c8bfd2fbc
            • Opcode Fuzzy Hash: adddd87e449875c884630b8c600407bbec8aaa264e274c4f3e326638bfffbd83
            • Instruction Fuzzy Hash: F690022220184442D14472584804B0F511597E1202F95C159B415A555CCA1589666722
            Function 01B235C0 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 26bc104c857ab2c698642119c88a3205bcb587578b9afe21c90315a84513e16f
            • Instruction ID: 99ef2629bbc1cbae4e37519050fba3b907dddb3942a29a040de21e279f22ffea
            • Opcode Fuzzy Hash: 26bc104c857ab2c698642119c88a3205bcb587578b9afe21c90315a84513e16f
            • Instruction Fuzzy Hash: CF90023260550402D10471584514706201597D0201F65C551B0428569DC7958A6276A3
            Function 01B239B0 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: a04eacf8a9efbab479c2656e914fdf6e06b222399a116198e78ab0ab18401280
            • Instruction ID: c6a736466fa88f76705be5dd8be764898f744a4b2b8d8e300468a4f90640e896
            • Opcode Fuzzy Hash: a04eacf8a9efbab479c2656e914fdf6e06b222399a116198e78ab0ab18401280
            • Instruction Fuzzy Hash: 6790022224545102D154715C44046165015B7E0201F55C161B0818595DC65589667322
            Function 01B23D10 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: d7fecdad6c6655a5651b338e8c05be447d79c3b1d8853b6a932562f83c9fd7f7
            • Instruction ID: 643feb006fc69785f0f8ba6158f4960523f04f28c86edcc08245dae33d958cf0
            • Opcode Fuzzy Hash: d7fecdad6c6655a5651b338e8c05be447d79c3b1d8853b6a932562f83c9fd7f7
            • Instruction Fuzzy Hash: B890023220240142954472585804A4E511597E1302B95D555B0019555CCA1489726322
            Function 01B23D70 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 7e8daf313610d5aae1accb48f83d6cc88819cf2d6a591f291863b9c828e08a33
            • Instruction ID: 3cf5d9e17cf35f22b5f28a8d4c365cfe6c0b76220471320893e54bd4447fdc0a
            • Opcode Fuzzy Hash: 7e8daf313610d5aae1accb48f83d6cc88819cf2d6a591f291863b9c828e08a33
            • Instruction Fuzzy Hash: A490023620140402D51471585804646105697D0301F55D551B0428559DC75489B2B222
            Function 01B22C00 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
            • Instruction ID: e54ea96a8b460a914a18cc782afbe78a08d3c0825cd5620af243e31db76c17da
            • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
            • Instruction Fuzzy Hash:
            Function 01B22890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
            Download Yara Rule
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID: ___swprintf_l
            • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
            • API String ID: 48624451-2108815105
            • Opcode ID: dc57e807f1313325c36aea4eb774ed82af44e58734bd18916ca12f197ee3b817
            • Instruction ID: 8418380db393a74f3906b0d9dff07dc222f69766bbd0569e2de2d460a24875b1
            • Opcode Fuzzy Hash: dc57e807f1313325c36aea4eb774ed82af44e58734bd18916ca12f197ee3b817
            • Instruction Fuzzy Hash: C451E6B5A00126BFCF29DBAC889097EFBB8FF4824075482E9F469D7641D374DE1487A0
            Function 01B92410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
            Download Yara Rule
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID: ___swprintf_l
            • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
            • API String ID: 48624451-2108815105
            • Opcode ID: ed6a1f6cc3de43ec79ed42dddffcd491b6c38c9d7122f72f6e301a232d74a1f5
            • Instruction ID: 448af45757ba40d990fedf210538e10c21add7a11fc360c96b735cf19b41710c
            • Opcode Fuzzy Hash: ed6a1f6cc3de43ec79ed42dddffcd491b6c38c9d7122f72f6e301a232d74a1f5
            • Instruction Fuzzy Hash: 9751E3B5E00646BEDF28DF9DC89097EBBF8EF44200B0484E9E596D7682E774DA418760
            Function 01B17630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
            Download Yara Rule
            Strings
            • CLIENT(ntdll): Processing section info %ws..., xrefs: 01B54787
            • Execute=1, xrefs: 01B54713
            • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 01B546FC
            • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 01B54655
            • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 01B54742
            • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 01B54725
            • ExecuteOptions, xrefs: 01B546A0
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
            • API String ID: 0-484625025
            • Opcode ID: e4cf51b815a4156496500e2324d1c4f05089a2f3608903d165fb1232b6cc5fbc
            • Instruction ID: 922aa45e62213da2a236d8575ee3aac69e2cf653dafb2fc4be2c81e332ab0229
            • Opcode Fuzzy Hash: e4cf51b815a4156496500e2324d1c4f05089a2f3608903d165fb1232b6cc5fbc
            • Instruction Fuzzy Hash: 5B514A3160021ABAEF19ABA9EC99FBD77B8EF14700F4504DDF605A7181EF709A458F50
            Function 01BB6940 Relevance: 9.4, APIs: 6, Instructions: 416COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
            • Instruction ID: 3067faa46e504b6a7c4357d170e0026d2cc9f0af8e10075eb8a56856f52e8177
            • Opcode Fuzzy Hash: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
            • Instruction Fuzzy Hash: 59022771508342AFD709CF18C490AAFBBE5EFC8700F048AADF9898B654DB71E945CB42
            Function 01B2B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
            Download Yara Rule
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID: __aulldvrm
            • String ID: +$-$0$0
            • API String ID: 1302938615-699404926
            • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
            • Instruction ID: 0f8af2e2c36f6fd6f240560d208d36443d5184771671c57854d07ebec186ad24
            • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
            • Instruction Fuzzy Hash: 2D81D430E152698EEF2D8E6CC6507FEBBB1EF45310F184699E869A7291CF748848CB51
            Function 01B920E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
            Download Yara Rule
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID: ___swprintf_l
            • String ID: %%%u$[$]:%u
            • API String ID: 48624451-2819853543
            • Opcode ID: 884d8c985d7c4a8858099bcda38712dc6da1cb5ac295f8fc3ef59135ad7216cc
            • Instruction ID: b976687a7d8ce9a665310f513604b4315b057ef309863b366b17dc5144b037fa
            • Opcode Fuzzy Hash: 884d8c985d7c4a8858099bcda38712dc6da1cb5ac295f8fc3ef59135ad7216cc
            • Instruction Fuzzy Hash: BB2167BAE00129ABDF14DF79DC41AEEBBF8EF54650F0501A5E905D3201E730D9168B91
            Function 01B0F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
            Download Yara Rule
            Strings
            • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 01B502BD
            • RTL: Re-Waiting, xrefs: 01B5031E
            • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 01B502E7
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
            • API String ID: 0-2474120054
            • Opcode ID: 5152647701311b484466b5ab9988a33efbf554a2027b375055647d19d2f2be44
            • Instruction ID: d7a79eed7fa5632b368bb67acb068780d5f08bd0065b9e0af41020fdbbb6c2ed
            • Opcode Fuzzy Hash: 5152647701311b484466b5ab9988a33efbf554a2027b375055647d19d2f2be44
            • Instruction Fuzzy Hash: A7E1AF306047419FDB6ADF28C884B2ABBE0FB88714F140A9DF9A5CB2E1D775D945CB42
            Function 01B1BED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
            Download Yara Rule
            Strings
            • RTL: Re-Waiting, xrefs: 01B57BAC
            • RTL: Resource at %p, xrefs: 01B57B8E
            • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 01B57B7F
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
            • API String ID: 0-871070163
            • Opcode ID: 2f3bffb12c8d6d015381280f60f37d8be02adec2bbdecec3a591fea20a8f6b25
            • Instruction ID: 738b9c02bf787219370627c05721c61712317dac0b0ba257873a256f13a5ed47
            • Opcode Fuzzy Hash: 2f3bffb12c8d6d015381280f60f37d8be02adec2bbdecec3a591fea20a8f6b25
            • Instruction Fuzzy Hash: 6A41F3317007029FDB28DF29D950B6AB7E5FF98710F500A9DFA5ADB680DB31E8058B91
            Function 01B1B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
            Download Yara Rule
            APIs
            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01B5728C
            Strings
            • RTL: Re-Waiting, xrefs: 01B572C1
            • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 01B57294
            • RTL: Resource at %p, xrefs: 01B572A3
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
            • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
            • API String ID: 885266447-605551621
            • Opcode ID: 05156a6df70a28b01dfd5ed67894df5e0caa76ea769645e473d37730bd108d21
            • Instruction ID: 96f654b0becb2ec6dd490d4b706ae6e331a4fbc5852692b91999778d688461c7
            • Opcode Fuzzy Hash: 05156a6df70a28b01dfd5ed67894df5e0caa76ea769645e473d37730bd108d21
            • Instruction Fuzzy Hash: 5D411231740206ABDB28DF2ACC41B66B7A5FB95710F50469CFD55EB240DB31E8068BD1
            Function 01B92300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
            Download Yara Rule
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID: ___swprintf_l
            • String ID: %%%u$]:%u
            • API String ID: 48624451-3050659472
            • Opcode ID: c62fdb2e0c0d46e543301a54ac933321886d5553704ff6341f07e0b7bc8fd553
            • Instruction ID: 25fd7bdf3fc970960fca7b8105d3495fa14975b2606fbad21f42cd0cfc17c6f0
            • Opcode Fuzzy Hash: c62fdb2e0c0d46e543301a54ac933321886d5553704ff6341f07e0b7bc8fd553
            • Instruction Fuzzy Hash: F3318872A00519AFDF24DE2DDC81BEE77F8FF54610F4445E5E949D3240EB309A458BA0
            Function 01B27D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
            Download Yara Rule
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID: __aulldvrm
            • String ID: +$-
            • API String ID: 1302938615-2137968064
            • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
            • Instruction ID: dfba5a15fbebe8ebd66c2cb548123cd35d3b344f908b561c86bfae39166c896f
            • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
            • Instruction Fuzzy Hash: 97910970E042768BDF2CEF5DC881ABE7BA5EF54320F144699E91DA72C0DF3489488765
            Function 01AE9126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: $$@
            • API String ID: 0-1194432280
            • Opcode ID: 9421c366b0ce34dd78a38e34cd02433e92c23d11cd0db9991f5a67a24e47740c
            • Instruction ID: a917c8410547d6fa205084f3dc1fd20fa67b9a1c14b5012e25ccf70e26e49492
            • Opcode Fuzzy Hash: 9421c366b0ce34dd78a38e34cd02433e92c23d11cd0db9991f5a67a24e47740c
            • Instruction Fuzzy Hash: 0C811A71D002699BDB35DF54DC44BEABBB4AB48754F0041EAEA1DB7280E7709E84DFA0
            Function 01B6CEA0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 134COMMON
            Download Yara Rule
            APIs
            • @_EH4_CallFilterFunc@8.LIBCMT ref: 01B6CFBD
            Strings
            Memory Dump Source
            • Source File: 00000008.00000002.2205342045.0000000001AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AB0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_8_2_1ab0000_SecuriteInfo.jbxd
            Similarity
            • API ID: CallFilterFunc@8
            • String ID: @$@4Cw@4Cw
            • API String ID: 4062629308-3101775584
            • Opcode ID: a44c183d2ada68c2f4d858e50d5fa689fc5737b84bb7adc6fb12dbead7db170e
            • Instruction ID: 59b21f93a24e957397a1038bff9fd7a2f72ec0b62c5a5390bafda59cd46adb12
            • Opcode Fuzzy Hash: a44c183d2ada68c2f4d858e50d5fa689fc5737b84bb7adc6fb12dbead7db170e
            • Instruction Fuzzy Hash: 3941A4B1A00215DFCB299FD9C950A6DBBF8FF68740F0041AEEA45DB265E778C805CB61