Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe

Overview

General Information

Sample name:SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe
Analysis ID:1544699
MD5:9b8a71b09ca89696e15256d79a7b5d09
SHA1:dfaaf3c9526984ba92ce288e2e39914f4eb059aa
SHA256:cc97cd2834a545c6f4e89aea88a758f9fd880586f55d21dda5c8dd2017ed689b
Tags:exeFormbook
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected AntiVM3
Yara detected FormBook
.NET source code contains potential unpacker
AI detected suspicious sample
Adds a directory exclusion to Windows Defender
Injects a PE file into a foreign processes
Loading BitLocker PowerShell Module
Machine Learning detection for sample
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
AV process strings found (often used to terminate AV products)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: Powershell Defender Exclusion
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe (PID: 7296 cmdline: "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe" MD5: 9B8A71B09CA89696E15256D79A7B5D09)
    • powershell.exe (PID: 7480 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 7496 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • WmiPrvSE.exe (PID: 7648 cmdline: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding MD5: 60FF40CFD7FB8FE41EE4FE9AE5FE1C51)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000004.00000002.2323640935.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000004.00000002.2323640935.0000000000400000.00000040.00000400.00020000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x2f663:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0x17712:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    Process Memory Space: SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe PID: 7296JoeSecurity_AntiVM_3Yara detected AntiVM_3Joe Security

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      4.2.SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        4.2.SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe.400000.0.raw.unpackWindows_Trojan_Formbook_1112e116unknownunknown
        • 0x2f663:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
        • 0x17712:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
        4.2.SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          4.2.SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe.400000.0.unpackWindows_Trojan_Formbook_1112e116unknownunknown
          • 0x2e863:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
          • 0x16912:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01

          Sigma Signatures

          System Summary

          barindex
          Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
          Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe", ParentImage: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe, ParentProcessId: 7296, ParentProcessName: SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe", ProcessId: 7480, ProcessName: powershell.exe
          Sigma detected: Powershell Defender Exclusion
          Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe", ParentImage: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe, ParentProcessId: 7296, ParentProcessName: SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe", ProcessId: 7480, ProcessName: powershell.exe
          Sigma detected: Non Interactive PowerShell Process Spawned
          Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe", ParentImage: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe, ParentProcessId: 7296, ParentProcessName: SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe", ProcessId: 7480, ProcessName: powershell.exe

          Suricata Signatures

          No Suricata rule has matched

          Joe Sandbox Signatures

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Multi AV Scanner detection for submitted file
          Source: SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeReversingLabs: Detection: 42%
          Yara detected FormBook
          Source: Yara matchFile source: 4.2.SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.2.SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000004.00000002.2323640935.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          AI detected suspicious sample
          Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
          Machine Learning detection for sample
          Source: SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeJoe Sandbox ML: detected
          Source: SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
          Source: SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
          Source: Binary string: wntdll.pdbUGP source: SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe, 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp
          Source: Binary string: wntdll.pdb source: SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe, SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe, 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp
          Source: SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe, 00000000.00000002.2155081651.00000000026C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
          Source: Amcache.hve.10.drString found in binary or memory: http://upx.sf.net

          E-Banking Fraud

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 4.2.SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.2.SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000004.00000002.2323640935.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY

          System Summary

          barindex
          Malicious sample detected (through community Yara rule)
          Source: 4.2.SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 4.2.SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000004.00000002.2323640935.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 0_2_06A13B8C NtQueryInformationProcess,0_2_06A13B8C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 0_2_06A18C00 NtQueryInformationProcess,0_2_06A18C00
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0042C923 NtClose,4_2_0042C923
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011E2DF0 NtQuerySystemInformation,LdrInitializeThunk,4_2_011E2DF0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011E4340 NtSetContextThread,4_2_011E4340
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011E4650 NtSuspendThread,4_2_011E4650
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011E2B60 NtClose,4_2_011E2B60
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011E2B80 NtQueryInformationFile,4_2_011E2B80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011E2BA0 NtEnumerateValueKey,4_2_011E2BA0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011E2BF0 NtAllocateVirtualMemory,4_2_011E2BF0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011E2BE0 NtQueryValueKey,4_2_011E2BE0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011E2AB0 NtWaitForSingleObject,4_2_011E2AB0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011E2AD0 NtReadFile,4_2_011E2AD0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011E2AF0 NtWriteFile,4_2_011E2AF0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011E2D10 NtMapViewOfSection,4_2_011E2D10
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011E2D00 NtSetInformationFile,4_2_011E2D00
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011E2D30 NtUnmapViewOfSection,4_2_011E2D30
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011E2DB0 NtEnumerateKey,4_2_011E2DB0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011E2DD0 NtDelayExecution,4_2_011E2DD0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011E2C00 NtQueryInformationProcess,4_2_011E2C00
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011E2C70 NtFreeVirtualMemory,4_2_011E2C70
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011E2C60 NtCreateKey,4_2_011E2C60
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011E2CA0 NtQueryInformationToken,4_2_011E2CA0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011E2CC0 NtQueryVirtualMemory,4_2_011E2CC0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011E2CF0 NtOpenProcess,4_2_011E2CF0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011E2F30 NtCreateSection,4_2_011E2F30
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011E2F60 NtCreateProcessEx,4_2_011E2F60
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011E2F90 NtProtectVirtualMemory,4_2_011E2F90
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011E2FB0 NtResumeThread,4_2_011E2FB0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011E2FA0 NtQuerySection,4_2_011E2FA0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011E2FE0 NtCreateFile,4_2_011E2FE0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011E2E30 NtWriteVirtualMemory,4_2_011E2E30
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011E2E80 NtReadVirtualMemory,4_2_011E2E80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011E2EA0 NtAdjustPrivilegesToken,4_2_011E2EA0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011E2EE0 NtQueueApcThread,4_2_011E2EE0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011E3010 NtOpenDirectoryObject,4_2_011E3010
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011E3090 NtSetValueKey,4_2_011E3090
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011E35C0 NtCreateMutant,4_2_011E35C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011E39B0 NtGetContextThread,4_2_011E39B0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011E3D10 NtOpenProcessToken,4_2_011E3D10
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011E3D70 NtOpenThread,4_2_011E3D70
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 0_2_0236D3C40_2_0236D3C4
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 0_2_0670E1000_2_0670E100
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 0_2_0670E7D80_2_0670E7D8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 0_2_0670E0FC0_2_0670E0FC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 0_2_06A1E4B00_2_06A1E4B0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 0_2_06A15EF20_2_06A15EF2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 0_2_06A14C210_2_06A14C21
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 0_2_06A1A7880_2_06A1A788
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 0_2_06A1A7780_2_06A1A778
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 0_2_06A1E4A10_2_06A1E4A1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 0_2_06A184D80_2_06A184D8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 0_2_06A180180_2_06A18018
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 0_2_06A18D880_2_06A18D88
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 0_2_06A1AA100_2_06A1AA10
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 0_2_06A17BE00_2_06A17BE0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 0_2_06A17BD00_2_06A17BD0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 0_2_06A1A9FF0_2_06A1A9FF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 0_2_06B069200_2_06B06920
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 0_2_06B02BE00_2_06B02BE0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 0_2_06B00C980_2_06B00C98
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 0_2_06B014F80_2_06B014F8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 0_2_06B010D00_2_06B010D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 0_2_06B019310_2_06B01931
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 0_2_06B015080_2_06B01508
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 0_2_06B019400_2_06B01940
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_004101034_2_00410103
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_004029214_2_00402921
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_004029304_2_00402930
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_004011C04_2_004011C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_004031A04_2_004031A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_00416A7E4_2_00416A7E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_00416A834_2_00416A83
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_004103234_2_00410323
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0040E3A34_2_0040E3A3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0040E4E74_2_0040E4E7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_004026004_2_00402600
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0042EF534_2_0042EF53
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011A01004_2_011A0100
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0124A1184_2_0124A118
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_012381584_2_01238158
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_012641A24_2_012641A2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_012701AA4_2_012701AA
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_012681CC4_2_012681CC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_012420004_2_01242000
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0126A3524_2_0126A352
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_012703E64_2_012703E6
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011BE3F04_2_011BE3F0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_012502744_2_01250274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_012302C04_2_012302C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011B05354_2_011B0535
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_012705914_2_01270591
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_012544204_2_01254420
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_012624464_2_01262446
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0125E4F64_2_0125E4F6
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011D47504_2_011D4750
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011B07704_2_011B0770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011AC7C04_2_011AC7C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011CC6E04_2_011CC6E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011C69624_2_011C6962
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0127A9A64_2_0127A9A6
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011B29A04_2_011B29A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011BA8404_2_011BA840
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011B28404_2_011B2840
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011968B84_2_011968B8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011DE8F04_2_011DE8F0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0126AB404_2_0126AB40
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_01266BD74_2_01266BD7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011AEA804_2_011AEA80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011BAD004_2_011BAD00
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0124CD1F4_2_0124CD1F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011C8DBF4_2_011C8DBF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011AADE04_2_011AADE0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011B0C004_2_011B0C00
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_01250CB54_2_01250CB5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011A0CF24_2_011A0CF2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_01252F304_2_01252F30
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011D0F304_2_011D0F30
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011F2F284_2_011F2F28
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_01224F404_2_01224F40
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0122EFA04_2_0122EFA0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011A2FC84_2_011A2FC8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011BCFE04_2_011BCFE0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0126EE264_2_0126EE26
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011B0E594_2_011B0E59
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011C2E904_2_011C2E90
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0126CE934_2_0126CE93
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0126EEDB4_2_0126EEDB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0127B16B4_2_0127B16B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0119F1724_2_0119F172
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011E516C4_2_011E516C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011BB1B04_2_011BB1B0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0126F0E04_2_0126F0E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_012670E94_2_012670E9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011B70C04_2_011B70C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0125F0CC4_2_0125F0CC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0126132D4_2_0126132D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0119D34C4_2_0119D34C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011F739A4_2_011F739A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011B52A04_2_011B52A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_012512ED4_2_012512ED
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011CB2C04_2_011CB2C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_012675714_2_01267571
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0124D5B04_2_0124D5B0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_012795C34_2_012795C3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0126F43F4_2_0126F43F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011A14604_2_011A1460
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0126F7B04_2_0126F7B0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011F56304_2_011F5630
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_012616CC4_2_012616CC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_012459104_2_01245910
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011B99504_2_011B9950
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011CB9504_2_011CB950
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0121D8004_2_0121D800
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011B38E04_2_011B38E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0126FB764_2_0126FB76
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011CFB804_2_011CFB80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_01225BF04_2_01225BF0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011EDBF94_2_011EDBF9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_01223A6C4_2_01223A6C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_01267A464_2_01267A46
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0126FA494_2_0126FA49
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_01251AA34_2_01251AA3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0124DAAC4_2_0124DAAC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011F5AA04_2_011F5AA0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0125DAC64_2_0125DAC6
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_01267D734_2_01267D73
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011B3D404_2_011B3D40
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_01261D5A4_2_01261D5A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011CFDC04_2_011CFDC0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_01229C324_2_01229C32
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0126FCF24_2_0126FCF2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0126FF094_2_0126FF09
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011B1F924_2_011B1F92
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0126FFB14_2_0126FFB1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_01173FD54_2_01173FD5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_01173FD24_2_01173FD2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011B9EB04_2_011B9EB0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: String function: 0122F290 appears 105 times
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: String function: 0119B970 appears 280 times
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: String function: 011E5130 appears 58 times
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: String function: 0121EA12 appears 86 times
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: String function: 011F7E54 appears 111 times
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7488 -s 196
          Source: SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe, 00000000.00000002.2174410924.000000000AFE0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe
          Source: SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe, 00000000.00000000.2120365618.00000000000EE000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameryFh.exe4 vs SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe
          Source: SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe, 00000000.00000002.2150614616.000000000070E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe
          Source: SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe, 00000004.00000002.2324721299.000000000129D000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe
          Source: SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeBinary or memory string: OriginalFilenameryFh.exe4 vs SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe
          Source: SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
          Source: 4.2.SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 4.2.SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000004.00000002.2323640935.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: 0.2.SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe.3f11ec0.1.raw.unpack, Y0QMpp7GltVGNGcM2H.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
          Source: 0.2.SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe.afe0000.3.raw.unpack, VNF4MWeh92ShIOP8do.csSecurity API names: _0020.SetAccessControl
          Source: 0.2.SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe.afe0000.3.raw.unpack, VNF4MWeh92ShIOP8do.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
          Source: 0.2.SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe.afe0000.3.raw.unpack, VNF4MWeh92ShIOP8do.csSecurity API names: _0020.AddAccessRule
          Source: 0.2.SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe.afe0000.3.raw.unpack, Y0QMpp7GltVGNGcM2H.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
          Source: 0.2.SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe.3f99ee0.0.raw.unpack, Y0QMpp7GltVGNGcM2H.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
          Source: 0.2.SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe.3f99ee0.0.raw.unpack, VNF4MWeh92ShIOP8do.csSecurity API names: _0020.SetAccessControl
          Source: 0.2.SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe.3f99ee0.0.raw.unpack, VNF4MWeh92ShIOP8do.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
          Source: 0.2.SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe.3f99ee0.0.raw.unpack, VNF4MWeh92ShIOP8do.csSecurity API names: _0020.AddAccessRule
          Source: 0.2.SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe.3f11ec0.1.raw.unpack, VNF4MWeh92ShIOP8do.csSecurity API names: _0020.SetAccessControl
          Source: 0.2.SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe.3f11ec0.1.raw.unpack, VNF4MWeh92ShIOP8do.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
          Source: 0.2.SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe.3f11ec0.1.raw.unpack, VNF4MWeh92ShIOP8do.csSecurity API names: _0020.AddAccessRule
          Source: classification engineClassification label: mal100.troj.evad.winEXE@8/11@0/0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe.logJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
          Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7488
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7496:120:WilError_03
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_kdo5bcnf.dck.ps1Jump to behavior
          Source: SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeReversingLabs: Detection: 42%
          Source: unknownProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe"
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe"
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe"
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7488 -s 196
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe"Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe"Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeSection loaded: mscoree.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeSection loaded: apphelp.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeSection loaded: version.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeSection loaded: profapi.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeSection loaded: cryptsp.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeSection loaded: rsaenh.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeSection loaded: cryptbase.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeSection loaded: dwrite.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeSection loaded: windowscodecs.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeSection loaded: userenv.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeSection loaded: msasn1.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeSection loaded: gpapi.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeSection loaded: textshaping.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeSection loaded: iconcodecservice.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeSection loaded: propsys.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeSection loaded: edputil.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeSection loaded: urlmon.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeSection loaded: iertutil.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeSection loaded: srvcli.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeSection loaded: netutils.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeSection loaded: windows.staterepositoryps.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeSection loaded: sspicli.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeSection loaded: wintypes.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeSection loaded: appresolver.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeSection loaded: bcp47langs.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeSection loaded: slc.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeSection loaded: sppc.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeSection loaded: onecorecommonproxystub.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
          Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: fastprox.dllJump to behavior
          Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: ncobjapi.dllJump to behavior
          Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dllJump to behavior
          Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dllJump to behavior
          Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mpclient.dllJump to behavior
          Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: userenv.dllJump to behavior
          Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: version.dllJump to behavior
          Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: msasn1.dllJump to behavior
          Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wmitomi.dllJump to behavior
          Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mi.dllJump to behavior
          Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dllJump to behavior
          Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dllJump to behavior
          Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: gpapi.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
          Source: Window RecorderWindow detected: More than 3 window changes detected
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
          Source: SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
          Source: SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
          Source: Binary string: wntdll.pdbUGP source: SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe, 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp
          Source: Binary string: wntdll.pdb source: SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe, SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe, 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp

          Data Obfuscation

          barindex
          .NET source code contains potential unpacker
          Source: 0.2.SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe.afe0000.3.raw.unpack, VNF4MWeh92ShIOP8do.cs.Net Code: YpirbxuScY System.Reflection.Assembly.Load(byte[])
          Source: 0.2.SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe.3f99ee0.0.raw.unpack, VNF4MWeh92ShIOP8do.cs.Net Code: YpirbxuScY System.Reflection.Assembly.Load(byte[])
          Source: 0.2.SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe.66d0000.2.raw.unpack, Uo.cs.Net Code: _202A_202E_206E_206A_202B_206A_200E_200D_206F_200D_200C_200B_206E_202C_202B_200E_206A_202D_202A_202C_202E_206B_202C_202E_202D_206F_206C_200E_202D_206B_202D_206D_202A_200C_200C_200B_200C_202B_200D_202E_202E System.Reflection.Assembly.Load(byte[])
          Source: 0.2.SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe.3f11ec0.1.raw.unpack, VNF4MWeh92ShIOP8do.cs.Net Code: YpirbxuScY System.Reflection.Assembly.Load(byte[])
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 0_2_0236F550 pushfd ; iretd 0_2_0236F551
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 0_2_04A79A27 push eax; mov dword ptr [esp], ecx0_2_04A79A3C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 0_2_04A79A38 push eax; mov dword ptr [esp], ecx0_2_04A79A3C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 0_2_06705420 push eax; ret 0_2_06705471
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0040D8C8 push 972ADD89h; iretd 4_2_0040D8CD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0041A971 push 00000009h; ret 4_2_0041A973
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0040DA23 pushfd ; retf 4_2_0040DA27
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_00414B4D push esp; retf 4_2_00414B50
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0041EBBB push esi; ret 4_2_0041EBC4
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_00403420 push eax; ret 4_2_00403422
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0041AD97 push ecx; iretd 4_2_0041AD9E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0040559E push ss; ret 4_2_004055A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0040D67A push ss; retf 4_2_0040D68B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0117225F pushad ; ret 4_2_011727F9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011727FA pushad ; ret 4_2_011727F9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011A09AD push ecx; mov dword ptr [esp], ecx4_2_011A09B6
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0117283D push eax; iretd 4_2_01172858
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_01171368 push eax; iretd 4_2_01171369
          Source: SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeStatic PE information: section name: .text entropy: 7.742217988561948
          Source: 0.2.SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe.afe0000.3.raw.unpack, sb5O4APMHUbym2IPVG.csHigh entropy of concatenated method names: 't2wEYseYK3', 'qfqEAKCPen', 'QM5E2Q7Yfa', 'N382DORZSU', 'dmv2zbhIId', 'jNREwSRQh4', 'hwLEsqOmlw', 'nKUEhybE0e', 'tDHEL32Xo0', 'xcyErQbdv4'
          Source: 0.2.SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe.afe0000.3.raw.unpack, zOO3CtswNsC6jq7TXtK.csHigh entropy of concatenated method names: 'RhoV3WaOHM', 'z6WV5DhckA', 'QUcVb10dM2', 'OFwVKyHZPp', 'h27V8ShDP9', 'DP8VmcujZB', 'kSQV0yJYNF', 'XZuV7imZ3h', 'b7nVl7XlFm', 'OYxVG9JbuF'
          Source: 0.2.SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe.afe0000.3.raw.unpack, G9RqyIDvACLSEGupQL.csHigh entropy of concatenated method names: 'IkLVsfCWiK', 'cckVL3c6s2', 'XfAVrYfZ3j', 'YOAVYsPNiW', 'uR8Vufj2gX', 'nQDVBvW53R', 'BAkV2NGmsg', 'UqZvx51KCa', 'cKrvHQHGBS', 'Lp6vSjIVTL'
          Source: 0.2.SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe.afe0000.3.raw.unpack, Rm6b1JuHcrPRFhSGDO.csHigh entropy of concatenated method names: 'Dispose', 'MhisSS02ph', 'T3Bhn1YbKn', 'E278864FX2', 'abNsDK8grn', 'Eyjszx9QpF', 'ProcessDialogKey', 'eUahwWdTWJ', 'EQWhsQER3v', 'bh6hh99Rqy'
          Source: 0.2.SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe.afe0000.3.raw.unpack, zStm1nkMY8iMwdAk3C.csHigh entropy of concatenated method names: 'TqBoR7t3qs', 'EqZoM911ik', 'ToString', 'JFOoY0ohDG', 'Tlqoul3ZfD', 'fdDoAELde3', 'PuCoB5sH1d', 'Mgwo2fDgIP', 'rwMoEB3WF9', 'jxKoeOgpTK'
          Source: 0.2.SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe.afe0000.3.raw.unpack, YDoIkiFiqJm8mdpx11.csHigh entropy of concatenated method names: 'GZVt7q5k01', 'LnCtl1hrLy', 'A4st91qIlI', 'lI0tncky8i', 'qdJtCUXCbG', 'svxtObsZLe', 'tlLtPboewn', 'AHntjPNw05', 'D1otXEAkHq', 'Fhqtfh5XrA'
          Source: 0.2.SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe.afe0000.3.raw.unpack, ComJEZqfwaU7rZ1inN.csHigh entropy of concatenated method names: 'OrFE3mt74x', 'lAXE5uCCot', 'iYYEbbmByZ', 'JsMEKQLxSy', 'O3jE8vPMPq', 'BCyEmRmWJ6', 'tTME035GSg', 'ExhE7nDq6V', 'LNtElhbW5w', 'f1DEGSFDfY'
          Source: 0.2.SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe.afe0000.3.raw.unpack, Ap5wgMzLX2HSSE1Pjo.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'vuBVtnXrkC', 'EhuVNiMxdt', 'FRYVa8conx', 'e7UVoFfQ0G', 'pnUVvqL9Nq', 'l42VVhQKph', 'JypVJ8DJdu'
          Source: 0.2.SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe.afe0000.3.raw.unpack, VWCpvbrqAwcj2DEtrX.csHigh entropy of concatenated method names: 'wbDsE0QMpp', 'FltseVGNGc', 'riSsRD2mxX', 'kkPsMwENNt', 'BTysNboOKQ', 'QrHsaB0XTh', 'IOjbc7weOj5vC9xXwD', 'LlDjoMUlZXfEoQ94UF', 'BiTssexxp4', 'eqGsLewCYk'
          Source: 0.2.SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe.afe0000.3.raw.unpack, uMNat4sLnShqGfWtMuh.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'maWJcQM79J', 'JYlJZWoGQ0', 'HqmJdjM1UG', 'YGdJkpJKaq', 'XKLJg5q4mL', 'LNjJW5BhmH', 'JUXJxIy1sd'
          Source: 0.2.SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe.afe0000.3.raw.unpack, Y0QMpp7GltVGNGcM2H.csHigh entropy of concatenated method names: 'IQYucDfxlZ', 'H0IuZ1TgNw', 'NS1udOYeKS', 'wWnukF4QlP', 'YdsugUeWZl', 'ubXuWcdTLk', 'cucuxGkBFm', 'wSWuHg0nIE', 'dVHuSgZno3', 'hDquDKAIdM'
          Source: 0.2.SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe.afe0000.3.raw.unpack, D7kgDvliSD2mxX6kPw.csHigh entropy of concatenated method names: 'z2EAKoqbnQ', 'ScxAm13xVn', 'NO9A7BBhe3', 'f6TAlTMl4h', 'G0aANG7Qk2', 'e9oAa7m7SH', 'cp3AotqRoP', 'bp9AvGwSic', 'R87AVMYsG7', 'GcTAJWnDw6'
          Source: 0.2.SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe.afe0000.3.raw.unpack, JKQFrH9B0XTh3kpdI0.csHigh entropy of concatenated method names: 'Xmq2TFDjeq', 'y2a2uak7H0', 'FgO2ByMeKL', 'TQ12Escu5s', 'wsW2e2Cf0s', 'qAIBgArkgM', 'pV6BWEvsHR', 'ADIBx2CIDw', 'DyrBHThD1U', 'zt9BS5rd4o'
          Source: 0.2.SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe.afe0000.3.raw.unpack, abHGTecpKW7m1Dv49Y.csHigh entropy of concatenated method names: 'kLgNXGGIJ5', 'FGENiZaue8', 'l21NchMPed', 'LgKNZy6YlE', 'FLLNnyRSQp', 'YaKNQ6CMFx', 'ERoNC8NNrv', 'oX1NO1cSfR', 'YBKNIynMLC', 'zQiNP4BbgY'
          Source: 0.2.SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe.afe0000.3.raw.unpack, pWdTWJSlQWQER3vsh6.csHigh entropy of concatenated method names: 'FhCv93Y2MZ', 'Kn2vn3xgSh', 'W2LvQE2a8Y', 'aWVvCdYj3g', 'dcsvc934jh', 'NAsvOesyCj', 'Next', 'Next', 'Next', 'NextBytes'
          Source: 0.2.SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe.afe0000.3.raw.unpack, VNF4MWeh92ShIOP8do.csHigh entropy of concatenated method names: 'LwrLTMqeuP', 'H4VLYGtUem', 'J4iLup8gqM', 'qtILAr0Evy', 'hsCLBBXKmE', 'nhmL2i9br4', 'ouELEIr5Va', 'O63LesDhQl', 'Bi6L6fqOL9', 'NL1LRGvlrr'
          Source: 0.2.SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe.afe0000.3.raw.unpack, zNK8grHn7yjx9QpFTU.csHigh entropy of concatenated method names: 'tdgvYSCu3k', 'EjHvuVInPV', 'N5mvAYqeQp', 'yhevBbb9ZW', 'vhPv276E89', 'u22vE66GPi', 'KAqveeHQ1Z', 'OMhv6WWCvd', 'ASkvR66xp4', 'TthvM989sO'
          Source: 0.2.SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe.afe0000.3.raw.unpack, TvptTVAO9VZVoUhgtW.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'rV8hSUiahZ', 'w4GhDHjAV6', 'XcvhzkjeDe', 'Tg7LwEITFm', 'Q93LsnbTxg', 'h1TLhvJ2cF', 'NZMLLQQ5Ym', 'h4X49vMWkhvTT7LZR5Q'
          Source: 0.2.SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe.afe0000.3.raw.unpack, Uif3MphQZCepuUEvRk.csHigh entropy of concatenated method names: 'vGnbncngl', 'KP8K4KShg', 'Xb3mj8Vtr', 'hQ40vrjMT', 'E2xlRJCZr', 'yi1GBUKY2', 'sOh1nltbk674SMhthk', 'fLmSssAcae20rslUTC', 'pOwv9MPjf', 'NkRJfg3aW'
          Source: 0.2.SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe.afe0000.3.raw.unpack, jNNtuuGB9N5IEmTybo.csHigh entropy of concatenated method names: 'vvrB8rZa70', 'GN0B0LHwcw', 'EBpAQW4UDj', 'rnWAC1sebZ', 's5VAORqf77', 'vwbAIleA2E', 'dwvAPPegx4', 'B7YAjG6VRl', 'RtjAqvly19', 'DxxAXUfW8W'
          Source: 0.2.SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe.afe0000.3.raw.unpack, cyyLulWnJi6R3VWBI5.csHigh entropy of concatenated method names: 'IrdoHbvDVy', 'LhvoDiZyiV', 'yBNvw6YFa9', 'jtBvsSmtUK', 'jGoofpr5W4', 'YMfoikFcYj', 'fcIoFtoX85', 'SNsockpxT6', 'NXZoZCVQtl', 'CLOod0agun'
          Source: 0.2.SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe.afe0000.3.raw.unpack, YxGmixddeUtRGBcFVS.csHigh entropy of concatenated method names: 'ToString', 'wGgafwTIig', 'ASTanYuLkH', 'ubFaQtYUvh', 'S9qaC0tRjI', 'DARaOP5ew0', 'Fu8aIBoxNe', 'RVkaPYgiiV', 'J6xajLorgD', 'QGbaqr5MRn'
          Source: 0.2.SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe.3f99ee0.0.raw.unpack, sb5O4APMHUbym2IPVG.csHigh entropy of concatenated method names: 't2wEYseYK3', 'qfqEAKCPen', 'QM5E2Q7Yfa', 'N382DORZSU', 'dmv2zbhIId', 'jNREwSRQh4', 'hwLEsqOmlw', 'nKUEhybE0e', 'tDHEL32Xo0', 'xcyErQbdv4'
          Source: 0.2.SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe.3f99ee0.0.raw.unpack, zOO3CtswNsC6jq7TXtK.csHigh entropy of concatenated method names: 'RhoV3WaOHM', 'z6WV5DhckA', 'QUcVb10dM2', 'OFwVKyHZPp', 'h27V8ShDP9', 'DP8VmcujZB', 'kSQV0yJYNF', 'XZuV7imZ3h', 'b7nVl7XlFm', 'OYxVG9JbuF'
          Source: 0.2.SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe.3f99ee0.0.raw.unpack, G9RqyIDvACLSEGupQL.csHigh entropy of concatenated method names: 'IkLVsfCWiK', 'cckVL3c6s2', 'XfAVrYfZ3j', 'YOAVYsPNiW', 'uR8Vufj2gX', 'nQDVBvW53R', 'BAkV2NGmsg', 'UqZvx51KCa', 'cKrvHQHGBS', 'Lp6vSjIVTL'
          Source: 0.2.SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe.3f99ee0.0.raw.unpack, Rm6b1JuHcrPRFhSGDO.csHigh entropy of concatenated method names: 'Dispose', 'MhisSS02ph', 'T3Bhn1YbKn', 'E278864FX2', 'abNsDK8grn', 'Eyjszx9QpF', 'ProcessDialogKey', 'eUahwWdTWJ', 'EQWhsQER3v', 'bh6hh99Rqy'
          Source: 0.2.SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe.3f99ee0.0.raw.unpack, zStm1nkMY8iMwdAk3C.csHigh entropy of concatenated method names: 'TqBoR7t3qs', 'EqZoM911ik', 'ToString', 'JFOoY0ohDG', 'Tlqoul3ZfD', 'fdDoAELde3', 'PuCoB5sH1d', 'Mgwo2fDgIP', 'rwMoEB3WF9', 'jxKoeOgpTK'
          Source: 0.2.SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe.3f99ee0.0.raw.unpack, YDoIkiFiqJm8mdpx11.csHigh entropy of concatenated method names: 'GZVt7q5k01', 'LnCtl1hrLy', 'A4st91qIlI', 'lI0tncky8i', 'qdJtCUXCbG', 'svxtObsZLe', 'tlLtPboewn', 'AHntjPNw05', 'D1otXEAkHq', 'Fhqtfh5XrA'
          Source: 0.2.SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe.3f99ee0.0.raw.unpack, ComJEZqfwaU7rZ1inN.csHigh entropy of concatenated method names: 'OrFE3mt74x', 'lAXE5uCCot', 'iYYEbbmByZ', 'JsMEKQLxSy', 'O3jE8vPMPq', 'BCyEmRmWJ6', 'tTME035GSg', 'ExhE7nDq6V', 'LNtElhbW5w', 'f1DEGSFDfY'
          Source: 0.2.SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe.3f99ee0.0.raw.unpack, Ap5wgMzLX2HSSE1Pjo.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'vuBVtnXrkC', 'EhuVNiMxdt', 'FRYVa8conx', 'e7UVoFfQ0G', 'pnUVvqL9Nq', 'l42VVhQKph', 'JypVJ8DJdu'
          Source: 0.2.SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe.3f99ee0.0.raw.unpack, VWCpvbrqAwcj2DEtrX.csHigh entropy of concatenated method names: 'wbDsE0QMpp', 'FltseVGNGc', 'riSsRD2mxX', 'kkPsMwENNt', 'BTysNboOKQ', 'QrHsaB0XTh', 'IOjbc7weOj5vC9xXwD', 'LlDjoMUlZXfEoQ94UF', 'BiTssexxp4', 'eqGsLewCYk'
          Source: 0.2.SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe.3f99ee0.0.raw.unpack, uMNat4sLnShqGfWtMuh.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'maWJcQM79J', 'JYlJZWoGQ0', 'HqmJdjM1UG', 'YGdJkpJKaq', 'XKLJg5q4mL', 'LNjJW5BhmH', 'JUXJxIy1sd'
          Source: 0.2.SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe.3f99ee0.0.raw.unpack, Y0QMpp7GltVGNGcM2H.csHigh entropy of concatenated method names: 'IQYucDfxlZ', 'H0IuZ1TgNw', 'NS1udOYeKS', 'wWnukF4QlP', 'YdsugUeWZl', 'ubXuWcdTLk', 'cucuxGkBFm', 'wSWuHg0nIE', 'dVHuSgZno3', 'hDquDKAIdM'
          Source: 0.2.SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe.3f99ee0.0.raw.unpack, D7kgDvliSD2mxX6kPw.csHigh entropy of concatenated method names: 'z2EAKoqbnQ', 'ScxAm13xVn', 'NO9A7BBhe3', 'f6TAlTMl4h', 'G0aANG7Qk2', 'e9oAa7m7SH', 'cp3AotqRoP', 'bp9AvGwSic', 'R87AVMYsG7', 'GcTAJWnDw6'
          Source: 0.2.SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe.3f99ee0.0.raw.unpack, JKQFrH9B0XTh3kpdI0.csHigh entropy of concatenated method names: 'Xmq2TFDjeq', 'y2a2uak7H0', 'FgO2ByMeKL', 'TQ12Escu5s', 'wsW2e2Cf0s', 'qAIBgArkgM', 'pV6BWEvsHR', 'ADIBx2CIDw', 'DyrBHThD1U', 'zt9BS5rd4o'
          Source: 0.2.SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe.3f99ee0.0.raw.unpack, abHGTecpKW7m1Dv49Y.csHigh entropy of concatenated method names: 'kLgNXGGIJ5', 'FGENiZaue8', 'l21NchMPed', 'LgKNZy6YlE', 'FLLNnyRSQp', 'YaKNQ6CMFx', 'ERoNC8NNrv', 'oX1NO1cSfR', 'YBKNIynMLC', 'zQiNP4BbgY'
          Source: 0.2.SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe.3f99ee0.0.raw.unpack, pWdTWJSlQWQER3vsh6.csHigh entropy of concatenated method names: 'FhCv93Y2MZ', 'Kn2vn3xgSh', 'W2LvQE2a8Y', 'aWVvCdYj3g', 'dcsvc934jh', 'NAsvOesyCj', 'Next', 'Next', 'Next', 'NextBytes'
          Source: 0.2.SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe.3f99ee0.0.raw.unpack, VNF4MWeh92ShIOP8do.csHigh entropy of concatenated method names: 'LwrLTMqeuP', 'H4VLYGtUem', 'J4iLup8gqM', 'qtILAr0Evy', 'hsCLBBXKmE', 'nhmL2i9br4', 'ouELEIr5Va', 'O63LesDhQl', 'Bi6L6fqOL9', 'NL1LRGvlrr'
          Source: 0.2.SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe.3f99ee0.0.raw.unpack, zNK8grHn7yjx9QpFTU.csHigh entropy of concatenated method names: 'tdgvYSCu3k', 'EjHvuVInPV', 'N5mvAYqeQp', 'yhevBbb9ZW', 'vhPv276E89', 'u22vE66GPi', 'KAqveeHQ1Z', 'OMhv6WWCvd', 'ASkvR66xp4', 'TthvM989sO'
          Source: 0.2.SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe.3f99ee0.0.raw.unpack, TvptTVAO9VZVoUhgtW.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'rV8hSUiahZ', 'w4GhDHjAV6', 'XcvhzkjeDe', 'Tg7LwEITFm', 'Q93LsnbTxg', 'h1TLhvJ2cF', 'NZMLLQQ5Ym', 'h4X49vMWkhvTT7LZR5Q'
          Source: 0.2.SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe.3f99ee0.0.raw.unpack, Uif3MphQZCepuUEvRk.csHigh entropy of concatenated method names: 'vGnbncngl', 'KP8K4KShg', 'Xb3mj8Vtr', 'hQ40vrjMT', 'E2xlRJCZr', 'yi1GBUKY2', 'sOh1nltbk674SMhthk', 'fLmSssAcae20rslUTC', 'pOwv9MPjf', 'NkRJfg3aW'
          Source: 0.2.SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe.3f99ee0.0.raw.unpack, jNNtuuGB9N5IEmTybo.csHigh entropy of concatenated method names: 'vvrB8rZa70', 'GN0B0LHwcw', 'EBpAQW4UDj', 'rnWAC1sebZ', 's5VAORqf77', 'vwbAIleA2E', 'dwvAPPegx4', 'B7YAjG6VRl', 'RtjAqvly19', 'DxxAXUfW8W'
          Source: 0.2.SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe.3f99ee0.0.raw.unpack, cyyLulWnJi6R3VWBI5.csHigh entropy of concatenated method names: 'IrdoHbvDVy', 'LhvoDiZyiV', 'yBNvw6YFa9', 'jtBvsSmtUK', 'jGoofpr5W4', 'YMfoikFcYj', 'fcIoFtoX85', 'SNsockpxT6', 'NXZoZCVQtl', 'CLOod0agun'
          Source: 0.2.SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe.3f99ee0.0.raw.unpack, YxGmixddeUtRGBcFVS.csHigh entropy of concatenated method names: 'ToString', 'wGgafwTIig', 'ASTanYuLkH', 'ubFaQtYUvh', 'S9qaC0tRjI', 'DARaOP5ew0', 'Fu8aIBoxNe', 'RVkaPYgiiV', 'J6xajLorgD', 'QGbaqr5MRn'
          Source: 0.2.SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe.3f11ec0.1.raw.unpack, sb5O4APMHUbym2IPVG.csHigh entropy of concatenated method names: 't2wEYseYK3', 'qfqEAKCPen', 'QM5E2Q7Yfa', 'N382DORZSU', 'dmv2zbhIId', 'jNREwSRQh4', 'hwLEsqOmlw', 'nKUEhybE0e', 'tDHEL32Xo0', 'xcyErQbdv4'
          Source: 0.2.SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe.3f11ec0.1.raw.unpack, zOO3CtswNsC6jq7TXtK.csHigh entropy of concatenated method names: 'RhoV3WaOHM', 'z6WV5DhckA', 'QUcVb10dM2', 'OFwVKyHZPp', 'h27V8ShDP9', 'DP8VmcujZB', 'kSQV0yJYNF', 'XZuV7imZ3h', 'b7nVl7XlFm', 'OYxVG9JbuF'
          Source: 0.2.SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe.3f11ec0.1.raw.unpack, G9RqyIDvACLSEGupQL.csHigh entropy of concatenated method names: 'IkLVsfCWiK', 'cckVL3c6s2', 'XfAVrYfZ3j', 'YOAVYsPNiW', 'uR8Vufj2gX', 'nQDVBvW53R', 'BAkV2NGmsg', 'UqZvx51KCa', 'cKrvHQHGBS', 'Lp6vSjIVTL'
          Source: 0.2.SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe.3f11ec0.1.raw.unpack, Rm6b1JuHcrPRFhSGDO.csHigh entropy of concatenated method names: 'Dispose', 'MhisSS02ph', 'T3Bhn1YbKn', 'E278864FX2', 'abNsDK8grn', 'Eyjszx9QpF', 'ProcessDialogKey', 'eUahwWdTWJ', 'EQWhsQER3v', 'bh6hh99Rqy'
          Source: 0.2.SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe.3f11ec0.1.raw.unpack, zStm1nkMY8iMwdAk3C.csHigh entropy of concatenated method names: 'TqBoR7t3qs', 'EqZoM911ik', 'ToString', 'JFOoY0ohDG', 'Tlqoul3ZfD', 'fdDoAELde3', 'PuCoB5sH1d', 'Mgwo2fDgIP', 'rwMoEB3WF9', 'jxKoeOgpTK'
          Source: 0.2.SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe.3f11ec0.1.raw.unpack, YDoIkiFiqJm8mdpx11.csHigh entropy of concatenated method names: 'GZVt7q5k01', 'LnCtl1hrLy', 'A4st91qIlI', 'lI0tncky8i', 'qdJtCUXCbG', 'svxtObsZLe', 'tlLtPboewn', 'AHntjPNw05', 'D1otXEAkHq', 'Fhqtfh5XrA'
          Source: 0.2.SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe.3f11ec0.1.raw.unpack, ComJEZqfwaU7rZ1inN.csHigh entropy of concatenated method names: 'OrFE3mt74x', 'lAXE5uCCot', 'iYYEbbmByZ', 'JsMEKQLxSy', 'O3jE8vPMPq', 'BCyEmRmWJ6', 'tTME035GSg', 'ExhE7nDq6V', 'LNtElhbW5w', 'f1DEGSFDfY'
          Source: 0.2.SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe.3f11ec0.1.raw.unpack, Ap5wgMzLX2HSSE1Pjo.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'vuBVtnXrkC', 'EhuVNiMxdt', 'FRYVa8conx', 'e7UVoFfQ0G', 'pnUVvqL9Nq', 'l42VVhQKph', 'JypVJ8DJdu'
          Source: 0.2.SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe.3f11ec0.1.raw.unpack, VWCpvbrqAwcj2DEtrX.csHigh entropy of concatenated method names: 'wbDsE0QMpp', 'FltseVGNGc', 'riSsRD2mxX', 'kkPsMwENNt', 'BTysNboOKQ', 'QrHsaB0XTh', 'IOjbc7weOj5vC9xXwD', 'LlDjoMUlZXfEoQ94UF', 'BiTssexxp4', 'eqGsLewCYk'
          Source: 0.2.SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe.3f11ec0.1.raw.unpack, uMNat4sLnShqGfWtMuh.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'maWJcQM79J', 'JYlJZWoGQ0', 'HqmJdjM1UG', 'YGdJkpJKaq', 'XKLJg5q4mL', 'LNjJW5BhmH', 'JUXJxIy1sd'
          Source: 0.2.SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe.3f11ec0.1.raw.unpack, Y0QMpp7GltVGNGcM2H.csHigh entropy of concatenated method names: 'IQYucDfxlZ', 'H0IuZ1TgNw', 'NS1udOYeKS', 'wWnukF4QlP', 'YdsugUeWZl', 'ubXuWcdTLk', 'cucuxGkBFm', 'wSWuHg0nIE', 'dVHuSgZno3', 'hDquDKAIdM'
          Source: 0.2.SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe.3f11ec0.1.raw.unpack, D7kgDvliSD2mxX6kPw.csHigh entropy of concatenated method names: 'z2EAKoqbnQ', 'ScxAm13xVn', 'NO9A7BBhe3', 'f6TAlTMl4h', 'G0aANG7Qk2', 'e9oAa7m7SH', 'cp3AotqRoP', 'bp9AvGwSic', 'R87AVMYsG7', 'GcTAJWnDw6'
          Source: 0.2.SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe.3f11ec0.1.raw.unpack, JKQFrH9B0XTh3kpdI0.csHigh entropy of concatenated method names: 'Xmq2TFDjeq', 'y2a2uak7H0', 'FgO2ByMeKL', 'TQ12Escu5s', 'wsW2e2Cf0s', 'qAIBgArkgM', 'pV6BWEvsHR', 'ADIBx2CIDw', 'DyrBHThD1U', 'zt9BS5rd4o'
          Source: 0.2.SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe.3f11ec0.1.raw.unpack, abHGTecpKW7m1Dv49Y.csHigh entropy of concatenated method names: 'kLgNXGGIJ5', 'FGENiZaue8', 'l21NchMPed', 'LgKNZy6YlE', 'FLLNnyRSQp', 'YaKNQ6CMFx', 'ERoNC8NNrv', 'oX1NO1cSfR', 'YBKNIynMLC', 'zQiNP4BbgY'
          Source: 0.2.SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe.3f11ec0.1.raw.unpack, pWdTWJSlQWQER3vsh6.csHigh entropy of concatenated method names: 'FhCv93Y2MZ', 'Kn2vn3xgSh', 'W2LvQE2a8Y', 'aWVvCdYj3g', 'dcsvc934jh', 'NAsvOesyCj', 'Next', 'Next', 'Next', 'NextBytes'
          Source: 0.2.SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe.3f11ec0.1.raw.unpack, VNF4MWeh92ShIOP8do.csHigh entropy of concatenated method names: 'LwrLTMqeuP', 'H4VLYGtUem', 'J4iLup8gqM', 'qtILAr0Evy', 'hsCLBBXKmE', 'nhmL2i9br4', 'ouELEIr5Va', 'O63LesDhQl', 'Bi6L6fqOL9', 'NL1LRGvlrr'
          Source: 0.2.SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe.3f11ec0.1.raw.unpack, zNK8grHn7yjx9QpFTU.csHigh entropy of concatenated method names: 'tdgvYSCu3k', 'EjHvuVInPV', 'N5mvAYqeQp', 'yhevBbb9ZW', 'vhPv276E89', 'u22vE66GPi', 'KAqveeHQ1Z', 'OMhv6WWCvd', 'ASkvR66xp4', 'TthvM989sO'
          Source: 0.2.SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe.3f11ec0.1.raw.unpack, TvptTVAO9VZVoUhgtW.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'rV8hSUiahZ', 'w4GhDHjAV6', 'XcvhzkjeDe', 'Tg7LwEITFm', 'Q93LsnbTxg', 'h1TLhvJ2cF', 'NZMLLQQ5Ym', 'h4X49vMWkhvTT7LZR5Q'
          Source: 0.2.SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe.3f11ec0.1.raw.unpack, Uif3MphQZCepuUEvRk.csHigh entropy of concatenated method names: 'vGnbncngl', 'KP8K4KShg', 'Xb3mj8Vtr', 'hQ40vrjMT', 'E2xlRJCZr', 'yi1GBUKY2', 'sOh1nltbk674SMhthk', 'fLmSssAcae20rslUTC', 'pOwv9MPjf', 'NkRJfg3aW'
          Source: 0.2.SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe.3f11ec0.1.raw.unpack, jNNtuuGB9N5IEmTybo.csHigh entropy of concatenated method names: 'vvrB8rZa70', 'GN0B0LHwcw', 'EBpAQW4UDj', 'rnWAC1sebZ', 's5VAORqf77', 'vwbAIleA2E', 'dwvAPPegx4', 'B7YAjG6VRl', 'RtjAqvly19', 'DxxAXUfW8W'
          Source: 0.2.SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe.3f11ec0.1.raw.unpack, cyyLulWnJi6R3VWBI5.csHigh entropy of concatenated method names: 'IrdoHbvDVy', 'LhvoDiZyiV', 'yBNvw6YFa9', 'jtBvsSmtUK', 'jGoofpr5W4', 'YMfoikFcYj', 'fcIoFtoX85', 'SNsockpxT6', 'NXZoZCVQtl', 'CLOod0agun'
          Source: 0.2.SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe.3f11ec0.1.raw.unpack, YxGmixddeUtRGBcFVS.csHigh entropy of concatenated method names: 'ToString', 'wGgafwTIig', 'ASTanYuLkH', 'ubFaQtYUvh', 'S9qaC0tRjI', 'DARaOP5ew0', 'Fu8aIBoxNe', 'RVkaPYgiiV', 'J6xajLorgD', 'QGbaqr5MRn'

          Hooking and other Techniques for Hiding and Protection

          barindex
          Loading BitLocker PowerShell Module
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion

          barindex
          Yara detected AntiVM3
          Source: Yara matchFile source: Process Memory Space: SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe PID: 7296, type: MEMORYSTR
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeMemory allocated: A50000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeMemory allocated: 2440000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeMemory allocated: 4440000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeMemory allocated: 8790000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeMemory allocated: 7130000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeMemory allocated: 9790000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeMemory allocated: A790000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeMemory allocated: B070000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeMemory allocated: C070000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeMemory allocated: D070000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011E096E rdtsc 4_2_011E096E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5210Jump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2130Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeAPI coverage: 0.3 %
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe TID: 7316Thread sleep time: -922337203685477s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7632Thread sleep time: -3689348814741908s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7620Thread sleep time: -922337203685477s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: Amcache.hve.10.drBinary or memory string: VMware
          Source: Amcache.hve.10.drBinary or memory string: VMware Virtual USB Mouse
          Source: Amcache.hve.10.drBinary or memory string: vmci.syshbin
          Source: Amcache.hve.10.drBinary or memory string: VMware, Inc.
          Source: Amcache.hve.10.drBinary or memory string: VMware20,1hbin@
          Source: Amcache.hve.10.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
          Source: Amcache.hve.10.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
          Source: Amcache.hve.10.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
          Source: Amcache.hve.10.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
          Source: Amcache.hve.10.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
          Source: Amcache.hve.10.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
          Source: Amcache.hve.10.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
          Source: SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe, 00000000.00000002.2172802423.0000000006763000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: _VMware_SATA_CD0
          Source: Amcache.hve.10.drBinary or memory string: vmci.sys
          Source: Amcache.hve.10.drBinary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0
          Source: Amcache.hve.10.drBinary or memory string: vmci.syshbin`
          Source: Amcache.hve.10.drBinary or memory string: \driver\vmci,\driver\pci
          Source: Amcache.hve.10.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
          Source: Amcache.hve.10.drBinary or memory string: VMware20,1
          Source: Amcache.hve.10.drBinary or memory string: Microsoft Hyper-V Generation Counter
          Source: Amcache.hve.10.drBinary or memory string: NECVMWar VMware SATA CD00
          Source: Amcache.hve.10.drBinary or memory string: VMware Virtual disk SCSI Disk Device
          Source: Amcache.hve.10.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
          Source: Amcache.hve.10.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
          Source: Amcache.hve.10.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
          Source: Amcache.hve.10.drBinary or memory string: VMware PCI VMCI Bus Device
          Source: Amcache.hve.10.drBinary or memory string: VMware VMCI Bus Device
          Source: Amcache.hve.10.drBinary or memory string: VMware Virtual RAM
          Source: Amcache.hve.10.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
          Source: SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe, 00000000.00000002.2172802423.0000000006763000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: War&Prod_VMware_7
          Source: Amcache.hve.10.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011E096E rdtsc 4_2_011E096E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011E2DF0 NtQuerySystemInformation,LdrInitializeThunk,4_2_011E2DF0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0124E10E mov eax, dword ptr fs:[00000030h]4_2_0124E10E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0124E10E mov ecx, dword ptr fs:[00000030h]4_2_0124E10E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0124E10E mov eax, dword ptr fs:[00000030h]4_2_0124E10E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0124E10E mov eax, dword ptr fs:[00000030h]4_2_0124E10E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0124E10E mov ecx, dword ptr fs:[00000030h]4_2_0124E10E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0124E10E mov eax, dword ptr fs:[00000030h]4_2_0124E10E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0124E10E mov eax, dword ptr fs:[00000030h]4_2_0124E10E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0124E10E mov ecx, dword ptr fs:[00000030h]4_2_0124E10E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0124E10E mov eax, dword ptr fs:[00000030h]4_2_0124E10E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0124E10E mov ecx, dword ptr fs:[00000030h]4_2_0124E10E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_01260115 mov eax, dword ptr fs:[00000030h]4_2_01260115
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011D0124 mov eax, dword ptr fs:[00000030h]4_2_011D0124
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0124A118 mov ecx, dword ptr fs:[00000030h]4_2_0124A118
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0124A118 mov eax, dword ptr fs:[00000030h]4_2_0124A118
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0124A118 mov eax, dword ptr fs:[00000030h]4_2_0124A118
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0124A118 mov eax, dword ptr fs:[00000030h]4_2_0124A118
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_01274164 mov eax, dword ptr fs:[00000030h]4_2_01274164
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_01274164 mov eax, dword ptr fs:[00000030h]4_2_01274164
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011A6154 mov eax, dword ptr fs:[00000030h]4_2_011A6154
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011A6154 mov eax, dword ptr fs:[00000030h]4_2_011A6154
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0119C156 mov eax, dword ptr fs:[00000030h]4_2_0119C156
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_01234144 mov eax, dword ptr fs:[00000030h]4_2_01234144
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_01234144 mov eax, dword ptr fs:[00000030h]4_2_01234144
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_01234144 mov ecx, dword ptr fs:[00000030h]4_2_01234144
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_01234144 mov eax, dword ptr fs:[00000030h]4_2_01234144
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_01234144 mov eax, dword ptr fs:[00000030h]4_2_01234144
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_01238158 mov eax, dword ptr fs:[00000030h]4_2_01238158
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0119A197 mov eax, dword ptr fs:[00000030h]4_2_0119A197
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0119A197 mov eax, dword ptr fs:[00000030h]4_2_0119A197
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0119A197 mov eax, dword ptr fs:[00000030h]4_2_0119A197
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011E0185 mov eax, dword ptr fs:[00000030h]4_2_011E0185
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_01244180 mov eax, dword ptr fs:[00000030h]4_2_01244180
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_01244180 mov eax, dword ptr fs:[00000030h]4_2_01244180
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0125C188 mov eax, dword ptr fs:[00000030h]4_2_0125C188
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0125C188 mov eax, dword ptr fs:[00000030h]4_2_0125C188
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0122019F mov eax, dword ptr fs:[00000030h]4_2_0122019F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0122019F mov eax, dword ptr fs:[00000030h]4_2_0122019F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0122019F mov eax, dword ptr fs:[00000030h]4_2_0122019F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0122019F mov eax, dword ptr fs:[00000030h]4_2_0122019F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_012761E5 mov eax, dword ptr fs:[00000030h]4_2_012761E5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_012661C3 mov eax, dword ptr fs:[00000030h]4_2_012661C3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_012661C3 mov eax, dword ptr fs:[00000030h]4_2_012661C3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011D01F8 mov eax, dword ptr fs:[00000030h]4_2_011D01F8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0121E1D0 mov eax, dword ptr fs:[00000030h]4_2_0121E1D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0121E1D0 mov eax, dword ptr fs:[00000030h]4_2_0121E1D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0121E1D0 mov ecx, dword ptr fs:[00000030h]4_2_0121E1D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0121E1D0 mov eax, dword ptr fs:[00000030h]4_2_0121E1D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0121E1D0 mov eax, dword ptr fs:[00000030h]4_2_0121E1D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011BE016 mov eax, dword ptr fs:[00000030h]4_2_011BE016
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011BE016 mov eax, dword ptr fs:[00000030h]4_2_011BE016
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011BE016 mov eax, dword ptr fs:[00000030h]4_2_011BE016
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011BE016 mov eax, dword ptr fs:[00000030h]4_2_011BE016
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_01236030 mov eax, dword ptr fs:[00000030h]4_2_01236030
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_01224000 mov ecx, dword ptr fs:[00000030h]4_2_01224000
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_01242000 mov eax, dword ptr fs:[00000030h]4_2_01242000
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_01242000 mov eax, dword ptr fs:[00000030h]4_2_01242000
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_01242000 mov eax, dword ptr fs:[00000030h]4_2_01242000
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_01242000 mov eax, dword ptr fs:[00000030h]4_2_01242000
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_01242000 mov eax, dword ptr fs:[00000030h]4_2_01242000
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_01242000 mov eax, dword ptr fs:[00000030h]4_2_01242000
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_01242000 mov eax, dword ptr fs:[00000030h]4_2_01242000
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_01242000 mov eax, dword ptr fs:[00000030h]4_2_01242000
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0119A020 mov eax, dword ptr fs:[00000030h]4_2_0119A020
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0119C020 mov eax, dword ptr fs:[00000030h]4_2_0119C020
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011A2050 mov eax, dword ptr fs:[00000030h]4_2_011A2050
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011CC073 mov eax, dword ptr fs:[00000030h]4_2_011CC073
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_01226050 mov eax, dword ptr fs:[00000030h]4_2_01226050
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_012380A8 mov eax, dword ptr fs:[00000030h]4_2_012380A8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011A208A mov eax, dword ptr fs:[00000030h]4_2_011A208A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_012660B8 mov eax, dword ptr fs:[00000030h]4_2_012660B8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_012660B8 mov ecx, dword ptr fs:[00000030h]4_2_012660B8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011980A0 mov eax, dword ptr fs:[00000030h]4_2_011980A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_012260E0 mov eax, dword ptr fs:[00000030h]4_2_012260E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0119C0F0 mov eax, dword ptr fs:[00000030h]4_2_0119C0F0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011E20F0 mov ecx, dword ptr fs:[00000030h]4_2_011E20F0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011A80E9 mov eax, dword ptr fs:[00000030h]4_2_011A80E9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0119A0E3 mov ecx, dword ptr fs:[00000030h]4_2_0119A0E3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_012220DE mov eax, dword ptr fs:[00000030h]4_2_012220DE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_01278324 mov eax, dword ptr fs:[00000030h]4_2_01278324
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_01278324 mov ecx, dword ptr fs:[00000030h]4_2_01278324
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_01278324 mov eax, dword ptr fs:[00000030h]4_2_01278324
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_01278324 mov eax, dword ptr fs:[00000030h]4_2_01278324
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0119C310 mov ecx, dword ptr fs:[00000030h]4_2_0119C310
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011C0310 mov ecx, dword ptr fs:[00000030h]4_2_011C0310
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011DA30B mov eax, dword ptr fs:[00000030h]4_2_011DA30B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011DA30B mov eax, dword ptr fs:[00000030h]4_2_011DA30B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011DA30B mov eax, dword ptr fs:[00000030h]4_2_011DA30B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0124437C mov eax, dword ptr fs:[00000030h]4_2_0124437C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0127634F mov eax, dword ptr fs:[00000030h]4_2_0127634F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_01222349 mov eax, dword ptr fs:[00000030h]4_2_01222349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_01222349 mov eax, dword ptr fs:[00000030h]4_2_01222349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_01222349 mov eax, dword ptr fs:[00000030h]4_2_01222349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_01222349 mov eax, dword ptr fs:[00000030h]4_2_01222349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_01222349 mov eax, dword ptr fs:[00000030h]4_2_01222349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_01222349 mov eax, dword ptr fs:[00000030h]4_2_01222349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_01222349 mov eax, dword ptr fs:[00000030h]4_2_01222349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_01222349 mov eax, dword ptr fs:[00000030h]4_2_01222349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_01222349 mov eax, dword ptr fs:[00000030h]4_2_01222349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_01222349 mov eax, dword ptr fs:[00000030h]4_2_01222349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_01222349 mov eax, dword ptr fs:[00000030h]4_2_01222349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_01222349 mov eax, dword ptr fs:[00000030h]4_2_01222349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_01222349 mov eax, dword ptr fs:[00000030h]4_2_01222349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_01222349 mov eax, dword ptr fs:[00000030h]4_2_01222349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_01222349 mov eax, dword ptr fs:[00000030h]4_2_01222349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0126A352 mov eax, dword ptr fs:[00000030h]4_2_0126A352
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_01248350 mov ecx, dword ptr fs:[00000030h]4_2_01248350
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0122035C mov eax, dword ptr fs:[00000030h]4_2_0122035C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0122035C mov eax, dword ptr fs:[00000030h]4_2_0122035C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0122035C mov eax, dword ptr fs:[00000030h]4_2_0122035C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0122035C mov ecx, dword ptr fs:[00000030h]4_2_0122035C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0122035C mov eax, dword ptr fs:[00000030h]4_2_0122035C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0122035C mov eax, dword ptr fs:[00000030h]4_2_0122035C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_01198397 mov eax, dword ptr fs:[00000030h]4_2_01198397
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_01198397 mov eax, dword ptr fs:[00000030h]4_2_01198397
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_01198397 mov eax, dword ptr fs:[00000030h]4_2_01198397
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0119E388 mov eax, dword ptr fs:[00000030h]4_2_0119E388
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0119E388 mov eax, dword ptr fs:[00000030h]4_2_0119E388
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0119E388 mov eax, dword ptr fs:[00000030h]4_2_0119E388
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011C438F mov eax, dword ptr fs:[00000030h]4_2_011C438F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011C438F mov eax, dword ptr fs:[00000030h]4_2_011C438F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011AA3C0 mov eax, dword ptr fs:[00000030h]4_2_011AA3C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011AA3C0 mov eax, dword ptr fs:[00000030h]4_2_011AA3C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011AA3C0 mov eax, dword ptr fs:[00000030h]4_2_011AA3C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011AA3C0 mov eax, dword ptr fs:[00000030h]4_2_011AA3C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011AA3C0 mov eax, dword ptr fs:[00000030h]4_2_011AA3C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011AA3C0 mov eax, dword ptr fs:[00000030h]4_2_011AA3C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011A83C0 mov eax, dword ptr fs:[00000030h]4_2_011A83C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011A83C0 mov eax, dword ptr fs:[00000030h]4_2_011A83C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011A83C0 mov eax, dword ptr fs:[00000030h]4_2_011A83C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011A83C0 mov eax, dword ptr fs:[00000030h]4_2_011A83C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011D63FF mov eax, dword ptr fs:[00000030h]4_2_011D63FF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_012263C0 mov eax, dword ptr fs:[00000030h]4_2_012263C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0125C3CD mov eax, dword ptr fs:[00000030h]4_2_0125C3CD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011BE3F0 mov eax, dword ptr fs:[00000030h]4_2_011BE3F0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011BE3F0 mov eax, dword ptr fs:[00000030h]4_2_011BE3F0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011BE3F0 mov eax, dword ptr fs:[00000030h]4_2_011BE3F0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_012443D4 mov eax, dword ptr fs:[00000030h]4_2_012443D4
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_012443D4 mov eax, dword ptr fs:[00000030h]4_2_012443D4
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011B03E9 mov eax, dword ptr fs:[00000030h]4_2_011B03E9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011B03E9 mov eax, dword ptr fs:[00000030h]4_2_011B03E9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011B03E9 mov eax, dword ptr fs:[00000030h]4_2_011B03E9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011B03E9 mov eax, dword ptr fs:[00000030h]4_2_011B03E9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011B03E9 mov eax, dword ptr fs:[00000030h]4_2_011B03E9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011B03E9 mov eax, dword ptr fs:[00000030h]4_2_011B03E9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011B03E9 mov eax, dword ptr fs:[00000030h]4_2_011B03E9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011B03E9 mov eax, dword ptr fs:[00000030h]4_2_011B03E9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0124E3DB mov eax, dword ptr fs:[00000030h]4_2_0124E3DB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0124E3DB mov eax, dword ptr fs:[00000030h]4_2_0124E3DB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0124E3DB mov ecx, dword ptr fs:[00000030h]4_2_0124E3DB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0124E3DB mov eax, dword ptr fs:[00000030h]4_2_0124E3DB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0119823B mov eax, dword ptr fs:[00000030h]4_2_0119823B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011A6259 mov eax, dword ptr fs:[00000030h]4_2_011A6259
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0119A250 mov eax, dword ptr fs:[00000030h]4_2_0119A250
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_01250274 mov eax, dword ptr fs:[00000030h]4_2_01250274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_01250274 mov eax, dword ptr fs:[00000030h]4_2_01250274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_01250274 mov eax, dword ptr fs:[00000030h]4_2_01250274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_01250274 mov eax, dword ptr fs:[00000030h]4_2_01250274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_01250274 mov eax, dword ptr fs:[00000030h]4_2_01250274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_01250274 mov eax, dword ptr fs:[00000030h]4_2_01250274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_01250274 mov eax, dword ptr fs:[00000030h]4_2_01250274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_01250274 mov eax, dword ptr fs:[00000030h]4_2_01250274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_01250274 mov eax, dword ptr fs:[00000030h]4_2_01250274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_01250274 mov eax, dword ptr fs:[00000030h]4_2_01250274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_01250274 mov eax, dword ptr fs:[00000030h]4_2_01250274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_01250274 mov eax, dword ptr fs:[00000030h]4_2_01250274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_01228243 mov eax, dword ptr fs:[00000030h]4_2_01228243
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_01228243 mov ecx, dword ptr fs:[00000030h]4_2_01228243
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0119826B mov eax, dword ptr fs:[00000030h]4_2_0119826B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0125A250 mov eax, dword ptr fs:[00000030h]4_2_0125A250
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0125A250 mov eax, dword ptr fs:[00000030h]4_2_0125A250
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011A4260 mov eax, dword ptr fs:[00000030h]4_2_011A4260
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011A4260 mov eax, dword ptr fs:[00000030h]4_2_011A4260
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011A4260 mov eax, dword ptr fs:[00000030h]4_2_011A4260
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0127625D mov eax, dword ptr fs:[00000030h]4_2_0127625D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_012362A0 mov eax, dword ptr fs:[00000030h]4_2_012362A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_012362A0 mov ecx, dword ptr fs:[00000030h]4_2_012362A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_012362A0 mov eax, dword ptr fs:[00000030h]4_2_012362A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_012362A0 mov eax, dword ptr fs:[00000030h]4_2_012362A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_012362A0 mov eax, dword ptr fs:[00000030h]4_2_012362A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_012362A0 mov eax, dword ptr fs:[00000030h]4_2_012362A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011DE284 mov eax, dword ptr fs:[00000030h]4_2_011DE284
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011DE284 mov eax, dword ptr fs:[00000030h]4_2_011DE284
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_01220283 mov eax, dword ptr fs:[00000030h]4_2_01220283
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_01220283 mov eax, dword ptr fs:[00000030h]4_2_01220283
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_01220283 mov eax, dword ptr fs:[00000030h]4_2_01220283
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011B02A0 mov eax, dword ptr fs:[00000030h]4_2_011B02A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011B02A0 mov eax, dword ptr fs:[00000030h]4_2_011B02A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011AA2C3 mov eax, dword ptr fs:[00000030h]4_2_011AA2C3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011AA2C3 mov eax, dword ptr fs:[00000030h]4_2_011AA2C3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011AA2C3 mov eax, dword ptr fs:[00000030h]4_2_011AA2C3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011AA2C3 mov eax, dword ptr fs:[00000030h]4_2_011AA2C3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011AA2C3 mov eax, dword ptr fs:[00000030h]4_2_011AA2C3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_012762D6 mov eax, dword ptr fs:[00000030h]4_2_012762D6
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011B02E1 mov eax, dword ptr fs:[00000030h]4_2_011B02E1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011B02E1 mov eax, dword ptr fs:[00000030h]4_2_011B02E1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011B02E1 mov eax, dword ptr fs:[00000030h]4_2_011B02E1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011CE53E mov eax, dword ptr fs:[00000030h]4_2_011CE53E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011CE53E mov eax, dword ptr fs:[00000030h]4_2_011CE53E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011CE53E mov eax, dword ptr fs:[00000030h]4_2_011CE53E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011CE53E mov eax, dword ptr fs:[00000030h]4_2_011CE53E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011CE53E mov eax, dword ptr fs:[00000030h]4_2_011CE53E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_01236500 mov eax, dword ptr fs:[00000030h]4_2_01236500
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_01274500 mov eax, dword ptr fs:[00000030h]4_2_01274500
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_01274500 mov eax, dword ptr fs:[00000030h]4_2_01274500
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_01274500 mov eax, dword ptr fs:[00000030h]4_2_01274500
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_01274500 mov eax, dword ptr fs:[00000030h]4_2_01274500
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_01274500 mov eax, dword ptr fs:[00000030h]4_2_01274500
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_01274500 mov eax, dword ptr fs:[00000030h]4_2_01274500
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_01274500 mov eax, dword ptr fs:[00000030h]4_2_01274500
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011B0535 mov eax, dword ptr fs:[00000030h]4_2_011B0535
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011B0535 mov eax, dword ptr fs:[00000030h]4_2_011B0535
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011B0535 mov eax, dword ptr fs:[00000030h]4_2_011B0535
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011B0535 mov eax, dword ptr fs:[00000030h]4_2_011B0535
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011B0535 mov eax, dword ptr fs:[00000030h]4_2_011B0535
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011B0535 mov eax, dword ptr fs:[00000030h]4_2_011B0535
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011A8550 mov eax, dword ptr fs:[00000030h]4_2_011A8550
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011A8550 mov eax, dword ptr fs:[00000030h]4_2_011A8550
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011D656A mov eax, dword ptr fs:[00000030h]4_2_011D656A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011D656A mov eax, dword ptr fs:[00000030h]4_2_011D656A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011D656A mov eax, dword ptr fs:[00000030h]4_2_011D656A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011DE59C mov eax, dword ptr fs:[00000030h]4_2_011DE59C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_012205A7 mov eax, dword ptr fs:[00000030h]4_2_012205A7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_012205A7 mov eax, dword ptr fs:[00000030h]4_2_012205A7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_012205A7 mov eax, dword ptr fs:[00000030h]4_2_012205A7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011D4588 mov eax, dword ptr fs:[00000030h]4_2_011D4588
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011A2582 mov eax, dword ptr fs:[00000030h]4_2_011A2582
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011A2582 mov ecx, dword ptr fs:[00000030h]4_2_011A2582
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011C45B1 mov eax, dword ptr fs:[00000030h]4_2_011C45B1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011C45B1 mov eax, dword ptr fs:[00000030h]4_2_011C45B1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011A65D0 mov eax, dword ptr fs:[00000030h]4_2_011A65D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011DA5D0 mov eax, dword ptr fs:[00000030h]4_2_011DA5D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011DA5D0 mov eax, dword ptr fs:[00000030h]4_2_011DA5D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011DE5CF mov eax, dword ptr fs:[00000030h]4_2_011DE5CF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011DE5CF mov eax, dword ptr fs:[00000030h]4_2_011DE5CF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011DC5ED mov eax, dword ptr fs:[00000030h]4_2_011DC5ED
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011DC5ED mov eax, dword ptr fs:[00000030h]4_2_011DC5ED
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011A25E0 mov eax, dword ptr fs:[00000030h]4_2_011A25E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011CE5E7 mov eax, dword ptr fs:[00000030h]4_2_011CE5E7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011CE5E7 mov eax, dword ptr fs:[00000030h]4_2_011CE5E7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011CE5E7 mov eax, dword ptr fs:[00000030h]4_2_011CE5E7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011CE5E7 mov eax, dword ptr fs:[00000030h]4_2_011CE5E7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011CE5E7 mov eax, dword ptr fs:[00000030h]4_2_011CE5E7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011CE5E7 mov eax, dword ptr fs:[00000030h]4_2_011CE5E7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011CE5E7 mov eax, dword ptr fs:[00000030h]4_2_011CE5E7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011CE5E7 mov eax, dword ptr fs:[00000030h]4_2_011CE5E7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_01226420 mov eax, dword ptr fs:[00000030h]4_2_01226420
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_01226420 mov eax, dword ptr fs:[00000030h]4_2_01226420
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_01226420 mov eax, dword ptr fs:[00000030h]4_2_01226420
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_01226420 mov eax, dword ptr fs:[00000030h]4_2_01226420
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_01226420 mov eax, dword ptr fs:[00000030h]4_2_01226420
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_01226420 mov eax, dword ptr fs:[00000030h]4_2_01226420
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_01226420 mov eax, dword ptr fs:[00000030h]4_2_01226420
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011D8402 mov eax, dword ptr fs:[00000030h]4_2_011D8402
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011D8402 mov eax, dword ptr fs:[00000030h]4_2_011D8402
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011D8402 mov eax, dword ptr fs:[00000030h]4_2_011D8402
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011DA430 mov eax, dword ptr fs:[00000030h]4_2_011DA430
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0119E420 mov eax, dword ptr fs:[00000030h]4_2_0119E420
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0119E420 mov eax, dword ptr fs:[00000030h]4_2_0119E420
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0119E420 mov eax, dword ptr fs:[00000030h]4_2_0119E420
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0119C427 mov eax, dword ptr fs:[00000030h]4_2_0119C427
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0122C460 mov ecx, dword ptr fs:[00000030h]4_2_0122C460
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0119645D mov eax, dword ptr fs:[00000030h]4_2_0119645D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011C245A mov eax, dword ptr fs:[00000030h]4_2_011C245A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011DE443 mov eax, dword ptr fs:[00000030h]4_2_011DE443
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011DE443 mov eax, dword ptr fs:[00000030h]4_2_011DE443
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011DE443 mov eax, dword ptr fs:[00000030h]4_2_011DE443
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011DE443 mov eax, dword ptr fs:[00000030h]4_2_011DE443
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011DE443 mov eax, dword ptr fs:[00000030h]4_2_011DE443
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011DE443 mov eax, dword ptr fs:[00000030h]4_2_011DE443
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011DE443 mov eax, dword ptr fs:[00000030h]4_2_011DE443
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011DE443 mov eax, dword ptr fs:[00000030h]4_2_011DE443
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011CA470 mov eax, dword ptr fs:[00000030h]4_2_011CA470
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011CA470 mov eax, dword ptr fs:[00000030h]4_2_011CA470
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011CA470 mov eax, dword ptr fs:[00000030h]4_2_011CA470
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0125A456 mov eax, dword ptr fs:[00000030h]4_2_0125A456
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0122A4B0 mov eax, dword ptr fs:[00000030h]4_2_0122A4B0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011D44B0 mov ecx, dword ptr fs:[00000030h]4_2_011D44B0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011A64AB mov eax, dword ptr fs:[00000030h]4_2_011A64AB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0125A49A mov eax, dword ptr fs:[00000030h]4_2_0125A49A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011A04E5 mov ecx, dword ptr fs:[00000030h]4_2_011A04E5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011A0710 mov eax, dword ptr fs:[00000030h]4_2_011A0710
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011D0710 mov eax, dword ptr fs:[00000030h]4_2_011D0710
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0121C730 mov eax, dword ptr fs:[00000030h]4_2_0121C730
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011DC700 mov eax, dword ptr fs:[00000030h]4_2_011DC700
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011D273C mov eax, dword ptr fs:[00000030h]4_2_011D273C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011D273C mov ecx, dword ptr fs:[00000030h]4_2_011D273C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011D273C mov eax, dword ptr fs:[00000030h]4_2_011D273C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011DC720 mov eax, dword ptr fs:[00000030h]4_2_011DC720
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011DC720 mov eax, dword ptr fs:[00000030h]4_2_011DC720
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011A0750 mov eax, dword ptr fs:[00000030h]4_2_011A0750
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011E2750 mov eax, dword ptr fs:[00000030h]4_2_011E2750
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011E2750 mov eax, dword ptr fs:[00000030h]4_2_011E2750
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011D674D mov esi, dword ptr fs:[00000030h]4_2_011D674D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011D674D mov eax, dword ptr fs:[00000030h]4_2_011D674D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011D674D mov eax, dword ptr fs:[00000030h]4_2_011D674D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011A8770 mov eax, dword ptr fs:[00000030h]4_2_011A8770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011B0770 mov eax, dword ptr fs:[00000030h]4_2_011B0770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011B0770 mov eax, dword ptr fs:[00000030h]4_2_011B0770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011B0770 mov eax, dword ptr fs:[00000030h]4_2_011B0770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011B0770 mov eax, dword ptr fs:[00000030h]4_2_011B0770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011B0770 mov eax, dword ptr fs:[00000030h]4_2_011B0770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011B0770 mov eax, dword ptr fs:[00000030h]4_2_011B0770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011B0770 mov eax, dword ptr fs:[00000030h]4_2_011B0770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011B0770 mov eax, dword ptr fs:[00000030h]4_2_011B0770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011B0770 mov eax, dword ptr fs:[00000030h]4_2_011B0770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011B0770 mov eax, dword ptr fs:[00000030h]4_2_011B0770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011B0770 mov eax, dword ptr fs:[00000030h]4_2_011B0770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011B0770 mov eax, dword ptr fs:[00000030h]4_2_011B0770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_01224755 mov eax, dword ptr fs:[00000030h]4_2_01224755
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0122E75D mov eax, dword ptr fs:[00000030h]4_2_0122E75D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_012547A0 mov eax, dword ptr fs:[00000030h]4_2_012547A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0124678E mov eax, dword ptr fs:[00000030h]4_2_0124678E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011A07AF mov eax, dword ptr fs:[00000030h]4_2_011A07AF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0122E7E1 mov eax, dword ptr fs:[00000030h]4_2_0122E7E1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011AC7C0 mov eax, dword ptr fs:[00000030h]4_2_011AC7C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011A47FB mov eax, dword ptr fs:[00000030h]4_2_011A47FB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011A47FB mov eax, dword ptr fs:[00000030h]4_2_011A47FB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_012207C3 mov eax, dword ptr fs:[00000030h]4_2_012207C3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011C27ED mov eax, dword ptr fs:[00000030h]4_2_011C27ED
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011C27ED mov eax, dword ptr fs:[00000030h]4_2_011C27ED
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011C27ED mov eax, dword ptr fs:[00000030h]4_2_011C27ED
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011E2619 mov eax, dword ptr fs:[00000030h]4_2_011E2619
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011B260B mov eax, dword ptr fs:[00000030h]4_2_011B260B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011B260B mov eax, dword ptr fs:[00000030h]4_2_011B260B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011B260B mov eax, dword ptr fs:[00000030h]4_2_011B260B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011B260B mov eax, dword ptr fs:[00000030h]4_2_011B260B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011B260B mov eax, dword ptr fs:[00000030h]4_2_011B260B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011B260B mov eax, dword ptr fs:[00000030h]4_2_011B260B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011B260B mov eax, dword ptr fs:[00000030h]4_2_011B260B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0121E609 mov eax, dword ptr fs:[00000030h]4_2_0121E609
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011A262C mov eax, dword ptr fs:[00000030h]4_2_011A262C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011BE627 mov eax, dword ptr fs:[00000030h]4_2_011BE627
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011D6620 mov eax, dword ptr fs:[00000030h]4_2_011D6620
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011D8620 mov eax, dword ptr fs:[00000030h]4_2_011D8620
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0126866E mov eax, dword ptr fs:[00000030h]4_2_0126866E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0126866E mov eax, dword ptr fs:[00000030h]4_2_0126866E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011BC640 mov eax, dword ptr fs:[00000030h]4_2_011BC640
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011D2674 mov eax, dword ptr fs:[00000030h]4_2_011D2674
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011DA660 mov eax, dword ptr fs:[00000030h]4_2_011DA660
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011DA660 mov eax, dword ptr fs:[00000030h]4_2_011DA660
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011A4690 mov eax, dword ptr fs:[00000030h]4_2_011A4690
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011A4690 mov eax, dword ptr fs:[00000030h]4_2_011A4690
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011D66B0 mov eax, dword ptr fs:[00000030h]4_2_011D66B0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011DC6A6 mov eax, dword ptr fs:[00000030h]4_2_011DC6A6
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0121E6F2 mov eax, dword ptr fs:[00000030h]4_2_0121E6F2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0121E6F2 mov eax, dword ptr fs:[00000030h]4_2_0121E6F2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0121E6F2 mov eax, dword ptr fs:[00000030h]4_2_0121E6F2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0121E6F2 mov eax, dword ptr fs:[00000030h]4_2_0121E6F2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_012206F1 mov eax, dword ptr fs:[00000030h]4_2_012206F1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_012206F1 mov eax, dword ptr fs:[00000030h]4_2_012206F1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011DA6C7 mov ebx, dword ptr fs:[00000030h]4_2_011DA6C7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011DA6C7 mov eax, dword ptr fs:[00000030h]4_2_011DA6C7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_01198918 mov eax, dword ptr fs:[00000030h]4_2_01198918
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_01198918 mov eax, dword ptr fs:[00000030h]4_2_01198918
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0122892A mov eax, dword ptr fs:[00000030h]4_2_0122892A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0123892B mov eax, dword ptr fs:[00000030h]4_2_0123892B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0121E908 mov eax, dword ptr fs:[00000030h]4_2_0121E908
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0121E908 mov eax, dword ptr fs:[00000030h]4_2_0121E908
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0122C912 mov eax, dword ptr fs:[00000030h]4_2_0122C912
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_01244978 mov eax, dword ptr fs:[00000030h]4_2_01244978
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_01244978 mov eax, dword ptr fs:[00000030h]4_2_01244978
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0122C97C mov eax, dword ptr fs:[00000030h]4_2_0122C97C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_01220946 mov eax, dword ptr fs:[00000030h]4_2_01220946
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_01274940 mov eax, dword ptr fs:[00000030h]4_2_01274940
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011E096E mov eax, dword ptr fs:[00000030h]4_2_011E096E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011E096E mov edx, dword ptr fs:[00000030h]4_2_011E096E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011E096E mov eax, dword ptr fs:[00000030h]4_2_011E096E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011C6962 mov eax, dword ptr fs:[00000030h]4_2_011C6962
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011C6962 mov eax, dword ptr fs:[00000030h]4_2_011C6962
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011C6962 mov eax, dword ptr fs:[00000030h]4_2_011C6962
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_012289B3 mov esi, dword ptr fs:[00000030h]4_2_012289B3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_012289B3 mov eax, dword ptr fs:[00000030h]4_2_012289B3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_012289B3 mov eax, dword ptr fs:[00000030h]4_2_012289B3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011A09AD mov eax, dword ptr fs:[00000030h]4_2_011A09AD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011A09AD mov eax, dword ptr fs:[00000030h]4_2_011A09AD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011B29A0 mov eax, dword ptr fs:[00000030h]4_2_011B29A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011B29A0 mov eax, dword ptr fs:[00000030h]4_2_011B29A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011B29A0 mov eax, dword ptr fs:[00000030h]4_2_011B29A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011B29A0 mov eax, dword ptr fs:[00000030h]4_2_011B29A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011B29A0 mov eax, dword ptr fs:[00000030h]4_2_011B29A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011B29A0 mov eax, dword ptr fs:[00000030h]4_2_011B29A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011B29A0 mov eax, dword ptr fs:[00000030h]4_2_011B29A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011B29A0 mov eax, dword ptr fs:[00000030h]4_2_011B29A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011B29A0 mov eax, dword ptr fs:[00000030h]4_2_011B29A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011B29A0 mov eax, dword ptr fs:[00000030h]4_2_011B29A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011B29A0 mov eax, dword ptr fs:[00000030h]4_2_011B29A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011B29A0 mov eax, dword ptr fs:[00000030h]4_2_011B29A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011B29A0 mov eax, dword ptr fs:[00000030h]4_2_011B29A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0122E9E0 mov eax, dword ptr fs:[00000030h]4_2_0122E9E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011AA9D0 mov eax, dword ptr fs:[00000030h]4_2_011AA9D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011AA9D0 mov eax, dword ptr fs:[00000030h]4_2_011AA9D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011AA9D0 mov eax, dword ptr fs:[00000030h]4_2_011AA9D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011AA9D0 mov eax, dword ptr fs:[00000030h]4_2_011AA9D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011AA9D0 mov eax, dword ptr fs:[00000030h]4_2_011AA9D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011AA9D0 mov eax, dword ptr fs:[00000030h]4_2_011AA9D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011D49D0 mov eax, dword ptr fs:[00000030h]4_2_011D49D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_012369C0 mov eax, dword ptr fs:[00000030h]4_2_012369C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011D29F9 mov eax, dword ptr fs:[00000030h]4_2_011D29F9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011D29F9 mov eax, dword ptr fs:[00000030h]4_2_011D29F9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0126A9D3 mov eax, dword ptr fs:[00000030h]4_2_0126A9D3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0124483A mov eax, dword ptr fs:[00000030h]4_2_0124483A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0124483A mov eax, dword ptr fs:[00000030h]4_2_0124483A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011C2835 mov eax, dword ptr fs:[00000030h]4_2_011C2835
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011C2835 mov eax, dword ptr fs:[00000030h]4_2_011C2835
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011C2835 mov eax, dword ptr fs:[00000030h]4_2_011C2835
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011C2835 mov ecx, dword ptr fs:[00000030h]4_2_011C2835
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011C2835 mov eax, dword ptr fs:[00000030h]4_2_011C2835
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011C2835 mov eax, dword ptr fs:[00000030h]4_2_011C2835
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011DA830 mov eax, dword ptr fs:[00000030h]4_2_011DA830
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0122C810 mov eax, dword ptr fs:[00000030h]4_2_0122C810
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011A4859 mov eax, dword ptr fs:[00000030h]4_2_011A4859
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011A4859 mov eax, dword ptr fs:[00000030h]4_2_011A4859
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011D0854 mov eax, dword ptr fs:[00000030h]4_2_011D0854
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0122E872 mov eax, dword ptr fs:[00000030h]4_2_0122E872
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0122E872 mov eax, dword ptr fs:[00000030h]4_2_0122E872
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_01236870 mov eax, dword ptr fs:[00000030h]4_2_01236870
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_01236870 mov eax, dword ptr fs:[00000030h]4_2_01236870
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011B2840 mov ecx, dword ptr fs:[00000030h]4_2_011B2840
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011A0887 mov eax, dword ptr fs:[00000030h]4_2_011A0887
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0122C89D mov eax, dword ptr fs:[00000030h]4_2_0122C89D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0126A8E4 mov eax, dword ptr fs:[00000030h]4_2_0126A8E4
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011CE8C0 mov eax, dword ptr fs:[00000030h]4_2_011CE8C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011DC8F9 mov eax, dword ptr fs:[00000030h]4_2_011DC8F9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011DC8F9 mov eax, dword ptr fs:[00000030h]4_2_011DC8F9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_012708C0 mov eax, dword ptr fs:[00000030h]4_2_012708C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_01268B28 mov eax, dword ptr fs:[00000030h]4_2_01268B28
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_01268B28 mov eax, dword ptr fs:[00000030h]4_2_01268B28
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_01274B00 mov eax, dword ptr fs:[00000030h]4_2_01274B00
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0121EB1D mov eax, dword ptr fs:[00000030h]4_2_0121EB1D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0121EB1D mov eax, dword ptr fs:[00000030h]4_2_0121EB1D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0121EB1D mov eax, dword ptr fs:[00000030h]4_2_0121EB1D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0121EB1D mov eax, dword ptr fs:[00000030h]4_2_0121EB1D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0121EB1D mov eax, dword ptr fs:[00000030h]4_2_0121EB1D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0121EB1D mov eax, dword ptr fs:[00000030h]4_2_0121EB1D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0121EB1D mov eax, dword ptr fs:[00000030h]4_2_0121EB1D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0121EB1D mov eax, dword ptr fs:[00000030h]4_2_0121EB1D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0121EB1D mov eax, dword ptr fs:[00000030h]4_2_0121EB1D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011CEB20 mov eax, dword ptr fs:[00000030h]4_2_011CEB20
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011CEB20 mov eax, dword ptr fs:[00000030h]4_2_011CEB20
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_01198B50 mov eax, dword ptr fs:[00000030h]4_2_01198B50
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_01236B40 mov eax, dword ptr fs:[00000030h]4_2_01236B40
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_01236B40 mov eax, dword ptr fs:[00000030h]4_2_01236B40
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0126AB40 mov eax, dword ptr fs:[00000030h]4_2_0126AB40
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_01248B42 mov eax, dword ptr fs:[00000030h]4_2_01248B42
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0119CB7E mov eax, dword ptr fs:[00000030h]4_2_0119CB7E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_01254B4B mov eax, dword ptr fs:[00000030h]4_2_01254B4B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_01254B4B mov eax, dword ptr fs:[00000030h]4_2_01254B4B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_01272B57 mov eax, dword ptr fs:[00000030h]4_2_01272B57
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_01272B57 mov eax, dword ptr fs:[00000030h]4_2_01272B57
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_01272B57 mov eax, dword ptr fs:[00000030h]4_2_01272B57
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_01272B57 mov eax, dword ptr fs:[00000030h]4_2_01272B57
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0124EB50 mov eax, dword ptr fs:[00000030h]4_2_0124EB50
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_01254BB0 mov eax, dword ptr fs:[00000030h]4_2_01254BB0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_01254BB0 mov eax, dword ptr fs:[00000030h]4_2_01254BB0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011B0BBE mov eax, dword ptr fs:[00000030h]4_2_011B0BBE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011B0BBE mov eax, dword ptr fs:[00000030h]4_2_011B0BBE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0122CBF0 mov eax, dword ptr fs:[00000030h]4_2_0122CBF0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011C0BCB mov eax, dword ptr fs:[00000030h]4_2_011C0BCB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011C0BCB mov eax, dword ptr fs:[00000030h]4_2_011C0BCB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011C0BCB mov eax, dword ptr fs:[00000030h]4_2_011C0BCB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011A0BCD mov eax, dword ptr fs:[00000030h]4_2_011A0BCD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011A0BCD mov eax, dword ptr fs:[00000030h]4_2_011A0BCD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011A0BCD mov eax, dword ptr fs:[00000030h]4_2_011A0BCD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011CEBFC mov eax, dword ptr fs:[00000030h]4_2_011CEBFC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011A8BF0 mov eax, dword ptr fs:[00000030h]4_2_011A8BF0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011A8BF0 mov eax, dword ptr fs:[00000030h]4_2_011A8BF0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011A8BF0 mov eax, dword ptr fs:[00000030h]4_2_011A8BF0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0124EBD0 mov eax, dword ptr fs:[00000030h]4_2_0124EBD0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011DCA38 mov eax, dword ptr fs:[00000030h]4_2_011DCA38
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011C4A35 mov eax, dword ptr fs:[00000030h]4_2_011C4A35
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011C4A35 mov eax, dword ptr fs:[00000030h]4_2_011C4A35
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011CEA2E mov eax, dword ptr fs:[00000030h]4_2_011CEA2E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0122CA11 mov eax, dword ptr fs:[00000030h]4_2_0122CA11
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011DCA24 mov eax, dword ptr fs:[00000030h]4_2_011DCA24
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011B0A5B mov eax, dword ptr fs:[00000030h]4_2_011B0A5B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011B0A5B mov eax, dword ptr fs:[00000030h]4_2_011B0A5B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0124EA60 mov eax, dword ptr fs:[00000030h]4_2_0124EA60
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011A6A50 mov eax, dword ptr fs:[00000030h]4_2_011A6A50
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011A6A50 mov eax, dword ptr fs:[00000030h]4_2_011A6A50
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011A6A50 mov eax, dword ptr fs:[00000030h]4_2_011A6A50
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011A6A50 mov eax, dword ptr fs:[00000030h]4_2_011A6A50
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011A6A50 mov eax, dword ptr fs:[00000030h]4_2_011A6A50
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011A6A50 mov eax, dword ptr fs:[00000030h]4_2_011A6A50
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011A6A50 mov eax, dword ptr fs:[00000030h]4_2_011A6A50
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0121CA72 mov eax, dword ptr fs:[00000030h]4_2_0121CA72
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_0121CA72 mov eax, dword ptr fs:[00000030h]4_2_0121CA72
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011DCA6F mov eax, dword ptr fs:[00000030h]4_2_011DCA6F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011DCA6F mov eax, dword ptr fs:[00000030h]4_2_011DCA6F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011DCA6F mov eax, dword ptr fs:[00000030h]4_2_011DCA6F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011D8A90 mov edx, dword ptr fs:[00000030h]4_2_011D8A90
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011AEA80 mov eax, dword ptr fs:[00000030h]4_2_011AEA80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011AEA80 mov eax, dword ptr fs:[00000030h]4_2_011AEA80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011AEA80 mov eax, dword ptr fs:[00000030h]4_2_011AEA80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011AEA80 mov eax, dword ptr fs:[00000030h]4_2_011AEA80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011AEA80 mov eax, dword ptr fs:[00000030h]4_2_011AEA80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011AEA80 mov eax, dword ptr fs:[00000030h]4_2_011AEA80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011AEA80 mov eax, dword ptr fs:[00000030h]4_2_011AEA80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011AEA80 mov eax, dword ptr fs:[00000030h]4_2_011AEA80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_011AEA80 mov eax, dword ptr fs:[00000030h]4_2_011AEA80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeCode function: 4_2_01274A80 mov eax, dword ptr fs:[00000030h]4_2_01274A80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeMemory allocated: page read and write | page guardJump to behavior

          HIPS / PFW / Operating System Protection Evasion

          barindex
          Adds a directory exclusion to Windows Defender
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe"
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe"Jump to behavior
          Injects a PE file into a foreign processes
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeMemory written: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe base: 400000 value starts with: 4D5AJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe"Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe"Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
          Source: Amcache.hve.10.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
          Source: Amcache.hve.10.drBinary or memory string: msmpeng.exe
          Source: Amcache.hve.10.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
          Source: Amcache.hve.10.drBinary or memory string: MsMpEng.exe

          Stealing of Sensitive Information

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 4.2.SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.2.SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000004.00000002.2323640935.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY

          Remote Access Functionality

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 4.2.SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.2.SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000004.00000002.2323640935.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY

          Mitre Att&ck Matrix

          ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
          Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
          DLL Side-Loading          		111
          Process Injection          		1
          Masquerading          		OS Credential Dumping31
          Security Software Discovery          		Remote Services1
          Archive Collected Data          		1
          Encrypted Channel          		Exfiltration Over Other Network MediumAbuse Accessibility Features
          CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
          DLL Side-Loading          		11
          Disable or Modify Tools          		LSASS Memory1
          Process Discovery          		Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
          Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)41
          Virtualization/Sandbox Evasion          		Security Account Manager41
          Virtualization/Sandbox Evasion          		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
          Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook111
          Process Injection          		NTDS1
          Application Window Discovery          		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
          Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
          Deobfuscate/Decode Files or Information          		LSA Secrets1
          File and Directory Discovery          		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
          Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts3
          Obfuscated Files or Information          		Cached Domain Credentials12
          System Information Discovery          		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
          DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items12
          Software Packing          		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
          Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
          DLL Side-Loading          		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 signatures2 2 Behavior Graph ID: 1544699 Sample: SecuriteInfo.com.Trojan.Pac... Startdate: 29/10/2024 Architecture: WINDOWS Score: 100 24 Malicious sample detected (through community Yara rule) 2->24 26 Multi AV Scanner detection for submitted file 2->26 28 Yara detected FormBook 2->28 30 5 other signatures 2->30 7 SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe 4 2->7         started        process3 file4 22 SecuriteInfo.com.T...5.6094.2443.exe.log, ASCII 7->22 dropped 32 Adds a directory exclusion to Windows Defender 7->32 34 Injects a PE file into a foreign processes 7->34 11 powershell.exe 23 7->11         started        14 SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe 7->14         started        signatures5 process6 signatures7 36 Loading BitLocker PowerShell Module 11->36 16 WmiPrvSE.exe 11->16         started        18 conhost.exe 11->18         started        20 WerFault.exe 23 16 14->20         started        process8

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe42%ReversingLabsByteCode-MSIL.Trojan.Zilla
          SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe100%Joe Sandbox ML

          Dropped Files

          No Antivirus matches

          Unpacked PE Files

          No Antivirus matches

          Domains

          No Antivirus matches

          URLs

          SourceDetectionScannerLabelLink
          http://upx.sf.net0%URL Reputationsafe
          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          bg.microsoft.map.fastly.net
          		199.232.214.172
          		truefalse
            		unknown

            URLs from Memory and Binaries

            NameSourceMaliciousAntivirus DetectionReputation
            http://upx.sf.netAmcache.hve.10.drfalse
            • URL Reputation: safe
            		unknown
            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameSecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe, 00000000.00000002.2155081651.00000000026C4000.00000004.00000800.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown

            World Map of Contacted IPs

            No contacted IP infos

            General Information

            Joe Sandbox version:41.0.0 Charoite
            Analysis ID:1544699
            Start date and time:2024-10-29 16:33:16 +01:00
            Joe Sandbox product:CloudBasic
            Overall analysis duration:0h 6m 50s
            Hypervisor based Inspection enabled:false
            Report type:full
            Cookbook file name:default.jbs
            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
            Number of analysed new started processes analysed:12
            Number of new started drivers analysed:0
            Number of existing processes analysed:0
            Number of existing drivers analysed:0
            Number of injected processes analysed:0
            Technologies:
            • HCA enabled
            • EGA enabled
            • AMSI enabled
            Analysis Mode:default
            Analysis stop reason:Timeout
            Sample name:SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe
            Detection:MAL
            Classification:mal100.troj.evad.winEXE@8/11@0/0
            EGA Information:
            • Successful, ratio: 100%
            HCA Information:
            • Successful, ratio: 99%
            • Number of executed functions: 152
            • Number of non-executed functions: 244
            Cookbook Comments:
            • Found application associated with file extension: .exe

            Warnings

            • Exclude process from analysis (whitelisted): dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
            • Excluded IPs from analysis (whitelisted): 20.189.173.22
            • Excluded domains from analysis (whitelisted): client.wns.windows.com, fs.microsoft.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, onedsblobprdwus17.westus.cloudapp.azure.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, login.live.com, blobcollector.events.data.trafficmanager.net, crl3.digicert.com, umwatson.events.data.microsoft.com, wu-b-net.trafficmanager.net
            • Not all processes where analyzed, report is missing behavior information
            • Report size getting too big, too many NtCreateKey calls found.
            • Report size getting too big, too many NtOpenKeyEx calls found.
            • Report size getting too big, too many NtProtectVirtualMemory calls found.
            • Report size getting too big, too many NtQueryValueKey calls found.
            • VT rate limit hit for: SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe

            Simulations

            Behavior and APIs

            TimeTypeDescription
            11:34:14API Interceptor2x Sleep call for process: SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe modified
            11:34:17API Interceptor12x Sleep call for process: powershell.exe modified
            11:34:34API Interceptor1x Sleep call for process: WerFault.exe modified

            Joe Sandbox View / Context

            IPs

            No context

            Domains

            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
            bg.microsoft.map.fastly.netOakville_Service_Update_d76b33a1-3420-40be-babd-e82e253ad25c.pdfGet hashmaliciousHTMLPhisherBrowse
            • 199.232.214.172
            CARDFACTORYAccess Program, Tuesday, October 29, 2024.emlGet hashmaliciousHTMLPhisherBrowse
            • 199.232.214.172
            https://www.google.mx/url?q=jODz3y3HOSozuuQiApLh&rct=5CHARyytTPSJ3J3wDcT&sa=t&esrc=sf_rand_string_mixed(5)FgECA0xys8Em2FL&source=&cd=HXUursu8uEcr4eTiw9XH&cad=XpPkDfJ6CHARlDJVS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp%2F%E2%80%8Biw.%C2%ADgc%C2%ADrvn%C2%ADm0.%C2%ADza%C2%AD.c%E2%80%8Bo%C2%ADm%2Ffylee%2Fimages%2Fsf_rand_string_mixed(24)/roger.christenson@steptoe-johnson.comGet hashmaliciousUnknownBrowse
            • 199.232.210.172
            Jonathangodber October 2024.pdfGet hashmaliciousTycoon2FABrowse
            • 199.232.214.172
            http://dataleakypypu7uwblm5kttv726l3iripago6p336xjnbstkjwrlnlid.onion/Get hashmaliciousUnknownBrowse
            • 199.232.210.172
            file.exeGet hashmaliciousStealcBrowse
            • 199.232.214.172
            Jo Smalley shared _Harbour Healthcare Ltd Project_ with you..emlGet hashmaliciousHTMLPhisherBrowse
            • 199.232.214.172
            Jo Smalley shared _Harbour Healthcare Ltd Project_ with you..emlGet hashmaliciousHTMLPhisherBrowse
            • 199.232.214.172
            https://www.google.mx/url?q=jODz3y3HOSozuuQiApLh&rct=5CHARyytTPSJ3J3wDcT&sa=t&esrc=sf_rand_string_mixed(5)FgECA0xys8Em2FL&source=&cd=HXUursu8uEcr4eTiw9XH&cad=XpPkDfJ6CHARlDJVS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp%2F%E2%80%8Biw.%C2%ADgc%C2%ADrvn%C2%ADm0.%C2%ADza%C2%AD.c%E2%80%8Bo%C2%ADm%2Ffylee%2Fimages%2Fsf_rand_string_mixed(24)/toto@dgtresor.gouv.frGet hashmaliciousUnknownBrowse
            • 199.232.210.172
            Kvidistante.vbsGet hashmaliciousGuLoaderBrowse
            • 199.232.210.172

            ASNs

            No context

            JA3 Fingerprints

            No context

            Dropped Files

            No context

            Created / dropped Files

            C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_SecuriteInfo.com_2629692fb444ff323da5747cc7838fca5f03cc_69b6eaaf_091d48ae-1c20-48f9-af73-92210d077bff\Report.wer

            Download File
            Process:C:\Windows\SysWOW64\WerFault.exe
            File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
            Category:dropped
            Size (bytes):65536
            Entropy (8bit):0.672391998196115
            Encrypted:false
            SSDEEP:192:NQ7qCd0e7xEWC0BU/wr7jlzuiFJZ24IO8k1:GOklxvBU/gjlzuiFJY4IO80
            MD5:4D96F68F94FF3D92E6CC3E99D06BAF16
            SHA1:71CEA2F278C7B9971F39FF70856E64F6CC458AA5
            SHA-256:0C5F39559B647C2087909DEECF2F6F8FE2036F3BAB0467ECB83E9AF80925FEA3
            SHA-512:84470D36E9B43D33BD369B0B5940AF3453DF3818DCD66083EA785B8F1CA3E9DABFD2B758885CFE032CD8C2C5286DDAF9C39FE534A5245A3E3C3E85DC997EDE0E
            Malicious:false
            Reputation:low
            Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.4.6.8.9.6.7.1.0.7.0.7.8.6.7.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.4.6.8.9.6.7.1.6.1.7.6.6.6.4.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.0.9.1.d.4.8.a.e.-.1.c.2.0.-.4.8.f.9.-.a.f.7.3.-.9.2.2.1.0.d.0.7.7.b.f.f.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.a.8.1.9.3.9.7.2.-.8.e.d.f.-.4.4.f.f.-.8.3.7.a.-.c.8.d.2.3.6.9.8.0.a.3.b.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.S.e.c.u.r.i.t.e.I.n.f.o...c.o.m...T.r.o.j.a.n...P.a.c.k.e.d.N.E.T...3.0.9.5...6.0.9.4...2.4.4.3...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.r.y.F.h...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.d.4.0.-.0.0.0.1.-.0.0.1.4.-.e.3.a.b.-.0.3.0.3.1.8.2.a.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.e.d.1.3.5.f.e.c.c.d.3.f.7.0.d.9.d.b.0.a.5.c.8.a.0.a.a.9.f.8.7.b.0.0.0.0.0.0.0.0.!.0.0.0.0.d.

            C:\ProgramData\Microsoft\Windows\WER\Temp\WERA3E4.tmp.dmp

            Download File
            Process:C:\Windows\SysWOW64\WerFault.exe
            File Type:Mini DuMP crash report, 14 streams, Tue Oct 29 15:34:31 2024, 0x1205a4 type
            Category:dropped
            Size (bytes):24618
            Entropy (8bit):1.7830531296905257
            Encrypted:false
            SSDEEP:96:5Y8PvRnXkZN50fN9DmmZi7AmyfaXrDO7r4rDqcJHewIyESBWIkWIxzIxP2L:RP1o83ZOd1XiUPqYZE8P
            MD5:B42624541FFAAB778AE79355AB9263AD
            SHA1:1CA88A273E08545508C42FC7EA228E5948CEFBC2
            SHA-256:C78D20D26A9B83189EA4DB5CCA4E49CAC277C4F9D30238C99BC717E12703ADB9
            SHA-512:93F7CBB3B2A80BE61D517B42481AB0858C09FF668A3032650414D813C31639E4CCA6DA94B56441F8416DB00890A933E1D3A92C148ED01EC108971054A6013CD4
            Malicious:false
            Reputation:low
            Preview:MDMP..a..... .........!g............4...............<.......T...<...........T.......8...........T...........0....W......................................................................................................eJ......L.......GenuineIntel............T.......@...w.!g.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\ProgramData\Microsoft\Windows\WER\Temp\WERA433.tmp.WERInternalMetadata.xml

            Download File
            Process:C:\Windows\SysWOW64\WerFault.exe
            File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
            Category:dropped
            Size (bytes):6516
            Entropy (8bit):3.724506090626257
            Encrypted:false
            SSDEEP:192:R6l7wVeJ+Wu6Z7Ym9c5yrprT89bFksfL7q63m:R6lXJI6Z7YKIyiFXfLOj
            MD5:20F6E2D001113FA4CCBEA1FBAF05E0ED
            SHA1:F210A628E002522D882CB4FE3D429E274AABE06C
            SHA-256:436F3606731D1DAEB978186F6A434DB43BE4056B95B8C146DE4EF0F6D349C895
            SHA-512:FC6A10EAEAD45AB6B2A2FA920D3ECCF1453ECF06813523B7B83CBEB1D8441D4DCFDC75A613BCB27ECFE69C8B58BD7082B39A0B3244323FE9441FA41B44D2831D
            Malicious:false
            Reputation:low
            Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.7.4.8.8.<./.P.i.

            C:\ProgramData\Microsoft\Windows\WER\Temp\WERA4B1.tmp.xml

            Download File
            Process:C:\Windows\SysWOW64\WerFault.exe
            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
            Category:dropped
            Size (bytes):4904
            Entropy (8bit):4.577965629875513
            Encrypted:false
            SSDEEP:48:cvIwWl8zsrJg77aI9Hk3WpW8VYyYm8M4JvUtcFaD+q8lK3S41Lqijd:uIjfFI7+G7VuJkDK41Lqijd
            MD5:2A7CA2638497547664F45F60377853D8
            SHA1:8575A67A3B3890620C506B10CC2214C9A6DCC48E
            SHA-256:AD8E9A0E5DC2349DB0862A87A64D2C2AEEDD1FC852F4612849E30EFAC6DF07C5
            SHA-512:6437EE17CD7A632EF26A3A768DE1A660BEB79CEAC21FEF302C70648F5DFA258A32BECBC2FFD69B6914B96630591F29E2CC9A91DBEBBC2598D56BF384744B56E9
            Malicious:false
            Reputation:low
            Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="564877" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

            C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe.log

            Download File
            Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe
            File Type:ASCII text, with CRLF line terminators
            Category:dropped
            Size (bytes):1216
            Entropy (8bit):5.34331486778365
            Encrypted:false
            SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
            MD5:1330C80CAAC9A0FB172F202485E9B1E8
            SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
            SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
            SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
            Malicious:true
            Reputation:high, very likely benign file
            Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

            C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

            Download File
            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
            File Type:data
            Category:dropped
            Size (bytes):2232
            Entropy (8bit):5.379736180876081
            Encrypted:false
            SSDEEP:48:tWSU4y4RQmFoUeWmfgZ9tK8NPZHUm7u1iMugeC/ZPUyus:tLHyIFKL3IZ2KRH9Oug8s
            MD5:AE33CC731D64A142DFCC6A541D0708FC
            SHA1:31B0ECD28CA8892C3EF4B42D1CB1F56BECD14BEA
            SHA-256:776FC4031835093845318CEABF43AB13C51EC6CA69B985C45049EAE2EB6AF623
            SHA-512:5282E64561D28CB77C92089BEAF27D83EC55B2A673BEF6EAB4DFC49BE61A0F6653E73F07A45AFBF93C407546D04BB50D9690CCBF553227A4E6CFE4F98389C211
            Malicious:false
            Preview:@...e.................................,..............@..........P................1]...E.....j.....(.Microsoft.PowerShell.Commands.ManagementH...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..|f........System.Core.D...............4..7..D.#V.............System.Management.AutomationL.................*gQ?O.....x5.......#.Microsoft.Management.Infrastructure.<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServices4.................%...K... ...........System.Xml..8..................1...L..U;V.<}........System.Numerics.4.....................@.[8]'.\........System.Data.<...............i..VdqF...|...........System.ConfigurationH................WY..2.M.&..g*(g........Microsoft.PowerShell.Security...<...............V.}...@...i...........System.Transactions.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Com

            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3yvixdhm.kad.psm1

            Download File
            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
            File Type:ASCII text, with no line terminators
            Category:dropped
            Size (bytes):60
            Entropy (8bit):4.038920595031593
            Encrypted:false
            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
            MD5:D17FE0A3F47BE24A6453E9EF58C94641
            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
            Malicious:false
            Preview:# PowerShell test file to determine AppLocker lockdown mode

            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_exfxrjgb.vdo.ps1

            Download File
            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
            File Type:ASCII text, with no line terminators
            Category:dropped
            Size (bytes):60
            Entropy (8bit):4.038920595031593
            Encrypted:false
            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
            MD5:D17FE0A3F47BE24A6453E9EF58C94641
            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
            Malicious:false
            Preview:# PowerShell test file to determine AppLocker lockdown mode

            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_kdo5bcnf.dck.ps1

            Download File
            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
            File Type:ASCII text, with no line terminators
            Category:dropped
            Size (bytes):60
            Entropy (8bit):4.038920595031593
            Encrypted:false
            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
            MD5:D17FE0A3F47BE24A6453E9EF58C94641
            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
            Malicious:false
            Preview:# PowerShell test file to determine AppLocker lockdown mode

            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ngiebfdp.uf5.psm1

            Download File
            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
            File Type:ASCII text, with no line terminators
            Category:dropped
            Size (bytes):60
            Entropy (8bit):4.038920595031593
            Encrypted:false
            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
            MD5:D17FE0A3F47BE24A6453E9EF58C94641
            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
            Malicious:false
            Preview:# PowerShell test file to determine AppLocker lockdown mode

            C:\Windows\appcompat\Programs\Amcache.hve

            Download File
            Process:C:\Windows\SysWOW64\WerFault.exe
            File Type:MS Windows registry file, NT/2000 or above
            Category:dropped
            Size (bytes):1835008
            Entropy (8bit):4.4218968493026125
            Encrypted:false
            SSDEEP:6144:/Svfpi6ceLP/9skLmb0OT5WSPHaJG8nAgeMZMMhA2fX4WABlEnNw0uhiTw:KvloT5W+EZMM6DFy203w
            MD5:445D2F9F0E4247F3C6F59494E4E161FE
            SHA1:786047BD176AF9CBFC742FB04B9221E28266C815
            SHA-256:25459D487D9844CAFF67E57B9E964623B0DE7775302CD0A9CD46336B4435FFD1
            SHA-512:C6BC72B57B1EF371391844AD1E1D59C03589475AA49B1554808059BC199D31D497A04FCB811210F0E53039ABD99F1964CDDBEF15A181D5AC9552EFC59CA19DF7
            Malicious:false
            Preview:regf>...>....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtmB.:..*...............................................................................................................................................................................................................................................................................................................................................4-8........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            Static File Info

            General

            File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
            Entropy (8bit):7.729246959190184
            TrID:
            • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
            • Win32 Executable (generic) a (10002005/4) 49.78%
            • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
            • Win16/32 Executable Delphi generic (2074/23) 0.01%
            • Generic Win/DOS Executable (2004/3) 0.01%
            File name:SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe
            File size:772'096 bytes
            MD5:9b8a71b09ca89696e15256d79a7b5d09
            SHA1:dfaaf3c9526984ba92ce288e2e39914f4eb059aa
            SHA256:cc97cd2834a545c6f4e89aea88a758f9fd880586f55d21dda5c8dd2017ed689b
            SHA512:8d62077dd90f39bee4cb263604963e29967f558a49a1255153279352cb5ec3f66d0450f3f9f6dc48f530fb0f79a49e727a3d11e7d781acb8798f2b79072ba32b
            SSDEEP:12288:x51Din4v33ye0Ub5CeyiN/+d33jPQVLj4/c9tKiVJj36HG2cK1APfcDOLru:xXiC3ydUkxt0acb9KHG2cbW
            TLSH:8AF4D0D03B36731ADE696A75C629DDB992B11A78B004BDF25ADC3B4331CD211AE0CF46
            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...cf g..............0.................. ........@.. ....................... ............@................................

            File Icon

            Icon Hash:4d162aaa22324d30

            Static PE Info

            General

            Entrypoint:0x4bce0a
            Entrypoint Section:.text
            Digitally signed:false
            Imagebase:0x400000
            Subsystem:windows gui
            Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
            DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Time Stamp:0x67206663 [Tue Oct 29 04:36:51 2024 UTC]
            TLS Callbacks:
            CLR (.Net) Version:
            OS Version Major:4
            OS Version Minor:0
            File Version Major:4
            File Version Minor:0
            Subsystem Version Major:4
            Subsystem Version Minor:0
            Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

            Entrypoint Preview

            Instruction
            jmp dword ptr [00402000h]
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al

            Data Directories

            NameVirtual AddressVirtual Size Is in Section
            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
            IMAGE_DIRECTORY_ENTRY_IMPORT0xbcdb80x4f.text
            IMAGE_DIRECTORY_ENTRY_RESOURCE0xbe0000xc20.rsrc
            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
            IMAGE_DIRECTORY_ENTRY_BASERELOC0xc00000xc.reloc
            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
            IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

            Sections

            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
            .text0x20000xbae100xbb000d999982b77fe8dea8ae0e8c600554337False0.8902228860294118data7.742217988561948IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            .rsrc0xbe0000xc200x1000e8c53d2122c3a06e2cbaa1728d582c0cFalse0.384765625data5.076232689626655IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
            .reloc0xc00000xc0x400a0e80d38242432890d47696f114d0b82False0.025390625data0.05390218305374581IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

            Resources

            NameRVASizeTypeLanguageCountryZLIB Complexity
            RT_ICON0xbe0c80x823PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.5583293326932309
            RT_GROUP_ICON0xbe8fc0x14data1.05
            RT_VERSION0xbe9200x2fcdata0.4397905759162304

            Imports

            DLLImport
            mscoree.dll_CorExeMain

            Network Behavior

            DNS Answers

            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
            Oct 29, 2024 16:34:12.523443937 CET1.1.1.1192.168.2.50xa050No error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
            Oct 29, 2024 16:34:12.523443937 CET1.1.1.1192.168.2.50xa050No error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false

            Statistics

            CPU Usage

            Click to jump to process

            Memory Usage

            Click to jump to process

            High Level Behavior Distribution

            Click to dive into process behavior distribution

            Behavior

            Click to jump to process

            System Behavior

            General

            Target ID:0
            Start time:11:34:14
            Start date:29/10/2024
            Path:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe
            Wow64 process (32bit):true
            Commandline:"C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe"
            Imagebase:0x30000
            File size:772'096 bytes
            MD5 hash:9B8A71B09CA89696E15256D79A7B5D09
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:low
            Has exited:true

            General

            Target ID:3
            Start time:11:34:15
            Start date:29/10/2024
            Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
            Wow64 process (32bit):true
            Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe"
            Imagebase:0x1c0000
            File size:433'152 bytes
            MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:high
            Has exited:true

            General

            Target ID:4
            Start time:11:34:15
            Start date:29/10/2024
            Path:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe
            Wow64 process (32bit):true
            Commandline:"C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe"
            Imagebase:0x630000
            File size:772'096 bytes
            MD5 hash:9B8A71B09CA89696E15256D79A7B5D09
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Yara matches:
            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.2323640935.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
            • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000004.00000002.2323640935.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
            Reputation:low
            Has exited:true

            General

            Target ID:5
            Start time:11:34:15
            Start date:29/10/2024
            Path:C:\Windows\System32\conhost.exe
            Wow64 process (32bit):false
            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Imagebase:0x7ff6d64d0000
            File size:862'208 bytes
            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:high
            Has exited:true

            General

            Target ID:6
            Start time:11:34:18
            Start date:29/10/2024
            Path:C:\Windows\System32\wbem\WmiPrvSE.exe
            Wow64 process (32bit):false
            Commandline:C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
            Imagebase:0x7ff6ef0c0000
            File size:496'640 bytes
            MD5 hash:60FF40CFD7FB8FE41EE4FE9AE5FE1C51
            Has elevated privileges:true
            Has administrator privileges:false
            Programmed in:C, C++ or other language
            Reputation:high
            Has exited:true

            General

            Target ID:10
            Start time:11:34:30
            Start date:29/10/2024
            Path:C:\Windows\SysWOW64\WerFault.exe
            Wow64 process (32bit):true
            Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 7488 -s 196
            Imagebase:0xe50000
            File size:483'680 bytes
            MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:high
            Has exited:true

            Disassembly

            Reset < >

              Execution Graph

              Execution Coverage:13.3%
              Dynamic/Decrypted Code Coverage:100%
              Signature Coverage:1.7%
              Total number of Nodes:344
              Total number of Limit Nodes:24
              execution_graph 50621 670e6f0 50622 670e72a 50621->50622 50623 670e7a6 50622->50623 50624 670e7bb 50622->50624 50629 670e100 50623->50629 50626 670e100 3 API calls 50624->50626 50628 670e7ca 50626->50628 50630 670e10b 50629->50630 50631 670e7b1 50630->50631 50634 670f110 50630->50634 50640 670f100 50630->50640 50646 670e130 50634->50646 50637 670f137 50637->50631 50638 670f160 CreateIconFromResourceEx 50639 670f1de 50638->50639 50639->50631 50641 670f12a 50640->50641 50642 670e130 CreateIconFromResourceEx 50640->50642 50643 670f137 50641->50643 50644 670f160 CreateIconFromResourceEx 50641->50644 50642->50641 50643->50631 50645 670f1de 50644->50645 50645->50631 50647 670f160 CreateIconFromResourceEx 50646->50647 50648 670f12a 50647->50648 50648->50637 50648->50638 50671 6a14c00 50672 6a14c0c 50671->50672 50673 6a14c1d 50672->50673 50675 6a17a50 50672->50675 50676 6a17a7c 50675->50676 50681 6a18a20 50676->50681 50687 6a18998 50676->50687 50692 6a18987 50676->50692 50677 6a17b26 50677->50673 50682 6a189b8 50681->50682 50684 6a18a23 50681->50684 50698 6a189c8 50682->50698 50706 6a18a5a 50682->50706 50683 6a189be 50683->50677 50684->50677 50688 6a189aa 50687->50688 50690 6a189c8 NtQueryInformationProcess 50688->50690 50691 6a18a5a NtQueryInformationProcess 50688->50691 50689 6a189be 50689->50677 50690->50689 50691->50689 50693 6a18920 50692->50693 50694 6a1898b 50692->50694 50693->50677 50696 6a189c8 NtQueryInformationProcess 50694->50696 50697 6a18a5a NtQueryInformationProcess 50694->50697 50695 6a189be 50695->50677 50696->50695 50697->50695 50699 6a189d2 50698->50699 50700 6a18a4e 50698->50700 50701 6a18a09 50699->50701 50702 6a18a5a NtQueryInformationProcess 50699->50702 50700->50683 50704 6a18a15 50701->50704 50714 6a18aa8 50701->50714 50718 6a18a9a 50701->50718 50702->50701 50704->50683 50707 6a189f8 50706->50707 50709 6a18a63 50706->50709 50708 6a18a09 50707->50708 50713 6a18a5a NtQueryInformationProcess 50707->50713 50710 6a18a15 50708->50710 50711 6a18aa8 NtQueryInformationProcess 50708->50711 50712 6a18a9a NtQueryInformationProcess 50708->50712 50709->50683 50710->50683 50711->50710 50712->50710 50713->50708 50715 6a18acc 50714->50715 50723 6a13b8c 50715->50723 50719 6a18a34 50718->50719 50720 6a18a9f 50718->50720 50719->50704 50721 6a13b8c NtQueryInformationProcess 50720->50721 50722 6a18b53 50721->50722 50722->50704 50724 6a18c08 NtQueryInformationProcess 50723->50724 50726 6a18b53 50724->50726 50726->50704 50737 6709831 50741 6709860 50737->50741 50748 6709850 50737->50748 50738 6709846 50742 6709884 50741->50742 50743 670988b 50741->50743 50742->50738 50747 67098b2 50743->50747 50755 670854c 50743->50755 50746 670854c GetCurrentThreadId 50746->50747 50747->50738 50749 6709884 50748->50749 50750 670988b 50748->50750 50749->50738 50751 670854c GetCurrentThreadId 50750->50751 50754 67098b2 50750->50754 50752 67098a8 50751->50752 50753 670854c GetCurrentThreadId 50752->50753 50753->50754 50754->50738 50756 6708557 50755->50756 50757 6709bcf GetCurrentThreadId 50756->50757 50758 67098a8 50756->50758 50757->50758 50758->50746 50649 6b005b4 50650 6b005c4 50649->50650 50654 6b03018 50650->50654 50658 6b03008 50650->50658 50651 6b005eb 50655 6b0304b 50654->50655 50662 6b033a0 50655->50662 50656 6b030b9 50656->50651 50659 6b03018 50658->50659 50661 6b033a0 ResumeThread 50659->50661 50660 6b030b9 50660->50651 50661->50660 50663 6b033f9 ResumeThread 50662->50663 50664 6b033aa 50662->50664 50666 6b03479 50663->50666 50664->50656 50666->50656 51043 236d650 DuplicateHandle 51044 236d6e6 51043->51044 50759 670c438 50761 670c44d 50759->50761 50760 6709860 GetCurrentThreadId 50762 670c4dc 50760->50762 50761->50760 50763 670c507 50761->50763 51045 6b05cc0 51046 6b05e4b 51045->51046 51047 6b05ce6 51045->51047 51047->51046 51050 6b05f40 PostMessageW 51047->51050 51052 6b05f38 51047->51052 51051 6b05fac 51050->51051 51051->51047 51053 6b05f40 PostMessageW 51052->51053 51054 6b05fac 51053->51054 51054->51047 50764 6a19570 50765 6a19594 50764->50765 50768 6a13c18 50765->50768 50772 6a13c24 50765->50772 50769 6a19c18 OutputDebugStringW 50768->50769 50771 6a19c97 50769->50771 50771->50765 50773 6a19cc8 CloseHandle 50772->50773 50775 6a19d36 50773->50775 50775->50765 50776 6a196f2 50777 6a1962c 50776->50777 50778 6a13c18 OutputDebugStringW 50777->50778 50779 6a13c24 CloseHandle 50777->50779 50778->50777 50779->50777 51055 6b00ac7 51056 6b00adb 51055->51056 51058 6b03018 ResumeThread 51056->51058 51059 6b03008 ResumeThread 51056->51059 51057 6b00b92 51058->51057 51059->51057 50667 6701ee8 50668 6701f36 DrawTextExW 50667->50668 50670 6701f8e 50668->50670 50727 236d408 50728 236d44e GetCurrentProcess 50727->50728 50730 236d4a0 GetCurrentThread 50728->50730 50731 236d499 50728->50731 50732 236d4d6 50730->50732 50733 236d4dd GetCurrentProcess 50730->50733 50731->50730 50732->50733 50734 236d513 50733->50734 50735 236d53b GetCurrentThreadId 50734->50735 50736 236d56c 50735->50736 50780 2364668 50781 2364672 50780->50781 50785 2364758 50780->50785 50790 2364210 50781->50790 50783 236468d 50786 236477d 50785->50786 50794 2364868 50786->50794 50798 2364858 50786->50798 50791 236421b 50790->50791 50806 2365c34 50791->50806 50793 2366f8e 50793->50783 50796 236488f 50794->50796 50795 236496c 50795->50795 50796->50795 50802 23644d4 50796->50802 50800 236488f 50798->50800 50799 236496c 50799->50799 50800->50799 50801 23644d4 CreateActCtxA 50800->50801 50801->50799 50803 23658f8 CreateActCtxA 50802->50803 50805 23659bb 50803->50805 50807 2365c3f 50806->50807 50810 2365c54 50807->50810 50809 23670a5 50809->50793 50811 2365c5f 50810->50811 50814 2365c84 50811->50814 50813 2367182 50813->50809 50815 2365c8f 50814->50815 50818 2365cb4 50815->50818 50817 2367285 50817->50813 50820 2365cbf 50818->50820 50819 2368245 50820->50819 50822 236858b 50820->50822 50825 236ac38 50820->50825 50821 23685c9 50821->50817 50822->50821 50829 236cd28 50822->50829 50834 236ac70 50825->50834 50838 236ac5f 50825->50838 50826 236ac4e 50826->50822 50830 236cd59 50829->50830 50831 236cd7d 50830->50831 50853 236cee6 50830->50853 50857 236cee8 50830->50857 50831->50821 50843 236ad68 50834->50843 50848 236ad58 50834->50848 50835 236ac7f 50835->50826 50839 236ac70 50838->50839 50841 236ad68 GetModuleHandleW 50839->50841 50842 236ad58 GetModuleHandleW 50839->50842 50840 236ac7f 50840->50826 50841->50840 50842->50840 50844 236ad79 50843->50844 50845 236ad9c 50843->50845 50844->50845 50846 236afa0 GetModuleHandleW 50844->50846 50845->50835 50847 236afcd 50846->50847 50847->50835 50849 236ad9c 50848->50849 50850 236ad79 50848->50850 50849->50835 50850->50849 50851 236afa0 GetModuleHandleW 50850->50851 50852 236afcd 50851->50852 50852->50835 50855 236cef5 50853->50855 50854 236cf2f 50854->50831 50855->50854 50861 236bac0 50855->50861 50858 236cef5 50857->50858 50859 236bac0 2 API calls 50858->50859 50860 236cf2f 50858->50860 50859->50860 50860->50831 50862 236bac5 50861->50862 50864 236dc48 50862->50864 50865 236d0e4 50862->50865 50864->50864 50866 236d0ef 50865->50866 50867 2365cb4 2 API calls 50866->50867 50868 236dcb7 50867->50868 50868->50864 50869 6b03e6e 50874 6b04b68 50869->50874 50890 6b04bce 50869->50890 50907 6b04b59 50869->50907 50870 6b03dbc 50875 6b04b82 50874->50875 50876 6b04b8a 50875->50876 50923 6b053a0 50875->50923 50928 6b056bd 50875->50928 50934 6b05816 50875->50934 50939 6b05651 50875->50939 50944 6b04fad 50875->50944 50949 6b0568a 50875->50949 50956 6b050a9 50875->50956 50964 6b05006 50875->50964 50969 6b05145 50875->50969 50974 6b05263 50875->50974 50979 6b051e3 50875->50979 50984 6b050e2 50875->50984 50989 6b05061 50875->50989 50876->50870 50891 6b04b5c 50890->50891 50893 6b04bd1 50890->50893 50892 6b04b8a 50891->50892 50894 6b05651 2 API calls 50891->50894 50895 6b05816 2 API calls 50891->50895 50896 6b056bd 3 API calls 50891->50896 50897 6b053a0 2 API calls 50891->50897 50898 6b05061 3 API calls 50891->50898 50899 6b050e2 2 API calls 50891->50899 50900 6b051e3 2 API calls 50891->50900 50901 6b05263 2 API calls 50891->50901 50902 6b05145 2 API calls 50891->50902 50903 6b05006 2 API calls 50891->50903 50904 6b050a9 5 API calls 50891->50904 50905 6b0568a 4 API calls 50891->50905 50906 6b04fad 2 API calls 50891->50906 50892->50870 50894->50892 50895->50892 50896->50892 50897->50892 50898->50892 50899->50892 50900->50892 50901->50892 50902->50892 50903->50892 50904->50892 50905->50892 50906->50892 50908 6b04b5c 50907->50908 50909 6b04b8a 50908->50909 50910 6b05651 2 API calls 50908->50910 50911 6b05816 2 API calls 50908->50911 50912 6b056bd 3 API calls 50908->50912 50913 6b053a0 2 API calls 50908->50913 50914 6b05061 3 API calls 50908->50914 50915 6b050e2 2 API calls 50908->50915 50916 6b051e3 2 API calls 50908->50916 50917 6b05263 2 API calls 50908->50917 50918 6b05145 2 API calls 50908->50918 50919 6b05006 2 API calls 50908->50919 50920 6b050a9 5 API calls 50908->50920 50921 6b0568a 4 API calls 50908->50921 50922 6b04fad 2 API calls 50908->50922 50909->50870 50910->50909 50911->50909 50912->50909 50913->50909 50914->50909 50915->50909 50916->50909 50917->50909 50918->50909 50919->50909 50920->50909 50921->50909 50922->50909 50925 6b05012 50923->50925 50924 6b05027 50924->50876 50925->50924 50995 6b03650 50925->50995 50999 6b03648 50925->50999 50929 6b0510b 50928->50929 50930 6b05416 50929->50930 50932 6b033a0 ResumeThread 50929->50932 51003 6b03400 50929->51003 51007 6b03408 50929->51007 50930->50876 50932->50929 50935 6b05012 50934->50935 50936 6b05027 50934->50936 50935->50936 50937 6b03650 WriteProcessMemory 50935->50937 50938 6b03648 WriteProcessMemory 50935->50938 50936->50876 50937->50936 50938->50936 51011 6b034b0 50939->51011 51015 6b034b8 50939->51015 50940 6b055f5 50940->50939 50941 6b05027 50940->50941 50941->50876 50945 6b04fb3 50944->50945 51019 6b038d8 50945->51019 51023 6b038cc 50945->51023 51027 6b03590 50949->51027 51031 6b03588 50949->51031 50950 6b05943 50950->50876 50951 6b0515c 50951->50950 50954 6b03650 WriteProcessMemory 50951->50954 50955 6b03648 WriteProcessMemory 50951->50955 50954->50951 50955->50951 50962 6b034b0 Wow64SetThreadContext 50956->50962 50963 6b034b8 Wow64SetThreadContext 50956->50963 50957 6b050c3 50958 6b05416 50957->50958 50959 6b03400 ResumeThread 50957->50959 50960 6b033a0 ResumeThread 50957->50960 50961 6b03408 ResumeThread 50957->50961 50958->50876 50959->50957 50960->50957 50961->50957 50962->50957 50963->50957 50965 6b05012 50964->50965 50966 6b05027 50965->50966 50967 6b03650 WriteProcessMemory 50965->50967 50968 6b03648 WriteProcessMemory 50965->50968 50966->50876 50967->50966 50968->50966 50970 6b0514b 50969->50970 50971 6b05943 50970->50971 50972 6b03650 WriteProcessMemory 50970->50972 50973 6b03648 WriteProcessMemory 50970->50973 50971->50876 50972->50970 50973->50970 50975 6b05708 50974->50975 51035 6b03740 50975->51035 51039 6b03738 50975->51039 50976 6b0572a 50980 6b05012 50979->50980 50981 6b05027 50980->50981 50982 6b03650 WriteProcessMemory 50980->50982 50983 6b03648 WriteProcessMemory 50980->50983 50981->50876 50982->50981 50983->50981 50985 6b05105 50984->50985 50986 6b05388 50985->50986 50987 6b03650 WriteProcessMemory 50985->50987 50988 6b03648 WriteProcessMemory 50985->50988 50986->50876 50987->50985 50988->50985 50991 6b05076 50989->50991 50990 6b05416 50990->50876 50991->50990 50992 6b03400 ResumeThread 50991->50992 50993 6b033a0 ResumeThread 50991->50993 50994 6b03408 ResumeThread 50991->50994 50992->50991 50993->50991 50994->50991 50996 6b03698 WriteProcessMemory 50995->50996 50998 6b036ef 50996->50998 50998->50924 51000 6b03698 WriteProcessMemory 50999->51000 51002 6b036ef 51000->51002 51002->50924 51004 6b03406 ResumeThread 51003->51004 51006 6b03479 51004->51006 51006->50929 51008 6b03411 ResumeThread 51007->51008 51010 6b03479 51008->51010 51010->50929 51012 6b034b8 Wow64SetThreadContext 51011->51012 51014 6b03545 51012->51014 51014->50940 51016 6b034fd Wow64SetThreadContext 51015->51016 51018 6b03545 51016->51018 51018->50940 51020 6b03961 CreateProcessA 51019->51020 51022 6b03b23 51020->51022 51022->51022 51024 6b038d8 CreateProcessA 51023->51024 51026 6b03b23 51024->51026 51026->51026 51028 6b035d0 VirtualAllocEx 51027->51028 51030 6b0360d 51028->51030 51030->50951 51032 6b03590 VirtualAllocEx 51031->51032 51034 6b0360d 51032->51034 51034->50951 51036 6b0378b ReadProcessMemory 51035->51036 51038 6b037cf 51036->51038 51038->50976 51040 6b03740 ReadProcessMemory 51039->51040 51042 6b037cf 51040->51042 51042->50976

              Executed Functions

              Function 0670E100 Relevance: 6.9, Strings: 5, Instructions: 624COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 294 670e100-670e810 297 670ecf3-670ed5c 294->297 298 670e816-670e81b 294->298 305 670ed63-670edeb 297->305 298->297 299 670e821-670e83e 298->299 299->305 306 670e844-670e848 299->306 350 670edf6-670ee76 305->350 307 670e857-670e85b 306->307 308 670e84a-670e854 call 670512c 306->308 309 670e86a-670e871 307->309 310 670e85d-670e867 call 670512c 307->310 308->307 316 670e877-670e8a7 309->316 317 670e98c-670e991 309->317 310->309 329 670f076-670f09c 316->329 330 670e8ad-670e980 call 670b878 * 2 316->330 320 670e993-670e997 317->320 321 670e999-670e99e 317->321 320->321 323 670e9a0-670e9a4 320->323 324 670e9b0-670e9e0 call 670e110 * 3 321->324 323->329 331 670e9aa-670e9ad 323->331 324->350 351 670e9e6-670e9e9 324->351 338 670f0ac 329->338 339 670f09e-670f0aa 329->339 330->317 358 670e982 330->358 331->324 342 670f0af-670f0b4 338->342 339->342 366 670ee7d-670eeff 350->366 351->350 353 670e9ef-670e9f1 351->353 353->350 357 670e9f7-670ea2c 353->357 365 670ea32-670ea3b 357->365 357->366 358->317 367 670ea41-670ea9b call 670e110 * 2 call 670e120 * 2 365->367 368 670eb9e-670eba2 365->368 372 670ef07-670ef89 366->372 413 670eaad 367->413 414 670ea9d-670eaa6 367->414 368->372 373 670eba8-670ebac 368->373 375 670ef91-670efbe 372->375 373->375 376 670ebb2-670ebb8 373->376 391 670efc5-670f045 375->391 380 670ebba 376->380 381 670ebbc-670ebf1 376->381 384 670ebf8-670ebfe 380->384 381->384 390 670ec04-670ec0c 384->390 384->391 395 670ec13-670ec15 390->395 396 670ec0e-670ec12 390->396 449 670f04c-670f06e 391->449 402 670ec77-670ec7d 395->402 403 670ec17-670ec3b 395->403 396->395 407 670ec9c-670ecca 402->407 408 670ec7f-670ec9a 402->408 433 670ec44-670ec48 403->433 434 670ec3d-670ec42 403->434 429 670ecd2-670ecde 407->429 408->429 420 670eab1-670eab3 413->420 414->420 421 670eaa8-670eaab 414->421 424 670eab5 420->424 425 670eaba-670eabe 420->425 421->420 424->425 430 670eac0-670eac7 425->430 431 670eacc-670ead2 425->431 448 670ece4-670ecf0 429->448 429->449 438 670eb69-670eb6d 430->438 435 670ead4-670eada 431->435 436 670eadc-670eae1 431->436 433->329 441 670ec4e-670ec51 433->441 439 670ec54-670ec65 434->439 444 670eae7-670eaed 435->444 436->444 445 670eb8c-670eb98 438->445 446 670eb6f-670eb89 438->446 483 670ec67 call 670f110 439->483 484 670ec67 call 670f100 439->484 441->439 451 670eaf3-670eaf8 444->451 452 670eaef-670eaf1 444->452 445->367 445->368 446->445 449->329 457 670eafa-670eb0c 451->457 452->457 454 670ec6d-670ec75 454->429 464 670eb16-670eb1b 457->464 465 670eb0e-670eb14 457->465 466 670eb21-670eb28 464->466 465->466 471 670eb2a-670eb2c 466->471 472 670eb2e 466->472 473 670eb33-670eb3e 471->473 472->473 475 670eb40-670eb43 473->475 476 670eb62 473->476 475->438 478 670eb45-670eb4b 475->478 476->438 479 670eb52-670eb5b 478->479 480 670eb4d-670eb50 478->480 479->438 482 670eb5d-670eb60 479->482 480->476 480->479 482->438 482->476 483->454 484->454
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2172501329.0000000006700000.00000040.00000800.00020000.00000000.sdmp, Offset: 06700000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_6700000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID: Haq$Haq$Haq$Haq$Haq
              • API String ID: 0-1792267638
              • Opcode ID: a2f6fc9fe4bdcd0f3bac479d96d4ea17aa0f0ea48cca75f17b08435ba380bd1a
              • Instruction ID: 2ae24ec32a639701c576ebb8d9e9c8adc2da0f17304b52e221694788f5182412
              • Opcode Fuzzy Hash: a2f6fc9fe4bdcd0f3bac479d96d4ea17aa0f0ea48cca75f17b08435ba380bd1a
              • Instruction Fuzzy Hash: A9328570E00218CFEB94DF69C8547AEBBF2BF84300F14856AD549AB395DB349D85CBA1
              Function 06A13B8C Relevance: 1.6, APIs: 1, Instructions: 58nativeCOMMON
              Download Yara Rule
              APIs
              • NtQueryInformationProcess.NTDLL(?,?,?,?,?), ref: 06A18C87
              Memory Dump Source
              • Source File: 00000000.00000002.2173322732.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_6a10000_SecuriteInfo.jbxd
              Similarity
              • API ID: InformationProcessQuery
              • String ID:
              • API String ID: 1778838933-0
              • Opcode ID: 0fb8eff21f65565122dfda9506e9f1cd8b89b7b9a2e4a18e58cb15c5fb679dcd
              • Instruction ID: fb2992630f283e12f01cd927ec8b0bf9cb7a546fe79bc0fbae2d71094a7ea0fc
              • Opcode Fuzzy Hash: 0fb8eff21f65565122dfda9506e9f1cd8b89b7b9a2e4a18e58cb15c5fb679dcd
              • Instruction Fuzzy Hash: 4021DEB5D01349EFCB10DF9AD884ADEBBF4FB49310F10852AE919A7210C379A944CFA5
              Function 06A18C00 Relevance: 1.6, APIs: 1, Instructions: 56nativeCOMMON
              Download Yara Rule
              APIs
              • NtQueryInformationProcess.NTDLL(?,?,?,?,?), ref: 06A18C87
              Memory Dump Source
              • Source File: 00000000.00000002.2173322732.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_6a10000_SecuriteInfo.jbxd
              Similarity
              • API ID: InformationProcessQuery
              • String ID:
              • API String ID: 1778838933-0
              • Opcode ID: f045b9bf4120d17fcf9055ddf26e85dc50087e14ec3a5e7b78d395989736c1f2
              • Instruction ID: dfc3d94695e9f79d9d8bb8c24c705f26e60633cbe8ac5b29067db16771dbe4fe
              • Opcode Fuzzy Hash: f045b9bf4120d17fcf9055ddf26e85dc50087e14ec3a5e7b78d395989736c1f2
              • Instruction Fuzzy Hash: 2F21EFB5D013499FCB10DF9AD885ACEFBF4FB48310F10842AE918A7210D379A954CFA1
              Function 06A17BD0 Relevance: 1.4, Strings: 1, Instructions: 172COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2173322732.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_6a10000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID: {Z
              • API String ID: 0-2739178571
              • Opcode ID: c1b2a91f2f279335bb350a999af356431074ca012977bf00e39964e7558d73de
              • Instruction ID: 35ab2c847397c6670a12623966eb3e54f772c84c67bb9293fb51998c63d461f5
              • Opcode Fuzzy Hash: c1b2a91f2f279335bb350a999af356431074ca012977bf00e39964e7558d73de
              • Instruction Fuzzy Hash: D2713C74E002198FDB14DFA9C5449AEFBF2FF89304F14816AD419AB356D734A942CFA1
              Function 06A15EF2 Relevance: .5, Instructions: 515COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2173322732.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_6a10000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8cb26fcf5dec819a4e68ec440000371647140e72807bc0016aef4c11658cd958
              • Instruction ID: 9e24118974eb249d808ddb1218f8ca668b5d859d7978bd4b154ddbb7968be66b
              • Opcode Fuzzy Hash: 8cb26fcf5dec819a4e68ec440000371647140e72807bc0016aef4c11658cd958
              • Instruction Fuzzy Hash: 06426D74E01228CFDB64DFA9C984B9DBBB2FB48310F5091A9D819AB355D734AA81CF50
              Function 06A14C21 Relevance: .5, Instructions: 497COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2173322732.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_6a10000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 485faeca16327b45bbdc08b77b1714286860dbc1879f969433e33d06c11a97fc
              • Instruction ID: 2ed00fc96478b0d1a7252a5329fcc54f8f690d0b390a90caa9aff6a0594f5c24
              • Opcode Fuzzy Hash: 485faeca16327b45bbdc08b77b1714286860dbc1879f969433e33d06c11a97fc
              • Instruction Fuzzy Hash: 7932D074D012188FDB60EFA9C580A9EFBF2FF89351F55C196D448AB211CB30A985CFA5
              Function 06B06920 Relevance: .4, Instructions: 396COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2173474616.0000000006B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_6b00000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 67ab725d70bdc3e5c0e9388704406477273d1abc9401ed459d526c6997338c55
              • Instruction ID: 1d40e156c5072cdd040b9f8d4d9408b0205a1056f233b8590ee61934c2ac39f6
              • Opcode Fuzzy Hash: 67ab725d70bdc3e5c0e9388704406477273d1abc9401ed459d526c6997338c55
              • Instruction Fuzzy Hash: ADE1AFB0B016048FEB65DB79C460BAE7BFAEF89700F2484ADD146DB290EB31D941CB51
              Function 0670E7D8 Relevance: .3, Instructions: 285COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2172501329.0000000006700000.00000040.00000800.00020000.00000000.sdmp, Offset: 06700000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_6700000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 98846aaf17c7d2a7f40b560288467e005b091d93116030aabef05b2ded271424
              • Instruction ID: ed2660615ce18d6da6972fede18f656b3a67a7a80756f4733e3d6a2d2f892948
              • Opcode Fuzzy Hash: 98846aaf17c7d2a7f40b560288467e005b091d93116030aabef05b2ded271424
              • Instruction Fuzzy Hash: 87C16D71D00218DFEB94CF65C88079EBBF2AF89310F14C9A9D459AB295DB30D985CFA1
              Function 0670E0FC Relevance: .3, Instructions: 281COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2172501329.0000000006700000.00000040.00000800.00020000.00000000.sdmp, Offset: 06700000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_6700000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d222b682ff870b3d902b0cef031c8c2088c901d5acb1baf0c3b63312406dddc4
              • Instruction ID: 36d6ae9fcab747b109d46b35784a0ff07bc109be4bef275da414693a9f9520d6
              • Opcode Fuzzy Hash: d222b682ff870b3d902b0cef031c8c2088c901d5acb1baf0c3b63312406dddc4
              • Instruction Fuzzy Hash: 47C15E70D00218DFEB94CF65C88079EBBF2AF89310F14C9A9D559AB295DB30D985CFA1
              Function 06A1E4A1 Relevance: .1, Instructions: 65COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2173322732.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_6a10000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0d00cb5e5666ebe5699099fb21dd23f7207d9d667b66c329eaef0f6177f5f2fa
              • Instruction ID: b49f2a6ee92648e4000a3c990c013ce29b191e671999ae58d271acab47d4adc5
              • Opcode Fuzzy Hash: 0d00cb5e5666ebe5699099fb21dd23f7207d9d667b66c329eaef0f6177f5f2fa
              • Instruction Fuzzy Hash: 5221E2B1D056188FEB58DFABC8447DEBEF7AFC8300F04C06AD409AA264DB7419458FA0
              Function 06A1E4B0 Relevance: .1, Instructions: 60COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2173322732.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_6a10000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: be7764a30ffa004a738e6a70534f0d21353e5ecbb1ad2d7d9aa56fe1e0b78f17
              • Instruction ID: 8599f4110aec05d381fd4ee0abc3236d8e8aeda0bd8906663c7146262ae5aea0
              • Opcode Fuzzy Hash: be7764a30ffa004a738e6a70534f0d21353e5ecbb1ad2d7d9aa56fe1e0b78f17
              • Instruction Fuzzy Hash: 2D21B2B1D046188BEB58DFABD9447DEFEB7BFC8300F14D06AD8096A264DB7409458FA0
              Function 0236D3F8 Relevance: 6.1, APIs: 4, Instructions: 134threadCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 485 236d3f8-236d497 GetCurrentProcess 489 236d4a0-236d4d4 GetCurrentThread 485->489 490 236d499-236d49f 485->490 491 236d4d6-236d4dc 489->491 492 236d4dd-236d511 GetCurrentProcess 489->492 490->489 491->492 493 236d513-236d519 492->493 494 236d51a-236d535 call 236d5d9 492->494 493->494 498 236d53b-236d56a GetCurrentThreadId 494->498 499 236d573-236d5d5 498->499 500 236d56c-236d572 498->500 500->499
              APIs
              • GetCurrentProcess.KERNEL32 ref: 0236D486
              • GetCurrentThread.KERNEL32 ref: 0236D4C3
              • GetCurrentProcess.KERNEL32 ref: 0236D500
              • GetCurrentThreadId.KERNEL32 ref: 0236D559
              Memory Dump Source
              • Source File: 00000000.00000002.2152295319.0000000002360000.00000040.00000800.00020000.00000000.sdmp, Offset: 02360000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2360000_SecuriteInfo.jbxd
              Similarity
              • API ID: Current$ProcessThread
              • String ID:
              • API String ID: 2063062207-0
              • Opcode ID: a81bdd28ae23ba91cadb39ddc2291f7165e8deb738247b13c02fdae572993cb3
              • Instruction ID: 9dd4cb90787e3aa757b41e44eae4bcb8ee434401191a19a1b1485424973694a7
              • Opcode Fuzzy Hash: a81bdd28ae23ba91cadb39ddc2291f7165e8deb738247b13c02fdae572993cb3
              • Instruction Fuzzy Hash: 85516BB0E003498FDB15DFA9D688BAEBFF5AF88304F24C459E409A7251C7345985CB65
              Function 0236D408 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 507 236d408-236d497 GetCurrentProcess 511 236d4a0-236d4d4 GetCurrentThread 507->511 512 236d499-236d49f 507->512 513 236d4d6-236d4dc 511->513 514 236d4dd-236d511 GetCurrentProcess 511->514 512->511 513->514 515 236d513-236d519 514->515 516 236d51a-236d535 call 236d5d9 514->516 515->516 520 236d53b-236d56a GetCurrentThreadId 516->520 521 236d573-236d5d5 520->521 522 236d56c-236d572 520->522 522->521
              APIs
              • GetCurrentProcess.KERNEL32 ref: 0236D486
              • GetCurrentThread.KERNEL32 ref: 0236D4C3
              • GetCurrentProcess.KERNEL32 ref: 0236D500
              • GetCurrentThreadId.KERNEL32 ref: 0236D559
              Memory Dump Source
              • Source File: 00000000.00000002.2152295319.0000000002360000.00000040.00000800.00020000.00000000.sdmp, Offset: 02360000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2360000_SecuriteInfo.jbxd
              Similarity
              • API ID: Current$ProcessThread
              • String ID:
              • API String ID: 2063062207-0
              • Opcode ID: 83c2f1c7a37a5416b6041bf669048c22db4620a17eeabbffefd409472b6e9a27
              • Instruction ID: 1916cb897e83ff97a88e481097490b454df4f894f73a254cdbf1bc25cc36eb1a
              • Opcode Fuzzy Hash: 83c2f1c7a37a5416b6041bf669048c22db4620a17eeabbffefd409472b6e9a27
              • Instruction Fuzzy Hash: 035159B0E003098FDB14DFAAD648BAEBFF5AF88304F20C459E409A7290D7349984CB65
              Function 04A74C44 Relevance: 2.8, Strings: 2, Instructions: 254COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 751 4a74c44-4a754b2 754 4a754b4-4a7558f 751->754 755 4a754bb-4a754cb 751->755 757 4a75596-4a75611 754->757 755->757 758 4a754d1-4a754e1 755->758 795 4a75616-4a7561e 757->795 758->757 759 4a754e7-4a754eb 758->759 760 4a754f3-4a75512 759->760 761 4a754ed 759->761 764 4a75514-4a75534 call 4a74c94 call 4a74638 call 4a74648 760->764 765 4a75539-4a7553e 760->765 761->757 761->760 764->765 767 4a75547-4a7555a call 4a74614 765->767 768 4a75540-4a75542 call 4a74ca4 765->768 777 4a75560-4a75567 767->777 778 4a7566f 767->778 768->767 783 4a75672 778->783 786 4a75676-4a75689 783->786 789 4a75626 786->789 790 4a7568b 786->790 793 4a75628-4a7562a 789->793 791 4a7568d 790->791 791->793 794 4a7568f-4a7569c 791->794 793->791 796 4a7562c 793->796 798 4a756c5-4a756d5 794->798 799 4a7569e-4a756c2 call 4a74cb4 794->799 795->789 796->795 797 4a7562d-4a75668 796->797 797->778 798->783 805 4a756d7-4a756d9 798->805 805->786 808 4a756db-4a75703 805->808 809 4a75705-4a7570b 808->809 810 4a7570c-4a7571e 808->810 811 4a75725-4a7573a 810->811 812 4a75720 810->812 816 4a75744-4a75768 811->816 817 4a7573c-4a75741 811->817 812->811 820 4a75772 816->820 821 4a7576a 816->821 817->816 821->820
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2170333704.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4a70000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID: (aq$Haq
              • API String ID: 0-3785302501
              • Opcode ID: d20b63657b1faba02849ae6ba6fa77fcce6d095ea7e0368acbf1c1ef84f82262
              • Instruction ID: 00ada12a927dc8de54dc39e16e2dac6ec2f5d47d851170291707a90e6bd1d441
              • Opcode Fuzzy Hash: d20b63657b1faba02849ae6ba6fa77fcce6d095ea7e0368acbf1c1ef84f82262
              • Instruction Fuzzy Hash: 1291F674B00249EFCB25DFA8C8945AEBFF2EF88310F144469E545AB791DB30E942CB95
              Function 04A74670 Relevance: 2.7, Strings: 2, Instructions: 214COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 822 4a74670-4a746d2 call 4a73a40 828 4a746d4-4a746d6 822->828 829 4a74738-4a74764 822->829 830 4a746dc-4a746e8 828->830 831 4a7476b-4a74773 828->831 829->831 836 4a746ee-4a74729 call 4a74524 830->836 837 4a7477a-4a748b5 830->837 831->837 847 4a7472e-4a74737 836->847 854 4a748bb-4a748c9 837->854 855 4a748d2-4a74918 854->855 856 4a748cb-4a748d1 854->856 861 4a74925 855->861 862 4a7491a-4a7491d 855->862 856->855 863 4a74926 861->863 862->861 863->863
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2170333704.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4a70000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID: Haq$Haq
              • API String ID: 0-4016896955
              • Opcode ID: 290350ea9d0e45c0d0b83c17655b873b6fd1d949f4262287f9fc6b26b9c180fe
              • Instruction ID: 7da416ee0518cb6f5165d954e01fd097003fc31560acef0807632c4e2324c6b1
              • Opcode Fuzzy Hash: 290350ea9d0e45c0d0b83c17655b873b6fd1d949f4262287f9fc6b26b9c180fe
              • Instruction Fuzzy Hash: 5E815C74E003599FDB14DFA9C8946EEBBF2FF89300F14852AE409AB351DB349946CB91
              Function 04A70007 Relevance: 2.7, Strings: 2, Instructions: 177COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 1019 4a70007-4a70129 1023 4a70135-4a70141 1019->1023 1039 4a70144 call 4a70ce8 1023->1039 1040 4a70144 call 4a70cd8 1023->1040 1024 4a7014a-4a70163 1028 4a701c5-4a702aa 1024->1028 1029 4a70165-4a701bd 1024->1029 1029->1028 1039->1024 1040->1024
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2170333704.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4a70000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID: $
              • API String ID: 0-227171996
              • Opcode ID: fd30a8f34811b2916cf4671fa6693a68b0d4c94cc28ea61aab8ef667885887fe
              • Instruction ID: 6df254a6849238623edd7136a474de19f2861c61bd159225e682423d9d4777bf
              • Opcode Fuzzy Hash: fd30a8f34811b2916cf4671fa6693a68b0d4c94cc28ea61aab8ef667885887fe
              • Instruction Fuzzy Hash: 118116B5904741CFDB01EF28D895554BBB5FF86304F5189A9D849AF326EB30E998CF80
              Function 04A75490 Relevance: 2.7, Strings: 2, Instructions: 160COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 1041 4a75490-4a75491 1042 4a75493-4a75499 1041->1042 1043 4a7542e-4a75434 1041->1043 1044 4a75436-4a7545c 1042->1044 1045 4a7549b-4a754b2 1042->1045 1043->1044 1053 4a75464 1044->1053 1046 4a754b4-4a7558f 1045->1046 1047 4a754bb-4a754cb 1045->1047 1050 4a75596-4a75611 1046->1050 1047->1050 1051 4a754d1-4a754e1 1047->1051 1093 4a75616-4a7561e 1050->1093 1051->1050 1052 4a754e7-4a754eb 1051->1052 1054 4a754f3-4a75512 1052->1054 1055 4a754ed 1052->1055 1060 4a7546e-4a7548f 1053->1060 1058 4a75514-4a75534 call 4a74c94 call 4a74638 call 4a74648 1054->1058 1059 4a75539-4a7553e 1054->1059 1055->1050 1055->1054 1058->1059 1062 4a75547-4a7555a call 4a74614 1059->1062 1063 4a75540-4a75542 call 4a74ca4 1059->1063 1074 4a75560-4a75567 1062->1074 1075 4a7566f 1062->1075 1063->1062 1081 4a75672 1075->1081 1084 4a75676-4a75689 1081->1084 1087 4a75626 1084->1087 1088 4a7568b 1084->1088 1091 4a75628-4a7562a 1087->1091 1089 4a7568d 1088->1089 1089->1091 1092 4a7568f-4a7569c 1089->1092 1091->1089 1094 4a7562c 1091->1094 1096 4a756c5-4a756d5 1092->1096 1097 4a7569e-4a756c2 call 4a74cb4 1092->1097 1093->1087 1094->1093 1095 4a7562d-4a75668 1094->1095 1095->1075 1096->1081 1103 4a756d7-4a756d9 1096->1103 1103->1084 1106 4a756db-4a75703 1103->1106 1107 4a75705-4a7570b 1106->1107 1108 4a7570c-4a7571e 1106->1108 1109 4a75725-4a7573a 1108->1109 1110 4a75720 1108->1110 1114 4a75744-4a75768 1109->1114 1115 4a7573c-4a75741 1109->1115 1110->1109 1118 4a75772 1114->1118 1119 4a7576a 1114->1119 1115->1114 1119->1118
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2170333704.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4a70000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID: (aq$Haq
              • API String ID: 0-3785302501
              • Opcode ID: e9aa1f2ebeb467472396e44139b14631f135476c201dd0f5dc3bce02d8f51b4c
              • Instruction ID: d91330963e163a4ad3feda12902ceddab5012bd73aa11c3f2cbd9aea4e456a16
              • Opcode Fuzzy Hash: e9aa1f2ebeb467472396e44139b14631f135476c201dd0f5dc3bce02d8f51b4c
              • Instruction Fuzzy Hash: 9C513B75B0024AAFC709AB7888295BE7FB3EFC4340B15846AD5499B3E1DE348D07C7A5
              Function 04A70040 Relevance: 2.7, Strings: 2, Instructions: 158COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 1120 4a70040-4a70141 1140 4a70144 call 4a70ce8 1120->1140 1141 4a70144 call 4a70cd8 1120->1141 1125 4a7014a-4a70163 1129 4a701c5-4a702aa 1125->1129 1130 4a70165-4a701bd 1125->1130 1130->1129 1140->1125 1141->1125
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2170333704.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4a70000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID: $
              • API String ID: 0-227171996
              • Opcode ID: 138709127ccd2fc3490e3587cb2d9d221538cfc350246cf85e70cd313df6aa25
              • Instruction ID: 10f01ad36846c82c8d8de1bbea61b2c3505e81f1e491f9f74c3f8897221d32c5
              • Opcode Fuzzy Hash: 138709127ccd2fc3490e3587cb2d9d221538cfc350246cf85e70cd313df6aa25
              • Instruction Fuzzy Hash: 4861AFB5910701CFEB00EF28D885655B7BAFF85304F518A68D949AF316EB71E998CF80
              Function 06B038CC Relevance: 1.8, APIs: 1, Instructions: 250processCOMMON
              Download Yara Rule
              APIs
              • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 06B03B0E
              Memory Dump Source
              • Source File: 00000000.00000002.2173474616.0000000006B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_6b00000_SecuriteInfo.jbxd
              Similarity
              • API ID: CreateProcess
              • String ID:
              • API String ID: 963392458-0
              • Opcode ID: 04928b9aadd395907f375bc551fc0b395963c0a079975c99b5133dfc67bfc4fa
              • Instruction ID: 39ca2791885490e21c39a57af1d7849a336343b71fa45bdbb387211d7ac5da8b
              • Opcode Fuzzy Hash: 04928b9aadd395907f375bc551fc0b395963c0a079975c99b5133dfc67bfc4fa
              • Instruction Fuzzy Hash: 60A16AB1D0061A9FEB60CF68C845BDDBFF2EF48314F1485A9D809A7280DB759985CF92
              Function 06B038D8 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
              Download Yara Rule
              APIs
              • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 06B03B0E
              Memory Dump Source
              • Source File: 00000000.00000002.2173474616.0000000006B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_6b00000_SecuriteInfo.jbxd
              Similarity
              • API ID: CreateProcess
              • String ID:
              • API String ID: 963392458-0
              • Opcode ID: b5cfc2d6b5085e36e23d755c7122f59d3be6c02b47b17e8d8bf967d19e5e66bc
              • Instruction ID: fb91cd8dc3eb249fb13713ada44e7ac54c6f6fa63dc9ee6c341fffb2feb492f3
              • Opcode Fuzzy Hash: b5cfc2d6b5085e36e23d755c7122f59d3be6c02b47b17e8d8bf967d19e5e66bc
              • Instruction Fuzzy Hash: 82916BB1D0061A9FEB60CF68C845B9DBFF2FF48304F1485A9D809A7280DB759985CF92
              Function 0236AD68 Relevance: 1.7, APIs: 1, Instructions: 197COMMON
              Download Yara Rule
              APIs
              • GetModuleHandleW.KERNELBASE(00000000), ref: 0236AFBE
              Memory Dump Source
              • Source File: 00000000.00000002.2152295319.0000000002360000.00000040.00000800.00020000.00000000.sdmp, Offset: 02360000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2360000_SecuriteInfo.jbxd
              Similarity
              • API ID: HandleModule
              • String ID:
              • API String ID: 4139908857-0
              • Opcode ID: 8205eb5f245eaaaa109adca16f684c94ae2135cea5586c8196d9c0e78f27ee11
              • Instruction ID: 1565fa1bc3d0147afa49e1982a7f2755d088560ac6cd0b27a8a50cf529186031
              • Opcode Fuzzy Hash: 8205eb5f245eaaaa109adca16f684c94ae2135cea5586c8196d9c0e78f27ee11
              • Instruction Fuzzy Hash: A1715870A00B058FD724DF69D45876ABBF6FF88704F00892ED48AE7A44D775E845CB91
              Function 023658EC Relevance: 1.6, APIs: 1, Instructions: 99COMMON
              Download Yara Rule
              APIs
              • CreateActCtxA.KERNEL32(?), ref: 023659A9
              Memory Dump Source
              • Source File: 00000000.00000002.2152295319.0000000002360000.00000040.00000800.00020000.00000000.sdmp, Offset: 02360000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2360000_SecuriteInfo.jbxd
              Similarity
              • API ID: Create
              • String ID:
              • API String ID: 2289755597-0
              • Opcode ID: da5ca16985892c7353272e390175e475eb859f8f908c317b9dd7e56149e5d1ff
              • Instruction ID: 92978552ac80a32d7d8f6931465d4f1dc06579cae32f1d70743fa8915e8eeab3
              • Opcode Fuzzy Hash: da5ca16985892c7353272e390175e475eb859f8f908c317b9dd7e56149e5d1ff
              • Instruction Fuzzy Hash: 1641D4B0D00719CEDB25CFA9C884BDDBBF5BF49304F20806AD409AB255DB75694ACF91
              Function 023644D4 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
              Download Yara Rule
              APIs
              • CreateActCtxA.KERNEL32(?), ref: 023659A9
              Memory Dump Source
              • Source File: 00000000.00000002.2152295319.0000000002360000.00000040.00000800.00020000.00000000.sdmp, Offset: 02360000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2360000_SecuriteInfo.jbxd
              Similarity
              • API ID: Create
              • String ID:
              • API String ID: 2289755597-0
              • Opcode ID: 73dd13c337c55719042fe8b856b046fbd4dfd6f7a780959939c73fafe3a898bd
              • Instruction ID: a46e12ef37aed6af74ddd812eced640936c0ed9cab5ee41161c9272999a4767d
              • Opcode Fuzzy Hash: 73dd13c337c55719042fe8b856b046fbd4dfd6f7a780959939c73fafe3a898bd
              • Instruction Fuzzy Hash: 9041F5B0D0071DCBDB25CFA9C888B9EBBF5BF49304F20806AD409AB255DB756949CF91
              Function 06B033A0 Relevance: 1.6, APIs: 1, Instructions: 92threadCOMMON
              Download Yara Rule
              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2173474616.0000000006B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_6b00000_SecuriteInfo.jbxd
              Similarity
              • API ID: ResumeThread
              • String ID:
              • API String ID: 947044025-0
              • Opcode ID: 31234efbba05a62a9e42abc574d4d62a5805bc5de90f07051d5504ac29608b28
              • Instruction ID: b411ca4aa137363f3442b8cbbfa1611ea3bf68551b00d949c04e8375b06c8f4d
              • Opcode Fuzzy Hash: 31234efbba05a62a9e42abc574d4d62a5805bc5de90f07051d5504ac29608b28
              • Instruction Fuzzy Hash: 5E3190B0D053499FCB21DFA9D8496DEBFF5EF85314F2480AAD418AB291CB345944CBA2
              Function 0670F110 Relevance: 1.6, APIs: 1, Instructions: 88COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2172501329.0000000006700000.00000040.00000800.00020000.00000000.sdmp, Offset: 06700000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_6700000_SecuriteInfo.jbxd
              Similarity
              • API ID: CreateFromIconResource
              • String ID:
              • API String ID: 3668623891-0
              • Opcode ID: 49f07ac001fd5b4f017ea2c35c8530c49bb84ad1188dcce23111de283e92fe78
              • Instruction ID: 2cd10843d532cbdf8d11b90ed58c99057a48ae80333f3baeac46a3494cf67fdc
              • Opcode Fuzzy Hash: 49f07ac001fd5b4f017ea2c35c8530c49bb84ad1188dcce23111de283e92fe78
              • Instruction Fuzzy Hash: BD3189B2904349AFDB119FA9CC04AEEBFF9EF49310F05805AE914A7251C339A951CFB1
              Function 06701EE0 Relevance: 1.6, APIs: 1, Instructions: 76COMMON
              Download Yara Rule
              APIs
              • DrawTextExW.USER32(?,?,?,?,?,?), ref: 06701F7F
              Memory Dump Source
              • Source File: 00000000.00000002.2172501329.0000000006700000.00000040.00000800.00020000.00000000.sdmp, Offset: 06700000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_6700000_SecuriteInfo.jbxd
              Similarity
              • API ID: DrawText
              • String ID:
              • API String ID: 2175133113-0
              • Opcode ID: a9115fcc515e8bca95ddd10844177cf4dbaef5393f3327b34e1410264913ecc5
              • Instruction ID: 1f323091588bd3645355675c7aed35048ae8b141e46c5f3fa69c964781f4235a
              • Opcode Fuzzy Hash: a9115fcc515e8bca95ddd10844177cf4dbaef5393f3327b34e1410264913ecc5
              • Instruction Fuzzy Hash: E831F1B5D013099FDB10CF9AD884AEEBFF9BB48310F54842AE818A7250C374A944CFA1
              Function 06B03648 Relevance: 1.6, APIs: 1, Instructions: 74injectionCOMMON
              Download Yara Rule
              APIs
              • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 06B036E0
              Memory Dump Source
              • Source File: 00000000.00000002.2173474616.0000000006B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_6b00000_SecuriteInfo.jbxd
              Similarity
              • API ID: MemoryProcessWrite
              • String ID:
              • API String ID: 3559483778-0
              • Opcode ID: 1271e3bc904894bbb9dd505e588264e6f6272f6aa8f9d58f076880b39efcff0d
              • Instruction ID: c70f190d72aba03002b9913690c1193ba2ba945de31c0f73db6f4c2c1e935c4e
              • Opcode Fuzzy Hash: 1271e3bc904894bbb9dd505e588264e6f6272f6aa8f9d58f076880b39efcff0d
              • Instruction Fuzzy Hash: 632135B1D0020A9FDB10CFA9C885BEEBFF5FF88310F10842AE519A7240C7799945CBA1
              Function 06701EE8 Relevance: 1.6, APIs: 1, Instructions: 69COMMON
              Download Yara Rule
              APIs
              • DrawTextExW.USER32(?,?,?,?,?,?), ref: 06701F7F
              Memory Dump Source
              • Source File: 00000000.00000002.2172501329.0000000006700000.00000040.00000800.00020000.00000000.sdmp, Offset: 06700000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_6700000_SecuriteInfo.jbxd
              Similarity
              • API ID: DrawText
              • String ID:
              • API String ID: 2175133113-0
              • Opcode ID: 19a6ca8d09e4d8b3659d4a5f204291aa5c338b3a57c0a1688ddeff198b5dc5a6
              • Instruction ID: 1b800433e85c583e2f8a861c7d7b0b90dab691f147a7ebedeb0528c5851721ac
              • Opcode Fuzzy Hash: 19a6ca8d09e4d8b3659d4a5f204291aa5c338b3a57c0a1688ddeff198b5dc5a6
              • Instruction Fuzzy Hash: A721F2B5D013099FDB10CF9AD884AAEFBF9FF48310F54842AE819A7250D374A944CFA1
              Function 06B03650 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
              Download Yara Rule
              APIs
              • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 06B036E0
              Memory Dump Source
              • Source File: 00000000.00000002.2173474616.0000000006B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_6b00000_SecuriteInfo.jbxd
              Similarity
              • API ID: MemoryProcessWrite
              • String ID:
              • API String ID: 3559483778-0
              • Opcode ID: 084ce9e832baa820c9fd1d856237967adc78ce53bcd0560c9ef0609d357624bb
              • Instruction ID: b8ded61cfe0b283190710562b724c8311c61006ad2d2f56ac4d41e3c89d42083
              • Opcode Fuzzy Hash: 084ce9e832baa820c9fd1d856237967adc78ce53bcd0560c9ef0609d357624bb
              • Instruction Fuzzy Hash: D02104B1D003099FDB10DFA9C885ADEBFF5FB88310F108429E919A7240C7799945CBA5
              Function 06B034B0 Relevance: 1.6, APIs: 1, Instructions: 69threadCOMMON
              Download Yara Rule
              APIs
              • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 06B03536
              Memory Dump Source
              • Source File: 00000000.00000002.2173474616.0000000006B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_6b00000_SecuriteInfo.jbxd
              Similarity
              • API ID: ContextThreadWow64
              • String ID:
              • API String ID: 983334009-0
              • Opcode ID: 40361a48e226ebbaf176a28a7fb0a9924cc6cf25d3bc4ee4b021d23ef43cdc9c
              • Instruction ID: 811463f7aec0f3e553cdf3cc2906a85a3367feb45f69c36c7a54109043dacd43
              • Opcode Fuzzy Hash: 40361a48e226ebbaf176a28a7fb0a9924cc6cf25d3bc4ee4b021d23ef43cdc9c
              • Instruction Fuzzy Hash: B62136B5D002099FDB10DFAAC885BEEBFF4EB88314F148429D519A7240C7789545CFA1
              Function 06B03738 Relevance: 1.6, APIs: 1, Instructions: 67COMMON
              Download Yara Rule
              APIs
              • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 06B037C0
              Memory Dump Source
              • Source File: 00000000.00000002.2173474616.0000000006B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_6b00000_SecuriteInfo.jbxd
              Similarity
              • API ID: MemoryProcessRead
              • String ID:
              • API String ID: 1726664587-0
              • Opcode ID: 0ea63b9210df33e8a6353884ed8b1037f3948a58b7105e7438504b4ce81a12ef
              • Instruction ID: 9f8a9603ba52eae516bd8877c63f535958a78b16d45069d5359458ccfcbf253c
              • Opcode Fuzzy Hash: 0ea63b9210df33e8a6353884ed8b1037f3948a58b7105e7438504b4ce81a12ef
              • Instruction Fuzzy Hash: 4421F4B1D002499FDB10DFAAC885ADEBFF5FF88310F508429E519A7240C73895419BA5
              Function 0236D649 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
              Download Yara Rule
              APIs
              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0236D6D7
              Memory Dump Source
              • Source File: 00000000.00000002.2152295319.0000000002360000.00000040.00000800.00020000.00000000.sdmp, Offset: 02360000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2360000_SecuriteInfo.jbxd
              Similarity
              • API ID: DuplicateHandle
              • String ID:
              • API String ID: 3793708945-0
              • Opcode ID: 31bf428029ec2d746f2edc90e482de732010cbb3d37f2db085282f463444c38d
              • Instruction ID: 6c79ed9e7703396ca5940fe39523431cddbde80e29cff7a1503fe554555d71f0
              • Opcode Fuzzy Hash: 31bf428029ec2d746f2edc90e482de732010cbb3d37f2db085282f463444c38d
              • Instruction Fuzzy Hash: 092103B5D00249AFDB10CFAAD984AEEBFF4EB48310F14801AE818A3210C378A945CF61
              Function 06B03740 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
              Download Yara Rule
              APIs
              • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 06B037C0
              Memory Dump Source
              • Source File: 00000000.00000002.2173474616.0000000006B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_6b00000_SecuriteInfo.jbxd
              Similarity
              • API ID: MemoryProcessRead
              • String ID:
              • API String ID: 1726664587-0
              • Opcode ID: 03601261da8a0a389228133b550646a89de418d8ca5c186705f643046452ccf1
              • Instruction ID: 829a567aa18e5efd0d6bec08bcbc78915756e96da55287e19d31cf2dcab5650a
              • Opcode Fuzzy Hash: 03601261da8a0a389228133b550646a89de418d8ca5c186705f643046452ccf1
              • Instruction Fuzzy Hash: B62103B1D002499FDB10DFAAC885AEEBBF5FF88310F50842AE519A7240C7389941DBA1
              Function 06B034B8 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
              Download Yara Rule
              APIs
              • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 06B03536
              Memory Dump Source
              • Source File: 00000000.00000002.2173474616.0000000006B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_6b00000_SecuriteInfo.jbxd
              Similarity
              • API ID: ContextThreadWow64
              • String ID:
              • API String ID: 983334009-0
              • Opcode ID: cf803f5bef450250b8a4d9ddc3520ca0fe768ff2884dd4da052992d6167b160e
              • Instruction ID: e80ba9fc351174d51dacf00beaca87c563a4af28b9c5994d53ef287bda810163
              • Opcode Fuzzy Hash: cf803f5bef450250b8a4d9ddc3520ca0fe768ff2884dd4da052992d6167b160e
              • Instruction Fuzzy Hash: C02137B5D003099FDB10DFAAC4857AEBFF4EF88314F548429D519A7240C7789945CFA1
              Function 0236D650 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
              Download Yara Rule
              APIs
              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0236D6D7
              Memory Dump Source
              • Source File: 00000000.00000002.2152295319.0000000002360000.00000040.00000800.00020000.00000000.sdmp, Offset: 02360000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2360000_SecuriteInfo.jbxd
              Similarity
              • API ID: DuplicateHandle
              • String ID:
              • API String ID: 3793708945-0
              • Opcode ID: 51747b8d8509c364e43964b28824b8017d01a6eedff7b8c8132bd403c43b9a53
              • Instruction ID: 6d9ce6d0eac8d8d8ba78cfa163c6b9edbff4ad14ee17cd42b293c83f6bf82a94
              • Opcode Fuzzy Hash: 51747b8d8509c364e43964b28824b8017d01a6eedff7b8c8132bd403c43b9a53
              • Instruction Fuzzy Hash: 2221C4B5D00249AFDB10CF9AD984ADEFFF8EB48310F14841AE918A7350D374A954CF65
              Function 06B03588 Relevance: 1.6, APIs: 1, Instructions: 60memoryCOMMON
              Download Yara Rule
              APIs
              • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 06B035FE
              Memory Dump Source
              • Source File: 00000000.00000002.2173474616.0000000006B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_6b00000_SecuriteInfo.jbxd
              Similarity
              • API ID: AllocVirtual
              • String ID:
              • API String ID: 4275171209-0
              • Opcode ID: b409b3e2a5555d69d37afb8179a6846e43a23df34a534d1410b0e9807a04a717
              • Instruction ID: 88d6cd0a81ffce0f5d727a38bac2f8592f4077d38a7132cb2091fb39c5381fbb
              • Opcode Fuzzy Hash: b409b3e2a5555d69d37afb8179a6846e43a23df34a534d1410b0e9807a04a717
              • Instruction Fuzzy Hash: DD1147B6D00209ABCB10DFAAC845ADFFFF9EF88324F248419E519A7250C7759545CFA1
              Function 0670E130 Relevance: 1.6, APIs: 1, Instructions: 56windowCOMMON
              Download Yara Rule
              APIs
              • CreateIconFromResourceEx.USER32(?,?,?,?,?,?,?,?,?,?,0670F12A,?,?,?,?,?), ref: 0670F1CF
              Memory Dump Source
              • Source File: 00000000.00000002.2172501329.0000000006700000.00000040.00000800.00020000.00000000.sdmp, Offset: 06700000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_6700000_SecuriteInfo.jbxd
              Similarity
              • API ID: CreateFromIconResource
              • String ID:
              • API String ID: 3668623891-0
              • Opcode ID: b4bb4dff5dea51f21fad68a7c2263e97f2cc54f32a3e4385bce4f62aa5d25d17
              • Instruction ID: 67343565d153c6f18e0a6b2371dbe3fb2ea9a2a1c4df045876bd40b4d0f24283
              • Opcode Fuzzy Hash: b4bb4dff5dea51f21fad68a7c2263e97f2cc54f32a3e4385bce4f62aa5d25d17
              • Instruction Fuzzy Hash: A61126B5900349DFEB20DF9AC844BEEBFF8EB48310F14841AE914A7250C379A954DFA5
              Function 06B03400 Relevance: 1.6, APIs: 1, Instructions: 55threadCOMMON
              Download Yara Rule
              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2173474616.0000000006B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_6b00000_SecuriteInfo.jbxd
              Similarity
              • API ID: ResumeThread
              • String ID:
              • API String ID: 947044025-0
              • Opcode ID: 220689f9c70bf2e73e8861e29ca2fccbd8577f1779eb6b7bc33465751178fe05
              • Instruction ID: 836a2cbe34ab7aa00743cc3512ab8e30974fce4800c83b0e029baccc344b8243
              • Opcode Fuzzy Hash: 220689f9c70bf2e73e8861e29ca2fccbd8577f1779eb6b7bc33465751178fe05
              • Instruction Fuzzy Hash: 071149B1D002099FDB20DFAAD8497DEFFF5EB88724F248419D419A7240C735A545CBA5
              Function 06B03590 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
              Download Yara Rule
              APIs
              • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 06B035FE
              Memory Dump Source
              • Source File: 00000000.00000002.2173474616.0000000006B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_6b00000_SecuriteInfo.jbxd
              Similarity
              • API ID: AllocVirtual
              • String ID:
              • API String ID: 4275171209-0
              • Opcode ID: 0bc5527f91605cf464e89db477f62a13a0fe343390f2785ee2c639bc19aca97c
              • Instruction ID: 683b3674e065bb1fe0f8cb4888070ff76f72e4dc76632dad1a6d3c5a39c375ca
              • Opcode Fuzzy Hash: 0bc5527f91605cf464e89db477f62a13a0fe343390f2785ee2c639bc19aca97c
              • Instruction Fuzzy Hash: D91114B2D002499BDB10DFAAC845ADEBFF5EB88324F248419E519A7250C775A541CBA1
              Function 06A19C10 Relevance: 1.6, APIs: 1, Instructions: 53COMMON
              Download Yara Rule
              APIs
              • OutputDebugStringW.KERNELBASE(00000000), ref: 06A19C88
              Memory Dump Source
              • Source File: 00000000.00000002.2173322732.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_6a10000_SecuriteInfo.jbxd
              Similarity
              • API ID: DebugOutputString
              • String ID:
              • API String ID: 1166629820-0
              • Opcode ID: 691841f185e9ba0fddfe35c3c5bde367693611bc3333ce15f9d5d2f94c6ba374
              • Instruction ID: b2da71a861829ac6a5f60107ffa204c27a79cf9011f12181bf2233854f9c98c4
              • Opcode Fuzzy Hash: 691841f185e9ba0fddfe35c3c5bde367693611bc3333ce15f9d5d2f94c6ba374
              • Instruction Fuzzy Hash: 291123B5C0065A9FCB10DF9AD944ADEFBF8FF89310F10811AE818A7240C334A544CFA6
              Function 06A13C18 Relevance: 1.6, APIs: 1, Instructions: 53COMMON
              Download Yara Rule
              APIs
              • OutputDebugStringW.KERNELBASE(00000000), ref: 06A19C88
              Memory Dump Source
              • Source File: 00000000.00000002.2173322732.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_6a10000_SecuriteInfo.jbxd
              Similarity
              • API ID: DebugOutputString
              • String ID:
              • API String ID: 1166629820-0
              • Opcode ID: f7be527549952b4273c9dda9d250a0600adf1f6d3d9bd0172e919c59b1463ea3
              • Instruction ID: a3bdf8bc9afe8be70d6396d0557fe26940435da4656d3f0d15e2d5c74918b6a2
              • Opcode Fuzzy Hash: f7be527549952b4273c9dda9d250a0600adf1f6d3d9bd0172e919c59b1463ea3
              • Instruction Fuzzy Hash: 331123B1C0465A9FCB10DF9AD944A9EFBF4FB88310F10812AD819BB240C374A944CFE6
              Function 06B03408 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
              Download Yara Rule
              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2173474616.0000000006B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_6b00000_SecuriteInfo.jbxd
              Similarity
              • API ID: ResumeThread
              • String ID:
              • API String ID: 947044025-0
              • Opcode ID: a13f6c5e76df14a18c315e9ea2e2928cd972d0fa1d1c05f7d87d612fa8c80226
              • Instruction ID: dcb51b4210b3f6560064dd249604c1156b92258ebb9106cb5eb27a97dcaeca89
              • Opcode Fuzzy Hash: a13f6c5e76df14a18c315e9ea2e2928cd972d0fa1d1c05f7d87d612fa8c80226
              • Instruction Fuzzy Hash: 491125B1D003499FDB20DFAAC84979EFFF4EB88324F248419D419A7240CB79A945CBA5
              Function 0236AF58 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
              Download Yara Rule
              APIs
              • GetModuleHandleW.KERNELBASE(00000000), ref: 0236AFBE
              Memory Dump Source
              • Source File: 00000000.00000002.2152295319.0000000002360000.00000040.00000800.00020000.00000000.sdmp, Offset: 02360000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2360000_SecuriteInfo.jbxd
              Similarity
              • API ID: HandleModule
              • String ID:
              • API String ID: 4139908857-0
              • Opcode ID: 7fdfc63a8c8a6873d55ed26d0dd08cc521ae19b130c71d17c1f91510ad0523ec
              • Instruction ID: db9b818c95b683552bc211c1171e1977839b9d06692cde5700a1b0adce06980e
              • Opcode Fuzzy Hash: 7fdfc63a8c8a6873d55ed26d0dd08cc521ae19b130c71d17c1f91510ad0523ec
              • Instruction Fuzzy Hash: 81110FB6C003498FCB10CF9AD848ADEFBF8AB88314F10841AD419B7600C379A545CFA2
              Function 06B05F38 Relevance: 1.5, APIs: 1, Instructions: 46windowCOMMON
              Download Yara Rule
              APIs
              • PostMessageW.USER32(?,?,?,?), ref: 06B05F9D
              Memory Dump Source
              • Source File: 00000000.00000002.2173474616.0000000006B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_6b00000_SecuriteInfo.jbxd
              Similarity
              • API ID: MessagePost
              • String ID:
              • API String ID: 410705778-0
              • Opcode ID: ddd065fdf7ece832ebe81070af08e561c8863d1dcb319d3b9cf5f2d52acfb4d3
              • Instruction ID: a51ca95b5612b7c458a6df06141cbc6ba032f3af8e6239c8ecb2f413fb6a3f7d
              • Opcode Fuzzy Hash: ddd065fdf7ece832ebe81070af08e561c8863d1dcb319d3b9cf5f2d52acfb4d3
              • Instruction Fuzzy Hash: 1A1125B58003099FDB20DF99C949BDEFFF8EB48310F10840AE455A7250C375A544CFA5
              Function 06B05F40 Relevance: 1.5, APIs: 1, Instructions: 44windowCOMMON
              Download Yara Rule
              APIs
              • PostMessageW.USER32(?,?,?,?), ref: 06B05F9D
              Memory Dump Source
              • Source File: 00000000.00000002.2173474616.0000000006B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_6b00000_SecuriteInfo.jbxd
              Similarity
              • API ID: MessagePost
              • String ID:
              • API String ID: 410705778-0
              • Opcode ID: 1696c9b22d120ee80e899531c36e0ab20b9df80781a2cb94a965eba92b6e2908
              • Instruction ID: 132d1d95d392a0fdec52dafa8d9a579a4d0aa0b87a566c50640413b2573985ad
              • Opcode Fuzzy Hash: 1696c9b22d120ee80e899531c36e0ab20b9df80781a2cb94a965eba92b6e2908
              • Instruction Fuzzy Hash: A71103B58003499FDB20DF9AD945BDEFFF8EB48310F108459E518A7240C379A544CFA1
              Function 04A7D708 Relevance: 1.4, Strings: 1, Instructions: 140COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2170333704.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4a70000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID: (aq
              • API String ID: 0-600464949
              • Opcode ID: bb1d6fae02267e0f00f5f9e57d72fbe2b8f7627644687d96d540fba05082e177
              • Instruction ID: e93766384bf2ea1ff9695a30461cfe08bafbe20504f747eb2b8acaf083ac28cf
              • Opcode Fuzzy Hash: bb1d6fae02267e0f00f5f9e57d72fbe2b8f7627644687d96d540fba05082e177
              • Instruction Fuzzy Hash: 6B412435B046618FEB2AA77C982456E3BE7AFC57547144879D406CB3D9EF28EC0283D2
              Function 04A74CA4 Relevance: 1.4, Strings: 1, Instructions: 131COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2170333704.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4a70000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID: Haq
              • API String ID: 0-725504367
              • Opcode ID: a0ccb2a3a6bb8b59a7823c53568ebe44fc8325bb884aa52eb7f5dc9805a3e147
              • Instruction ID: 0eed6b07e250e54c4561592733668a0a52927a20edc3f9c1941f2c06243dac30
              • Opcode Fuzzy Hash: a0ccb2a3a6bb8b59a7823c53568ebe44fc8325bb884aa52eb7f5dc9805a3e147
              • Instruction Fuzzy Hash: 0A417E74A007099FCB24DFA9C854AAEBBF5EF89310F10846DE449A7351DB34A945CBA1
              Function 06A19CC0 Relevance: 1.3, APIs: 1, Instructions: 50COMMON
              Download Yara Rule
              APIs
              • CloseHandle.KERNELBASE(00000000), ref: 06A19D27
              Memory Dump Source
              • Source File: 00000000.00000002.2173322732.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_6a10000_SecuriteInfo.jbxd
              Similarity
              • API ID: CloseHandle
              • String ID:
              • API String ID: 2962429428-0
              • Opcode ID: 939972a2d54c6cfc9d1d796f58908675ab4a0b812845ad1118ebbfaa370c2ca6
              • Instruction ID: f822a37e356ef2271141da6fb73590ee2c07ee022b4ec7d8e0329ae977367e33
              • Opcode Fuzzy Hash: 939972a2d54c6cfc9d1d796f58908675ab4a0b812845ad1118ebbfaa370c2ca6
              • Instruction Fuzzy Hash: 5B1113B58002498FCB10DF9AD945BDEBFF8EB48320F24845AD558A7240C378A544CFA6
              Function 06A13C24 Relevance: 1.3, APIs: 1, Instructions: 50COMMON
              Download Yara Rule
              APIs
              • CloseHandle.KERNELBASE(00000000), ref: 06A19D27
              Memory Dump Source
              • Source File: 00000000.00000002.2173322732.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_6a10000_SecuriteInfo.jbxd
              Similarity
              • API ID: CloseHandle
              • String ID:
              • API String ID: 2962429428-0
              • Opcode ID: 39658a4cc298cb838f73abecb39460acb2218dca7fa8f6de38b86e541a369088
              • Instruction ID: 5b785426e84553c55e9e5b8b0e274669eec49146d341b63840cfc19706b2a99d
              • Opcode Fuzzy Hash: 39658a4cc298cb838f73abecb39460acb2218dca7fa8f6de38b86e541a369088
              • Instruction Fuzzy Hash: F01125B1D002498FDB10DF9AD945BEEFFF8EB48320F10846AD519A7240D378A944CFA5
              Function 04A7B4C8 Relevance: .7, Instructions: 731COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2170333704.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4a70000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ac4413a68de0708a19aebb5c7753d99f42469a40c65457176033b8372de73e6c
              • Instruction ID: 52d6bcd42ceea6ac167a65ef86c513fdca375bdf4c8d12a3727d1f368262a440
              • Opcode Fuzzy Hash: ac4413a68de0708a19aebb5c7753d99f42469a40c65457176033b8372de73e6c
              • Instruction Fuzzy Hash: 10725F71D00609CFDB14EF68C8986ADB7B1FF45304F018699D54AAB265EF30AAC9CF91
              Function 04A78468 Relevance: .6, Instructions: 551COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2170333704.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4a70000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7e0d3af1f95579260ba79863672bfe47d974358986f2f800fbf123ced6f36f92
              • Instruction ID: bb7280fb4083fc9e96eddaec18a2f47a21333231bda5f2a725fd95ee118f0f42
              • Opcode Fuzzy Hash: 7e0d3af1f95579260ba79863672bfe47d974358986f2f800fbf123ced6f36f92
              • Instruction Fuzzy Hash: E742D531E107198FCB25EF68C8946DDB7B1FF89304F1186A9D459BB261EB34AA85CF40
              Function 04A7C9A0 Relevance: .5, Instructions: 500COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2170333704.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4a70000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: fc308dc2bd01f86450471c087e962fd520be255af83b14e798ce00d48708bd91
              • Instruction ID: b50052726b7fa59aaae23526e0c75e27561ba97703b345e85d3acd1790b304a9
              • Opcode Fuzzy Hash: fc308dc2bd01f86450471c087e962fd520be255af83b14e798ce00d48708bd91
              • Instruction Fuzzy Hash: 48221A34A00615CFDB24DF69C894B9DBBF2FF89314F1485A9E80AAB365DB30AD45CB50
              Function 04A78458 Relevance: .3, Instructions: 336COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2170333704.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4a70000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 14c55e2908c420952eb397fe3be0c658fd038793cd19457eff57eec6a6187582
              • Instruction ID: ef430a000edbf6f204988fa299a2cdf44478ea06ebc7953ddf1f565c66c40ddd
              • Opcode Fuzzy Hash: 14c55e2908c420952eb397fe3be0c658fd038793cd19457eff57eec6a6187582
              • Instruction Fuzzy Hash: DBE1E635E006198FDB24EF68CD946EDB7B1BF89304F1186A9D419AB251EB34BE85CF40
              Function 04A7DE38 Relevance: .2, Instructions: 229COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2170333704.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4a70000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1e6f2c91e77cd044fd4fd4bc6bbf6cf92d673e6578b7455af9a75cfd53b7d85c
              • Instruction ID: c9cfc9fb47b0674f10218c84dc7b635aefda6cc389aef0ea63606a3b37aead9a
              • Opcode Fuzzy Hash: 1e6f2c91e77cd044fd4fd4bc6bbf6cf92d673e6578b7455af9a75cfd53b7d85c
              • Instruction Fuzzy Hash: A27103317092518FD3269B39CC6466E7FE6AFC6311B1984AAD449CB3E2CF34AC46C791
              Function 04A7AE58 Relevance: .2, Instructions: 197COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2170333704.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4a70000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c41ead54d3558f94ce7b5243d78f5031500a1f33330161340899b2145a1c9d22
              • Instruction ID: 1e9d7821935425373df53e6c55cb2b21831318393c9406a65e8652c1c96585a9
              • Opcode Fuzzy Hash: c41ead54d3558f94ce7b5243d78f5031500a1f33330161340899b2145a1c9d22
              • Instruction Fuzzy Hash: F791F77190070ADFCB41DF68C884999FBF5FF89310B14879AE819AB255EB70E985CF90
              Function 04A79DB0 Relevance: .2, Instructions: 183COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2170333704.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4a70000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3f77e0c39a9dd871ba79c25b3b12be48dbd2a8f7e585bdf02ee304cc30a5d3c9
              • Instruction ID: c13208c788e8b066c6027153e978b51b1259702a44f06456504f1bbe22fa7111
              • Opcode Fuzzy Hash: 3f77e0c39a9dd871ba79c25b3b12be48dbd2a8f7e585bdf02ee304cc30a5d3c9
              • Instruction Fuzzy Hash: F871BCB9600A018FC728DF29C58895ABBF2FF8931571589A9E54ACB372DB71EC41CF50
              Function 04A74CDC Relevance: .2, Instructions: 181COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2170333704.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4a70000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7026039da81fec7e68b00467c06acde821381a64a4754b2f8d282f71906d4cb5
              • Instruction ID: 57d707e9cdf44e30904b937250452f1272ccd30b9a632968260eb5ef2a68aa2b
              • Opcode Fuzzy Hash: 7026039da81fec7e68b00467c06acde821381a64a4754b2f8d282f71906d4cb5
              • Instruction Fuzzy Hash: A851D371E02218EFDB24DFB4E9545AEBFB2FF85304F1184AAE441A7691DB30A856CB50
              Function 04A7D100 Relevance: .2, Instructions: 180COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2170333704.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4a70000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1347847e5d0a08a0579c5b98e80153352ec8609945e34f8ab07941716b5c1b03
              • Instruction ID: 086669f302afeb1c66cd61414de2f63aeb03a74fb2e4b7824eda1c5f9826a237
              • Opcode Fuzzy Hash: 1347847e5d0a08a0579c5b98e80153352ec8609945e34f8ab07941716b5c1b03
              • Instruction Fuzzy Hash: CA517C307012158FDB29DF69C8989AD7BF6FF89704B1444A9D406EB3A1DB35EC02CB50
              Function 04A7C971 Relevance: .2, Instructions: 180COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2170333704.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4a70000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: dfa78f3b540677977a9cd1fde0bd1adde4d459bbbc57f0070d013296be72f30b
              • Instruction ID: b2e210d9face7993879da7907892dbe87c5410d6a10630204f9a47df6a8d59ff
              • Opcode Fuzzy Hash: dfa78f3b540677977a9cd1fde0bd1adde4d459bbbc57f0070d013296be72f30b
              • Instruction Fuzzy Hash: 46615A306106008FDB14EF78C894B9D7BF2BF89314F1585B9E8469B3A2DB30AD49CB61
              Function 04A79BD0 Relevance: .2, Instructions: 172COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2170333704.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4a70000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3d216379c54416aaabe97a8651e41955ba99900c3e5e358860e13e3e818724b9
              • Instruction ID: 085929c8775d5e2b726ecdcbdfcc11bdf8e4bf3f2e51671b216413a8bf74e84e
              • Opcode Fuzzy Hash: 3d216379c54416aaabe97a8651e41955ba99900c3e5e358860e13e3e818724b9
              • Instruction Fuzzy Hash: 5071B4B4A002068FDB54CF68D584999FBF5FF49310B5986AAE809DB352D730EC85CF90
              Function 04A7EC48 Relevance: .2, Instructions: 167COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2170333704.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4a70000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4eacb02ce36eaddc1ec708e8d803a859846be61d21733f929ea8d7ac7846fa1f
              • Instruction ID: 7d9926ce535331f2f2d1e34ba4f6f869a217d61b4d63042adc842a429a071964
              • Opcode Fuzzy Hash: 4eacb02ce36eaddc1ec708e8d803a859846be61d21733f929ea8d7ac7846fa1f
              • Instruction Fuzzy Hash: A351A0707002058FD724DB69C994B6EBBFAEF89304F1484AAE509DB3A1DB75EC41CB90
              Function 04A74524 Relevance: .2, Instructions: 157COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2170333704.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4a70000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9342b5eb056dd66d744fd7943c3c31d00f5403c34b7e7bb45a8f2477bdc54b5d
              • Instruction ID: 137aafe793b38deeefcb6c9e5027a69fcb473c81c2ad739a6927bcdfb3641c11
              • Opcode Fuzzy Hash: 9342b5eb056dd66d744fd7943c3c31d00f5403c34b7e7bb45a8f2477bdc54b5d
              • Instruction Fuzzy Hash: 32517171E002499FDB14EFA9C954AAFBFF5EF88305F10842AE415E7250DB74A905CF91
              Function 04A7AE48 Relevance: .2, Instructions: 150COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2170333704.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4a70000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 08217fcf727a502a1aa41a5688142cbb64e229d248a816152297fa3be4d61e32
              • Instruction ID: 7b868edd41b722d74f06d6f59335d530978483ea59b95e5fd0402fc25f322cf0
              • Opcode Fuzzy Hash: 08217fcf727a502a1aa41a5688142cbb64e229d248a816152297fa3be4d61e32
              • Instruction Fuzzy Hash: 3E61087191070ADFCB51DF68C880999FBB4FF49310B14875AE869AB255EB70E9C6CB80
              Function 04A7EC38 Relevance: .1, Instructions: 133COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2170333704.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4a70000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5e4db1ce2a35ef4e4e31c99b7c0ec750526454b2b678542a46dca418bed082d1
              • Instruction ID: 08b3b0aa4bcc36d3a2b2b4618dc259db8fceec48fe6705aac25ab510e067ead2
              • Opcode Fuzzy Hash: 5e4db1ce2a35ef4e4e31c99b7c0ec750526454b2b678542a46dca418bed082d1
              • Instruction Fuzzy Hash: 7F419F307002059FC725DB69C994BAEBBFAEF89301F1484AAD409DB361DB75EC46CB90
              Function 04A70CE8 Relevance: .1, Instructions: 124COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2170333704.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4a70000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5e1b6c4823076066b778a01f63a9bac23280fcb43821c095a7c3e40b98721980
              • Instruction ID: b0698e97eb53871bf00b8989081bf255ad210592985f49d5b54d1a1139bcaf44
              • Opcode Fuzzy Hash: 5e1b6c4823076066b778a01f63a9bac23280fcb43821c095a7c3e40b98721980
              • Instruction Fuzzy Hash: 71418D75A04619CFDB25DFA9E8546EDBBF1EB88720F148129D405FB350DB30A841CBA0
              Function 04A7F498 Relevance: .1, Instructions: 121COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2170333704.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4a70000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4f42decdb08edbfced291b897703f579f751bb282f38c25d7464ccd36039cdfb
              • Instruction ID: 00463845eff9caaea9ec9b4eec11d76541a81a78a53a02d975305886defd3342
              • Opcode Fuzzy Hash: 4f42decdb08edbfced291b897703f579f751bb282f38c25d7464ccd36039cdfb
              • Instruction Fuzzy Hash: 99419575E00114DFEB24EF75C4506EE7AB2EF8C219F14483AD401B7250CB356985DBA5
              Function 04A74ABC Relevance: .1, Instructions: 113COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2170333704.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4a70000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3ebf8164d4bfcca4940146ce075339cc3260d5fff18a6b0b2d60f8c671a68e53
              • Instruction ID: 906a5f9ad85ef3517b0433a3052a0f637e77a9b875a317d1a76b7ec13007eec9
              • Opcode Fuzzy Hash: 3ebf8164d4bfcca4940146ce075339cc3260d5fff18a6b0b2d60f8c671a68e53
              • Instruction Fuzzy Hash: 184100B1D01309DBDB20CFA9C984ACDFBB5FF59304F64812AD409AB200D7756A8ACF91
              Function 04A790F0 Relevance: .1, Instructions: 109COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2170333704.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4a70000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 91df9a4cd8d35e2c9c12eccaf788868e05f7b3de2013e758285715d1661a2d41
              • Instruction ID: afe43ce9e12438834975a1dff314b2735e1f2d6ca56f6a72b1d87ca64cd0fdf1
              • Opcode Fuzzy Hash: 91df9a4cd8d35e2c9c12eccaf788868e05f7b3de2013e758285715d1661a2d41
              • Instruction Fuzzy Hash: 5F413D34A10709CFCB14EF78C8949DDBBB6FF89304F018569E515AB365EB70A946CB81
              Function 04A75048 Relevance: .1, Instructions: 104COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2170333704.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4a70000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2354d5a06911a96c8033925d6f37595ef1ac0c332ee3e9c100407d4310849c2c
              • Instruction ID: 6a2383fffeb4db1d4facf5c3685c9db9406e098d3c3091c74aebeaff46489688
              • Opcode Fuzzy Hash: 2354d5a06911a96c8033925d6f37595ef1ac0c332ee3e9c100407d4310849c2c
              • Instruction Fuzzy Hash: 84310871E002456FEB21EF698D409FFBFF9EFC4304B004156D454E7252EA30AA06CB90
              Function 04A79100 Relevance: .1, Instructions: 101COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2170333704.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4a70000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7bd3d39b919733b095e9f36c7a1c683208a52c68ef7690ed5bb1d31821bc2e7a
              • Instruction ID: a16aacca0d8c3cb64f2b0e2800bf892f1cd70293805b9207c1ddd8e762a0daa2
              • Opcode Fuzzy Hash: 7bd3d39b919733b095e9f36c7a1c683208a52c68ef7690ed5bb1d31821bc2e7a
              • Instruction Fuzzy Hash: C7413D34A10709CFCB14EF78C89499DBBB6FF89304F008569E515AB325EB71A945CB81
              Function 04A749B0 Relevance: .1, Instructions: 100COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2170333704.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4a70000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e0391b2c46d7dbe195368e7f60be186b618e1cb41e7ed000b63dafa7cd63d598
              • Instruction ID: 51c762f4a2f80aaeda1040cc84018a22b98c42cdfb7e7a5ba0a860f1937acaff
              • Opcode Fuzzy Hash: e0391b2c46d7dbe195368e7f60be186b618e1cb41e7ed000b63dafa7cd63d598
              • Instruction Fuzzy Hash: D13108746043059FC711EF78C8554AEBFF6EF89300B1189AAE945DB361EB34EE098B91
              Function 04A79BC0 Relevance: .1, Instructions: 100COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2170333704.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4a70000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 426f8fd0396d06702cf9143cf8f1637d1c7731dea21a0f87965ba7e3f625b1ae
              • Instruction ID: 9afb1d16b25088b8c494bcca1cb870532ee64020eafbd743e60d0e08127d5940
              • Opcode Fuzzy Hash: 426f8fd0396d06702cf9143cf8f1637d1c7731dea21a0f87965ba7e3f625b1ae
              • Instruction Fuzzy Hash: 71410AB4A012469FDB65CF28C98499AFFF5FF49300B1986AAD849DB352D730EC45CB50
              Function 04A74564 Relevance: .1, Instructions: 99COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2170333704.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4a70000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9e59f14950bb462d9d5086f35d591d05b69ed91f71cbd8626cf9a59c3f3d467c
              • Instruction ID: abc7ec86e7ada7f51ea148c7f1cd7851928a1e18ca515fcfa9db89573e06d5c0
              • Opcode Fuzzy Hash: 9e59f14950bb462d9d5086f35d591d05b69ed91f71cbd8626cf9a59c3f3d467c
              • Instruction Fuzzy Hash: 5B41D1B1D04309DBDB20CFA9C984ADDBBF5BF59304F64812AD409BB210D775AA86CF91
              Function 04A76D77 Relevance: .1, Instructions: 96COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2170333704.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4a70000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 68fc739ba9d11517eaf935e9f99ea8246c0f5b3406477029ca09bcfc29488bf9
              • Instruction ID: 01fcd7c6398e6527d43f155365bbfb9b458d5c5c58402f74020a28176e94aba6
              • Opcode Fuzzy Hash: 68fc739ba9d11517eaf935e9f99ea8246c0f5b3406477029ca09bcfc29488bf9
              • Instruction Fuzzy Hash: 3D410A75A0020ADFCB44DF68D9849DEFBB5FF49310B14C669E918AB311E730A986CF90
              Function 04A73A40 Relevance: .1, Instructions: 95COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2170333704.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4a70000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4651ad36f4f5863cae3c937562ce2abcc5ca3752752ee4904f8dcbf4b1305a9f
              • Instruction ID: e1f4e80057a8495f5ef6a79f81c1059ffbc22a87e2e596a27e72282b6993500f
              • Opcode Fuzzy Hash: 4651ad36f4f5863cae3c937562ce2abcc5ca3752752ee4904f8dcbf4b1305a9f
              • Instruction Fuzzy Hash: ED41B2B0D10359DFDB24CF9AC884A9EFBB1BF89714F10812AE418BB250D7746845CF95
              Function 04A7F48B Relevance: .1, Instructions: 93COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2170333704.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4a70000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a38eaf652491530c0f8e72e018b0e8390940b2fa4ceb302123b3e33633785602
              • Instruction ID: 7a188c2ca73dcc4f8ad7d404cc534fbddd20f96e8fadef88a97a7a4b367dc203
              • Opcode Fuzzy Hash: a38eaf652491530c0f8e72e018b0e8390940b2fa4ceb302123b3e33633785602
              • Instruction Fuzzy Hash: 8231D771E00214DFEB38DF79C4502AD77A2EF8C219F544879D401B7240DB359A46CBAA
              Function 04A76D88 Relevance: .1, Instructions: 92COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2170333704.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4a70000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4765afa0533b61c21788c031dcdc2ca51b70e85a10827dcdf4bd69069c37c459
              • Instruction ID: 61837ba7d4570feb92073ffc9e92f93df7bb13a44fb262030b5d06d5f5eeb295
              • Opcode Fuzzy Hash: 4765afa0533b61c21788c031dcdc2ca51b70e85a10827dcdf4bd69069c37c459
              • Instruction Fuzzy Hash: 13410775A0020ADFCB40DF69D88499EFBB5FF89314B14C669E918AB311E730E985CF90
              Function 04A78FF8 Relevance: .1, Instructions: 92COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2170333704.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4a70000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 390fd32378aafa9ed1acfe94eda1da07a8c37e699062e9311e804812b4702437
              • Instruction ID: f68feef3ae90515b893a412c6ff3174800fd6c88c22c645a1437139bcaeb7fee
              • Opcode Fuzzy Hash: 390fd32378aafa9ed1acfe94eda1da07a8c37e699062e9311e804812b4702437
              • Instruction Fuzzy Hash: 7B318A35A002299FDF14EB68D85089DB7B6FF88218B018669E506AB310EB31BC42CBC0
              Function 04A76604 Relevance: .1, Instructions: 89COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2170333704.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4a70000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7c6de799d857dd15e9351b99ffb8d9822cfe5bcbf1e65e7a688c6373e85dada5
              • Instruction ID: 87e91f53e4f681c64e7e44eb659b75615d85770d78cd169a40e02f0dd7d88caa
              • Opcode Fuzzy Hash: 7c6de799d857dd15e9351b99ffb8d9822cfe5bcbf1e65e7a688c6373e85dada5
              • Instruction Fuzzy Hash: 4A2171363102018FD7259B2CCC98A697BE5EFC5711B1984BAE50ADF3B6EA35EC018790
              Function 04A749C0 Relevance: .1, Instructions: 89COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2170333704.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4a70000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8f307aff80e49cbe7c13f5c0349058aaba806260a3f3f1c4928f901df07efc78
              • Instruction ID: 0e9dde25c2c7c5dbddfbac09e04a22f750a7db19f3e3ddbcac673a763012455e
              • Opcode Fuzzy Hash: 8f307aff80e49cbe7c13f5c0349058aaba806260a3f3f1c4928f901df07efc78
              • Instruction Fuzzy Hash: 403105716043058FCB21EF38D89449BBBF6FF8530471588AAE909DB751EB71EC0A8B91
              Function 04A7D5A4 Relevance: .1, Instructions: 88COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2170333704.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4a70000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: eb0d925863bc362e1127317d723d02dd10840a6d7b32cc5e2c4a574386375113
              • Instruction ID: fbd652ff8e67ed1e86fc37d1a824b0c69fb90faa5a792b385e8ff6e7455b6309
              • Opcode Fuzzy Hash: eb0d925863bc362e1127317d723d02dd10840a6d7b32cc5e2c4a574386375113
              • Instruction Fuzzy Hash: 6B310579A20219DFDB24DFA9D894DADB7B5FF88700F1185A9E815AB320D730A800CF90
              Function 04A7D20F Relevance: .1, Instructions: 84COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2170333704.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4a70000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: fbda6070b77fb60fbc60038ad9fbce5903975164ad2d01c08076e6d6611c80e6
              • Instruction ID: cf79a5ef00af9f5fd15f4cee6f43b211bfbd02a47194e349c18ec2a1ba19c942
              • Opcode Fuzzy Hash: fbda6070b77fb60fbc60038ad9fbce5903975164ad2d01c08076e6d6611c80e6
              • Instruction Fuzzy Hash: 3021DE707093418FC7169B78D89896E7FA2EF8621071845BAD05ACF3A2DE34EC07C750
              Function 04A75410 Relevance: .1, Instructions: 80COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2170333704.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4a70000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 73a1c0e32b8167cd42c34ca788e63fa7bdc7542520709eee6d7bdaddab020f0c
              • Instruction ID: 2f53596a8389e1125649b857bc24ca4042eb6a0121b234d0f3b9fbc7b3ff8636
              • Opcode Fuzzy Hash: 73a1c0e32b8167cd42c34ca788e63fa7bdc7542520709eee6d7bdaddab020f0c
              • Instruction Fuzzy Hash: 442164B2E043486FD711DB69D8147DEBFF0EF85310F14805AD448E7252CBB8A80ACBA2
              Function 04A7DF00 Relevance: .1, Instructions: 78COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2170333704.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4a70000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: fdfcfb7366bcefc8c8890e50c310f4f191eee3521ebafeeca040fea59c00b1fd
              • Instruction ID: 6d5c5c59c29aee0808ebaa04bceb6c9997cb14e6e9031acc20f490cc849d795f
              • Opcode Fuzzy Hash: fdfcfb7366bcefc8c8890e50c310f4f191eee3521ebafeeca040fea59c00b1fd
              • Instruction Fuzzy Hash: B521A17570A6808FC3228B39DC95955BFB1AF9762571A40EBE445CF3F3DA20AC0AC711
              Function 04A7F750 Relevance: .1, Instructions: 77COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2170333704.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4a70000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e981decc61cbd94cf59ee9bd077df49d411536de619e57c00c2618165c214dd3
              • Instruction ID: 27e2077b9e2d988adde72a96368d33f5b78d57276b79614acb01f42531d36a06
              • Opcode Fuzzy Hash: e981decc61cbd94cf59ee9bd077df49d411536de619e57c00c2618165c214dd3
              • Instruction Fuzzy Hash: 2A21B575E10205EFDB15DFB4D8949DEBBB2FF89304B454525E001BB221EF34A94ACB91
              Function 0055D3D8 Relevance: .1, Instructions: 75COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2148564731.000000000055D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0055D000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_55d000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a028873e8a3d412daf28725039b3075aca3e9e7d7c8dcef9b507a6d926719d0b
              • Instruction ID: 2223854f0aa682f6596fcdc4ac14cd8321ce69c4ba0f1e00ad6ebd48c063cf80
              • Opcode Fuzzy Hash: a028873e8a3d412daf28725039b3075aca3e9e7d7c8dcef9b507a6d926719d0b
              • Instruction Fuzzy Hash: 012102B2500200DFDF14DF04D9C0B26BF75FB94315F24C56ADC090A246C37AE85AC6B2
              Function 0055D4C4 Relevance: .1, Instructions: 75COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2148564731.000000000055D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0055D000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_55d000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 177ba22ebc957f047a3cef18ac62357b9b8b998bc29d024eb7678127f3758dac
              • Instruction ID: bb107c8c6d24a8da994450a33ac56fc79405ca45e2ccd052b4dee2722bdc3ad8
              • Opcode Fuzzy Hash: 177ba22ebc957f047a3cef18ac62357b9b8b998bc29d024eb7678127f3758dac
              • Instruction Fuzzy Hash: F12121B2500240DFCB21DF14D9C0B26BF75FB88319F34C56AEC090A246D336D85ACAB1
              Function 04A74660 Relevance: .1, Instructions: 73COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2170333704.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4a70000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: eed38efbd5460f6fa2b630d8d2ba2a79f2616876d622a79b184054e790dd5d0f
              • Instruction ID: 5090213c3e9cfee0d0a52f4a936f7ac479f0b1bd8310f05e4935e7372125d907
              • Opcode Fuzzy Hash: eed38efbd5460f6fa2b630d8d2ba2a79f2616876d622a79b184054e790dd5d0f
              • Instruction Fuzzy Hash: 5A21C575E002198FDF14DFB989909FEBBF6EF89200B14452AD505F7251EB349906CB62
              Function 0056D1D4 Relevance: .1, Instructions: 72COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2148736314.000000000056D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0056D000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_56d000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2b738556d161b39ea812f0f3bbf02fa1215c20bb69353fc438caac03628a87f2
              • Instruction ID: c39ac8e767b9d24354210fd2e69de37015ff25e3df3dfda3e41d331e05e29586
              • Opcode Fuzzy Hash: 2b738556d161b39ea812f0f3bbf02fa1215c20bb69353fc438caac03628a87f2
              • Instruction Fuzzy Hash: F521C1B5A04240AFDB05DF14D590B25BFB5FB84314F24C969D8094B251C73AD846CA71
              Function 0056D01C Relevance: .1, Instructions: 72COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2148736314.000000000056D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0056D000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_56d000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c25a88ce9c5695193e37491d478cbc5a4badbe71e616c22f29bdbd9515db5e17
              • Instruction ID: 9ec2c05a60df68983713e7c27ed7d3e50bb642947c6e1fb058bd25057d5cb5f3
              • Opcode Fuzzy Hash: c25a88ce9c5695193e37491d478cbc5a4badbe71e616c22f29bdbd9515db5e17
              • Instruction Fuzzy Hash: 5521C175A04244DFDB14DF14D588B26BFB5FB84324F24C969D80A4B246D33AD846CA71
              Function 04A77620 Relevance: .1, Instructions: 72COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2170333704.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4a70000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 109f607e076e71338100bc429df15d60c0da8337f212bf3073dd8543843e7b4a
              • Instruction ID: 462c25f7df45a7bb9f92d9d8c7e5132fb0aaab25832a4013f780a551e898ab34
              • Opcode Fuzzy Hash: 109f607e076e71338100bc429df15d60c0da8337f212bf3073dd8543843e7b4a
              • Instruction Fuzzy Hash: 71115C31B012619FCB31AB6C889557D7FE6DFC4B1170940BAD809AB756CB24AD02C7E1
              Function 04A7E940 Relevance: .1, Instructions: 72COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2170333704.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4a70000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ab2f3089ab86b6d8d8a71b6bc092da742cf0bbf0a444c837b1fa7b45d0a30121
              • Instruction ID: b8cd4463c5648427945c51eb2733edb517f9acee0e68a281cf376f1fcb3c4740
              • Opcode Fuzzy Hash: ab2f3089ab86b6d8d8a71b6bc092da742cf0bbf0a444c837b1fa7b45d0a30121
              • Instruction Fuzzy Hash: F7115E362093C45FDB225B795C506FE3F719F86204F18849BE449CA243C93E984BD761
              Function 04A758BC Relevance: .1, Instructions: 71COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2170333704.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4a70000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: aa902260e4354350c95069d4869abe8556d3f5f5ca8deef1a4fa8dfb6daed425
              • Instruction ID: 0bba01280d9b488f66df382cf474280a4c5af8b63f0c3176cd811ec861d45635
              • Opcode Fuzzy Hash: aa902260e4354350c95069d4869abe8556d3f5f5ca8deef1a4fa8dfb6daed425
              • Instruction Fuzzy Hash: 4F117672B052405FDB22ABF99C505EEBFB5EF89224F14045BDA05E7352CB341E12C792
              Function 04A7C008 Relevance: .1, Instructions: 70COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2170333704.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4a70000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: fdbb591ab294ab4cf7b920b7a1f96d318abf55eceb595d6e0cbc283d117fbc8d
              • Instruction ID: 7c140976890d3754a5a739d0f3c6115f7bdf96eefca876f21242231775064c98
              • Opcode Fuzzy Hash: fdbb591ab294ab4cf7b920b7a1f96d318abf55eceb595d6e0cbc283d117fbc8d
              • Instruction Fuzzy Hash: 44215331A00609DFDB10EF6CD84099DFBF5FF49310B50C26AE958A7204EB31A959CBD1
              Function 04A77A08 Relevance: .1, Instructions: 67COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2170333704.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4a70000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2cd1f6eb743f34ee1e284361a51e92ea34a24d12d1dade8615f41f752a448ab0
              • Instruction ID: db4fc5e9cb13a23516bc729b25d9a5cda6294c111bf5dd63a0cd7b9ba72f70d5
              • Opcode Fuzzy Hash: 2cd1f6eb743f34ee1e284361a51e92ea34a24d12d1dade8615f41f752a448ab0
              • Instruction Fuzzy Hash: 9311253A30A2508FDB348B3AAC50ABE37E68FC671170D01BFE446C7692DA24F942C351
              Function 04A76514 Relevance: .1, Instructions: 64COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2170333704.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4a70000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 44a791152a2a3e4488105b6378b90463ce9778df0f200719cc0e6896c4bf1586
              • Instruction ID: 79388467437ad491507c09a132c5e8c9fe4e82984da874d7f75931126eb5c0f8
              • Opcode Fuzzy Hash: 44a791152a2a3e4488105b6378b90463ce9778df0f200719cc0e6896c4bf1586
              • Instruction Fuzzy Hash: 7F118E763416018FAB38CB2ACC8097A77EAEFCA771709847AE446C7660DF24F841C650
              Function 04A75170 Relevance: .1, Instructions: 64COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2170333704.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4a70000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2e64c5b23f7f731260d92ce4cdc278dad63654dfc1cae529df3b99167336540d
              • Instruction ID: a8a2ffd1c5cf99219e4ce8177dde6ff4ca2139abbb654ec76cb4ae5beed6143d
              • Opcode Fuzzy Hash: 2e64c5b23f7f731260d92ce4cdc278dad63654dfc1cae529df3b99167336540d
              • Instruction Fuzzy Hash: E42129B6D006489FCB20DF9AD844ADEFFF4EB88321F14C01AE859A7600D374A645CFA1
              Function 0056D006 Relevance: .1, Instructions: 62COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2148736314.000000000056D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0056D000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_56d000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a1480173b8061902b5f7c3e7c42a890b5becf1d68d6793764019a75687ae8aa8
              • Instruction ID: e7b03acaa3af2d235b6b21152ecbfa78c7f975a5bdff8a5f37c35a1d10755727
              • Opcode Fuzzy Hash: a1480173b8061902b5f7c3e7c42a890b5becf1d68d6793764019a75687ae8aa8
              • Instruction Fuzzy Hash: B12150755093808FDB12CF24D994B15BF71FB46314F28C5DAD8498B6A7C33A980ACB62
              Function 0055D3D3 Relevance: .1, Instructions: 56COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2148564731.000000000055D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0055D000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_55d000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c71a23e6f2891b0ac880f649e89db06405e67f0af756f6891ce480dd6b8289f7
              • Instruction ID: 53c0761693cd0410ae5af52e0053de7d9be03c7ad0721aaa51c59d7149820536
              • Opcode Fuzzy Hash: c71a23e6f2891b0ac880f649e89db06405e67f0af756f6891ce480dd6b8289f7
              • Instruction Fuzzy Hash: AA11CD72404240CFDF16CF00D5C4B16BF72FB94324F24C2AADC490A656C33AE85ACBA1
              Function 0055D4BF Relevance: .1, Instructions: 56COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2148564731.000000000055D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0055D000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_55d000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c71a23e6f2891b0ac880f649e89db06405e67f0af756f6891ce480dd6b8289f7
              • Instruction ID: 63afeab16df5a0e120bc367c0c601b37de3a039b7ff0a38ea5512fe50e68a850
              • Opcode Fuzzy Hash: c71a23e6f2891b0ac880f649e89db06405e67f0af756f6891ce480dd6b8289f7
              • Instruction Fuzzy Hash: 0A11E676504280CFCB16CF14D5C4B16BF71FB94314F24C6AADC490B656C33AD85ACBA1
              Function 04A77AB8 Relevance: .1, Instructions: 56COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2170333704.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4a70000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6dd7d33ab94e4584106bfda0ed06598d6906e1c162dfbc4953a3caf5891edd83
              • Instruction ID: 3cb43c1f9222c224b34e0425e71a626fa00fb01f42659e921d1b18337c766ec7
              • Opcode Fuzzy Hash: 6dd7d33ab94e4584106bfda0ed06598d6906e1c162dfbc4953a3caf5891edd83
              • Instruction Fuzzy Hash: 331182363042014FD7249F1CCCD5AA93BE2EFC9710F1984BAE54ACF3A6D635E8018790
              Function 04A763F4 Relevance: .1, Instructions: 55COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2170333704.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4a70000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6270a22fa092f422859834a8780f444241767e327a0195b7691244dc0ab11856
              • Instruction ID: c1ecf4e5254f2a218054277aa6a33f15a5359efac097d44e22ad71737e2bbabe
              • Opcode Fuzzy Hash: 6270a22fa092f422859834a8780f444241767e327a0195b7691244dc0ab11856
              • Instruction Fuzzy Hash: A121D3B5D002499FDB20DF9AD844ADEFBF8EB48320F54841AE919A7210D374A954CFA1
              Function 04A712A8 Relevance: .1, Instructions: 54COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2170333704.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4a70000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 69fe3f84cd02ce61a8ede87ed2675476b51f19076f8f7d1ed9be83a1132e1706
              • Instruction ID: dafcad497ddfe7b8cf94b1eb1ecf6b1fa6a766654567895e89445757f5b4eea2
              • Opcode Fuzzy Hash: 69fe3f84cd02ce61a8ede87ed2675476b51f19076f8f7d1ed9be83a1132e1706
              • Instruction Fuzzy Hash: 1A118F35A00205DBEB24EBA9D5147DEB7F2EBC4304F104479D505AB790DB75AD05CBA2
              Function 0056D1CF Relevance: .1, Instructions: 53COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2148736314.000000000056D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0056D000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_56d000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5ecdbd2196c02b2d36a90ebf2b22d30fffd8b7da1097997a33617a95b9f44a3d
              • Instruction ID: 26837be7a14d11223060271b09c09c42ba8c1b2f3eb6248b811754c7cec19416
              • Opcode Fuzzy Hash: 5ecdbd2196c02b2d36a90ebf2b22d30fffd8b7da1097997a33617a95b9f44a3d
              • Instruction Fuzzy Hash: 1D11BB79A04280DFCB12CF10D5D4B15BFB1FB84314F28CAA9D8494B696C33AD84ACB61
              Function 04A7462C Relevance: .1, Instructions: 51COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2170333704.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4a70000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 74c4374941e90adb8e218baa0f92a8b67650915afaa952cd1732dcfa5b7b38f7
              • Instruction ID: 0e256212395127e948e751d9fb3f9b956f73d2710bf27f379f3737b268d915f9
              • Opcode Fuzzy Hash: 74c4374941e90adb8e218baa0f92a8b67650915afaa952cd1732dcfa5b7b38f7
              • Instruction Fuzzy Hash: A911F3B1D042499FDB20DF9AD844ADEFBF4EB88310F14841AD459A7610D3B8A945CFA5
              Function 04A75368 Relevance: .1, Instructions: 51COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2170333704.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4a70000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4a903798cda10c08ed4781da7ed33d5210ce1c989c046e61c4d2c3f1609dd86a
              • Instruction ID: 55971455bfe27a478f02cc09e56023aab1b8c6e4d56068911a354734351de343
              • Opcode Fuzzy Hash: 4a903798cda10c08ed4781da7ed33d5210ce1c989c046e61c4d2c3f1609dd86a
              • Instruction Fuzzy Hash: 6811F6B5C002499FDB20DFAAD445BDEFBF4EB49310F14841AD858A7610D3B8A545CFA1
              Function 04A74F44 Relevance: .1, Instructions: 51COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2170333704.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4a70000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 48387fa9007697e2eaa1b5c1367e1862f2e417cf7e43a435ebf41a4f1a821152
              • Instruction ID: 083782c0cff1f82ac31502939c4f654253a2363edfe9229927ff22a005d20caa
              • Opcode Fuzzy Hash: 48387fa9007697e2eaa1b5c1367e1862f2e417cf7e43a435ebf41a4f1a821152
              • Instruction Fuzzy Hash: 5011F3B1D043499FDB20DF9AD844ADEFBF8EB88310F14841AD459A7610D3B8A945CFA5
              Function 04A71B89 Relevance: .0, Instructions: 48COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2170333704.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4a70000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3203df911882ef20ae5a8303161047ab19b90d53c772c9f350c5688f32f2c880
              • Instruction ID: 84cb18378bed5c09bc1be4bd7a7cae2b9c8c56868722b020fdac2bf72fa951cc
              • Opcode Fuzzy Hash: 3203df911882ef20ae5a8303161047ab19b90d53c772c9f350c5688f32f2c880
              • Instruction Fuzzy Hash: AF01AD74A00205DFDB04EF68C959AAB7BF6EB88300F048469E002AB345DE759C04CFA0
              Function 04A763DC Relevance: .0, Instructions: 47COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2170333704.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4a70000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: fcde6c851c7ec71bf9d1ab366c1f247b7898c51bcc7d5a715d35da6c39e99fea
              • Instruction ID: a4e7f2c74af281b68f72688c70396bdbb85348fb1e62e319b5c228fdbc78a351
              • Opcode Fuzzy Hash: fcde6c851c7ec71bf9d1ab366c1f247b7898c51bcc7d5a715d35da6c39e99fea
              • Instruction Fuzzy Hash: 661122B1D007089FDB20DF9AD848B9EFBF4EB48320F20841AD519A7200C378A944CFA5
              Function 04A7680B Relevance: .0, Instructions: 46COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2170333704.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4a70000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 31589f481bf71adf94d2515cbfe98355d29aba7407dfbf6f03e97f82f3f05467
              • Instruction ID: 46123a105c0f77b9aa536568afda4ef10698da40acc61b77d7886ba49215676f
              • Opcode Fuzzy Hash: 31589f481bf71adf94d2515cbfe98355d29aba7407dfbf6f03e97f82f3f05467
              • Instruction Fuzzy Hash: 491103B5D002498FDB20DFAAD889BDEFBF4EB48320F10841AD519A7600C378A545CFA6
              Function 0055D745 Relevance: .0, Instructions: 45COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2148564731.000000000055D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0055D000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_55d000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ec52dde6580a37d65e1da9990d49e36cba64e95cb2052ab7db65debc0ea76870
              • Instruction ID: 4977c8cd4b9def430fa2286b1ebd7b6b3ea53515ba95cecec33b2f37996bdd24
              • Opcode Fuzzy Hash: ec52dde6580a37d65e1da9990d49e36cba64e95cb2052ab7db65debc0ea76870
              • Instruction Fuzzy Hash: 9D012B720143409AE7308F15CDD4B27BFB8EF49322F28C91BED080A286D3799849CAB1
              Function 04A7F522 Relevance: .0, Instructions: 45COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2170333704.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4a70000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 873eb03040ea64d2d3e111e5f746659642e2361ea75e114213fb145ba320baf1
              • Instruction ID: 6c7f2284bab705014ff7306495b93255ae49658d100661bc6939e93ba1c2dc7c
              • Opcode Fuzzy Hash: 873eb03040ea64d2d3e111e5f746659642e2361ea75e114213fb145ba320baf1
              • Instruction Fuzzy Hash: 4E018071E00109DFEF38AFB5C8543AD7AB2EF4C705F144879E401B6280CB785A85DBA9
              Function 04A7D280 Relevance: .0, Instructions: 45COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2170333704.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4a70000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7491b7273a2135f6b327392958a6e3eb194baa758f72c3dd82e6c16e2ef9f0f0
              • Instruction ID: 435d70814cb22ddd1fb38cc0153c2f231c18748cc21a94281ea02cdaa1ab4a79
              • Opcode Fuzzy Hash: 7491b7273a2135f6b327392958a6e3eb194baa758f72c3dd82e6c16e2ef9f0f0
              • Instruction Fuzzy Hash: FE0171347002118FD315DB69E88896ABBEAFFC8215724856EE41A8B361CF71EC05C750
              Function 04A796F8 Relevance: .0, Instructions: 44COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2170333704.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4a70000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1115af2f393bd173c55ceadd30701e759a318bb4ca02853056100a9652e6c247
              • Instruction ID: 2402bf03841f82d752fc3ab4c73013d7413e7abf0c7072ef3d6e964fd430b482
              • Opcode Fuzzy Hash: 1115af2f393bd173c55ceadd30701e759a318bb4ca02853056100a9652e6c247
              • Instruction Fuzzy Hash: 0501F235A00700CFDB226B3489105FE7B35EFC1610F0586AEC4896B252DF30A842CB81
              Function 04A79329 Relevance: .0, Instructions: 44COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2170333704.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4a70000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 21408892c5454e85f981b767e5661632b89631e1af9db179086680e50cbf9044
              • Instruction ID: 00a339fe30dd1b1dd65df09c5dc3ef9494d41e802669241e8d6b6c7c74126082
              • Opcode Fuzzy Hash: 21408892c5454e85f981b767e5661632b89631e1af9db179086680e50cbf9044
              • Instruction Fuzzy Hash: 1B019E70601B018FE325EF34C8405AA7BB5AF85305F04C96ED5868B2A1EB30F946CB81
              Function 04A79338 Relevance: .0, Instructions: 44COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2170333704.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4a70000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 09558bf5daf6255da46e9f3bb36251067adfb0470cf2adf8c56e78ebdd6dfa2e
              • Instruction ID: 0bbf637b8047bef65ee296e22028233a78607a88e835797739d5fcc3a2fac0f7
              • Opcode Fuzzy Hash: 09558bf5daf6255da46e9f3bb36251067adfb0470cf2adf8c56e78ebdd6dfa2e
              • Instruction Fuzzy Hash: 58014C71600B058FE735EF39C8009AA77F6BF85319B15C96ED8468B2A0EB30F941CB80
              Function 04A776F1 Relevance: .0, Instructions: 43COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2170333704.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4a70000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4059442ebb985dcc51bdf721427ebe40c6d408b32f729c6d21bc0d48c0574645
              • Instruction ID: c97cc319ea804d2946370c8242a82bdd7cfca244707bffe78dceff4663ff706a
              • Opcode Fuzzy Hash: 4059442ebb985dcc51bdf721427ebe40c6d408b32f729c6d21bc0d48c0574645
              • Instruction Fuzzy Hash: A601A43E3506008FCB38DB28D89496A37A2EFCA71472941AAD406CB365CA31EC42CB50
              Function 04A79779 Relevance: .0, Instructions: 42COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2170333704.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4a70000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ea8610d9bb4f2f5f9ebc30f134e5b94aeba7e5705c9dd87451eaa22c0ab95063
              • Instruction ID: 64442358ab618f0a5678fc4b09a4ebcd875ea3313ffa257d27735261aa9126b9
              • Opcode Fuzzy Hash: ea8610d9bb4f2f5f9ebc30f134e5b94aeba7e5705c9dd87451eaa22c0ab95063
              • Instruction Fuzzy Hash: 4DF0F679601600DFD7319B2AD48866ABBBBFFC5712B11455BE40697761DB31EC83CB80
              Function 04A7693F Relevance: .0, Instructions: 42COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2170333704.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4a70000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d74bbf636fcdfeb6424d3b6dfd49955cd11d4d668313d3a65ca5114829903729
              • Instruction ID: 9d18d4914ad8955b1177c052f25111394b9f21c81e258418a1ab052f6b44232b
              • Opcode Fuzzy Hash: d74bbf636fcdfeb6424d3b6dfd49955cd11d4d668313d3a65ca5114829903729
              • Instruction Fuzzy Hash: 2BF0D1B004E7806FC7368B349C509A2BFB8DE43224719449EDCC4CB153D521A80AC322
              Function 04A77908 Relevance: .0, Instructions: 42COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2170333704.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4a70000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: dee6767cf2d9ff6944c81f8d0c3dc465df805e23958a0a5b4de67775d7c9faab
              • Instruction ID: 187e015e9d46fd0ea62b17cc0e5f49bb6db561d66258a61601f1d6a5161051c9
              • Opcode Fuzzy Hash: dee6767cf2d9ff6944c81f8d0c3dc465df805e23958a0a5b4de67775d7c9faab
              • Instruction Fuzzy Hash: 9CF0F6353015104BDF3AAB399960ABD67A2DFD9724B04406DD805CB396DE24ED07D741
              Function 04A765E4 Relevance: .0, Instructions: 40COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2170333704.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4a70000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0784dc015430e713aa67a59e58ad5ca7091463f9c4572070f85fb7be416658bb
              • Instruction ID: 865e6ee5564f32b1eb29039bc9b4861972b018535f311b5b88f3697775c4d0de
              • Opcode Fuzzy Hash: 0784dc015430e713aa67a59e58ad5ca7091463f9c4572070f85fb7be416658bb
              • Instruction Fuzzy Hash: 4DF0E9393065119BDBB89B3F8C50F7A32E99FC6725704443AE402C3252DE20FD45D694
              Function 04A7D5C4 Relevance: .0, Instructions: 40COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2170333704.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4a70000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 93abaa5efbe5fdf859f229d059f56882998f25b3482942c51ffeb7e28a20ab92
              • Instruction ID: 7c0e3ec762cb31064931e4d3f789945c7cee2d85eb61e372977f094bf1556eea
              • Opcode Fuzzy Hash: 93abaa5efbe5fdf859f229d059f56882998f25b3482942c51ffeb7e28a20ab92
              • Instruction Fuzzy Hash: 0AF02B363001442BDB159F6D8C808BF3E9BDFC93147044815FA068B241CE35EC11A7A0
              Function 04A77700 Relevance: .0, Instructions: 40COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2170333704.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4a70000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 13f2068e6024629d897e280d645025c1a7e453f55e8f2688980c8ed06cbfcaf0
              • Instruction ID: 3ab7c683e54ef6fe2cb374a0ff9ae45ad1f57a5b25b5dcfc7b10a7454def2e48
              • Opcode Fuzzy Hash: 13f2068e6024629d897e280d645025c1a7e453f55e8f2688980c8ed06cbfcaf0
              • Instruction Fuzzy Hash: 41F0963A3506108FC738DB39C84096A33A6FBCA72472941A9E412CB374CB35FC41CB90
              Function 04A758E0 Relevance: .0, Instructions: 40COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2170333704.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4a70000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3dc5b91e44effb6912181e2965fdb486644f64136855a3165ed4746751bf2fde
              • Instruction ID: 1c8b71587c7e6e7afddbce9b93883d50866606d194108fc1c1ad89d905ac5084
              • Opcode Fuzzy Hash: 3dc5b91e44effb6912181e2965fdb486644f64136855a3165ed4746751bf2fde
              • Instruction Fuzzy Hash: EDF09071B001246B9F25B7E99D509BFBFBAAB8C614B100529EA05A7340CF312A1187E9
              Function 04A7799F Relevance: .0, Instructions: 40COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2170333704.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4a70000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: af58160dfc2978f221b0bc0d49f97706c89f5227ca13d25441a5f8f000ed8a9e
              • Instruction ID: 42139b6d338ea51ade70d99a2e7670a766ef125c2d2b97258dd3f242a9a9c36d
              • Opcode Fuzzy Hash: af58160dfc2978f221b0bc0d49f97706c89f5227ca13d25441a5f8f000ed8a9e
              • Instruction Fuzzy Hash: A3F0F03930A2508FDB345B3AAC90B7E27A54FC6A2570901AFE042C7693DA20F942D350
              Function 04A7FCD0 Relevance: .0, Instructions: 39COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2170333704.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4a70000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: abd49d42d8eefb497e3991425593c852417680a407d19f6b6908b5751b74bba2
              • Instruction ID: 16413432764541b3e860ae6715f73cb6da2368da7238587ca5b44c7f515cd22f
              • Opcode Fuzzy Hash: abd49d42d8eefb497e3991425593c852417680a407d19f6b6908b5751b74bba2
              • Instruction Fuzzy Hash: 8FF0C235A043549FCB29AB74A8585AE7BB6EFC5315F21C8AEE446CB342CE349C06CF50
              Function 04A79708 Relevance: .0, Instructions: 37COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2170333704.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4a70000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5fd7f67a8d23cba85f34108d7bdb6b906ae21b81b4e1cfa75c9e23ea80346b66
              • Instruction ID: 7265c8bec1f718f9c046268a909b84953ad1b08a4340d7683009ba78f63c02fe
              • Opcode Fuzzy Hash: 5fd7f67a8d23cba85f34108d7bdb6b906ae21b81b4e1cfa75c9e23ea80346b66
              • Instruction Fuzzy Hash: D9F0CD39A00704CBDB25BB78CD105BEB779EFC1610F04866ED9492B202EF70B9828AD5
              Function 04A79B10 Relevance: .0, Instructions: 37COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2170333704.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4a70000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 97d1d5cc0ffb3d88fa8a59fe18434ae8ff00c3805081975c910a351fb052e413
              • Instruction ID: 282cc687299b1234857e09ff0050b0f99a3e1f2d1f25c6c8d615886bfbc88650
              • Opcode Fuzzy Hash: 97d1d5cc0ffb3d88fa8a59fe18434ae8ff00c3805081975c910a351fb052e413
              • Instruction Fuzzy Hash: F6F054723006154FDB149F6AE89485ABBEAEFD4265310463AF50AC7221CF65ED068790
              Function 0055D744 Relevance: .0, Instructions: 36COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2148564731.000000000055D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0055D000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_55d000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9d56b57ad7381d4d65f92a6bcf96b2e39acd8de8a68b0597657dacb9a7cad4ae
              • Instruction ID: 8632cb9b96b3a3293320ff3b0ecdcca5c0c353383b54c0abb93ba8e66ba10012
              • Opcode Fuzzy Hash: 9d56b57ad7381d4d65f92a6bcf96b2e39acd8de8a68b0597657dacb9a7cad4ae
              • Instruction Fuzzy Hash: FCF06272404344AEE7208E15DD88B62FFA8EF95735F18C45BED084A696C3799844CBB1
              Function 04A7C7A1 Relevance: .0, Instructions: 36COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2170333704.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4a70000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 19ca0169ce6106187003594ab83093aed2afb36414094cdfd1b7e7445154244d
              • Instruction ID: 5dc087e666215e3f3411b55f12152e38a3f6d47168da645db97b5880a87fa1f9
              • Opcode Fuzzy Hash: 19ca0169ce6106187003594ab83093aed2afb36414094cdfd1b7e7445154244d
              • Instruction Fuzzy Hash: 56F0A77A7052418FDB248B2EDC989653BE5AF8672131E40AEE406CB772DF20EC42C710
              Function 04A76CD8 Relevance: .0, Instructions: 36COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2170333704.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4a70000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5626e573d3bea512974766923e6b9999bea36ec929f634ff37bb991fb4a11c41
              • Instruction ID: 771d98d811f5c732d1497e33c6624faacb9112d53d9c95d35129927aeb26dc6b
              • Opcode Fuzzy Hash: 5626e573d3bea512974766923e6b9999bea36ec929f634ff37bb991fb4a11c41
              • Instruction Fuzzy Hash: F701A271E00609DFCB40EFA8C5859ADBBF0EF49200B1485AAE859EB221E7709A44CB91
              Function 04A77918 Relevance: .0, Instructions: 36COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2170333704.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4a70000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c814b8239ba08ae356b4bb0adb83662c4ae75fe9cd8e5a06e67f9ef7e3ad282d
              • Instruction ID: edca96e0e8c65cf833f35e29aa0923952c2999818e936ad62bf8cd15ca387ba2
              • Opcode Fuzzy Hash: c814b8239ba08ae356b4bb0adb83662c4ae75fe9cd8e5a06e67f9ef7e3ad282d
              • Instruction Fuzzy Hash: BCF082353009204BDB79AB399924B3E72969FD9A24B14407DD405CB399DF34FC06D795
              Function 04A79B67 Relevance: .0, Instructions: 36COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2170333704.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4a70000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e7d6da6c9257895a6b08e5d8091b9666409e254a0705caa957f6442fb3b39eaa
              • Instruction ID: 1ba6e6006bbe0d43f727b1f8b362ecd5145d2e72a185db2329ece051182044c5
              • Opcode Fuzzy Hash: e7d6da6c9257895a6b08e5d8091b9666409e254a0705caa957f6442fb3b39eaa
              • Instruction Fuzzy Hash: 5DF04434201610CFC329DB29D598D857BF1FF4AB1531285DAE44ACB372CB62EC82CB40
              Function 04A74648 Relevance: .0, Instructions: 33COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2170333704.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4a70000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 10043eaf458f6f2d854e7d2603d6b44ed6f0a4b771f90bc73084531a5c8af77a
              • Instruction ID: 2017284b47402f4933bb16d1f73874ac229212ee429c4083b964147e0a30c4e6
              • Opcode Fuzzy Hash: 10043eaf458f6f2d854e7d2603d6b44ed6f0a4b771f90bc73084531a5c8af77a
              • Instruction Fuzzy Hash: 2CF0EC3170012627D304EB6ED41456FB79AEBC4710B408C2BE51E87280DF64BD0547D6
              Function 04A7FCE0 Relevance: .0, Instructions: 33COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2170333704.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4a70000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e8eccfb9035da6e47885fed5015f3cc552add5caaf128cf049ce753e40b7cfc8
              • Instruction ID: 21175df828587abbefefb1909d76e01f99fc7fa5d6750ac16a05a124b32c2de6
              • Opcode Fuzzy Hash: e8eccfb9035da6e47885fed5015f3cc552add5caaf128cf049ce753e40b7cfc8
              • Instruction Fuzzy Hash: 0CF05E31B003259FCB28AB69A81852E7BAAEBC4315F10C82DE446CB340CE35A806CB90
              Function 04A76CE8 Relevance: .0, Instructions: 33COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2170333704.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4a70000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e26b3b693c3fa3a092213b46d9974f97095fdf38ae2968b16eb170a88f8efb51
              • Instruction ID: 4243ceffdd30f352615e2fe6667d750750fc4abca0ae9b7f9b7c733986b7bd1f
              • Opcode Fuzzy Hash: e26b3b693c3fa3a092213b46d9974f97095fdf38ae2968b16eb170a88f8efb51
              • Instruction Fuzzy Hash: 0601B675D00609DFCB40EFACC54589DBBF4FF49210B1185AAE859EB321E770AA44CF91
              Function 04A79AFF Relevance: .0, Instructions: 33COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2170333704.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4a70000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b03cdb7ee720415224802347e4246b837a6a319546dd6f416e3dd648bc3fe1aa
              • Instruction ID: 9a28460a0c6d5e42f44bff5ca13f9d8e1382dfebe5f1ac13a1148cedc9bc1b6b
              • Opcode Fuzzy Hash: b03cdb7ee720415224802347e4246b837a6a319546dd6f416e3dd648bc3fe1aa
              • Instruction Fuzzy Hash: 19F0B4723002028BDB119B68E8D884A7FA9EFD53207100679F51A873A1CE61DD4787C0
              Function 04A7E8E8 Relevance: .0, Instructions: 32COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2170333704.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4a70000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 12aa28f52c88decf67ffe1c5cbecb4bb65d7ff7c91b9c7d47c0eadbf3d96fde0
              • Instruction ID: 133dcf5051e45d67e9f0f4e72eb846d102c1a39c2cce5fd3318ddfbb08d5c739
              • Opcode Fuzzy Hash: 12aa28f52c88decf67ffe1c5cbecb4bb65d7ff7c91b9c7d47c0eadbf3d96fde0
              • Instruction Fuzzy Hash: 22F027322041846FCB128B69A811EEE7FF6DFC9310B08485AF989C3153DA75A826DB61
              Function 04A78360 Relevance: .0, Instructions: 27COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2170333704.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4a70000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0819bbb2def4faf151d72df21fc4735bd4773e28e392b2a4163d3c2417dac5ae
              • Instruction ID: 366207cbbce741d7705f423406d43d93614d4c3a01b1b833583219abab131eb6
              • Opcode Fuzzy Hash: 0819bbb2def4faf151d72df21fc4735bd4773e28e392b2a4163d3c2417dac5ae
              • Instruction Fuzzy Hash: 9FE0D8B13097411BC313922EAC5884FFF96DFC6610329896BF545CF266DF64598783E4
              Function 04A7F57D Relevance: .0, Instructions: 26COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2170333704.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4a70000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b4f3c62d73b638f88790512e30a1923274ce55f566cde24aa6c7c1103551d77a
              • Instruction ID: 916753b05fdc4c3a1b67f24b7f8f9801bcd68584b0d1819e1cd468a98a8060cb
              • Opcode Fuzzy Hash: b4f3c62d73b638f88790512e30a1923274ce55f566cde24aa6c7c1103551d77a
              • Instruction Fuzzy Hash: 14F01270F0020ADFEB289FB5D8543AD7AB2AF48705F104479D005E6290DF7859418FAA
              Function 04A7E8F8 Relevance: .0, Instructions: 25COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2170333704.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4a70000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 917eb88902f7f4c98c5574cc867d7ca0b2ab87d19ea5c7b9015f8d96136163d3
              • Instruction ID: d72bb7dc06b8ed96e960a7ab3629d9ff95f6cb32db97a90779d30e75c652618b
              • Opcode Fuzzy Hash: 917eb88902f7f4c98c5574cc867d7ca0b2ab87d19ea5c7b9015f8d96136163d3
              • Instruction Fuzzy Hash: 9EE092322005496BCB159B5AE800E9E7BEADFCC320B048416F949C7152CAB5A92197A0
              Function 04A778D3 Relevance: .0, Instructions: 24COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2170333704.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4a70000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d633563a1e517e83afc7f8eac04318bbab96ffb8c9fc90bf79cdaace2af7ca67
              • Instruction ID: 83ea4f85267b8d83c86947bb3f6cf7b5c9587a68e034e2b607965a1f01b746a6
              • Opcode Fuzzy Hash: d633563a1e517e83afc7f8eac04318bbab96ffb8c9fc90bf79cdaace2af7ca67
              • Instruction Fuzzy Hash: 2EE0867431A6004FC369DB2CE8808A97BE69F4930132946EFF049C7772D660EC468740
              Function 04A74958 Relevance: .0, Instructions: 23COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2170333704.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4a70000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 30836e08e8038aa75fcc2fc4180dc5a8866ae70b4e3437369d1907231bf464a4
              • Instruction ID: b56a7fb76fae443ba7955bb89e261f1d412710391d3c2e56aefdfc2060589197
              • Opcode Fuzzy Hash: 30836e08e8038aa75fcc2fc4180dc5a8866ae70b4e3437369d1907231bf464a4
              • Instruction Fuzzy Hash: FCF0E574909249EFC701EFA4E95149DBFF1EB06200B1081A9E844A7265C7391F15D755
              Function 04A71374 Relevance: .0, Instructions: 22COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2170333704.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4a70000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3a59f92fe595d74515571d0b46bf0c61945c448d274692f3c10bf0f44cef2de7
              • Instruction ID: 8ffd22806e2df3e53cac87cfbc28695fef30b54232b3ca82851eba12879bdf1f
              • Opcode Fuzzy Hash: 3a59f92fe595d74515571d0b46bf0c61945c448d274692f3c10bf0f44cef2de7
              • Instruction Fuzzy Hash: 9DF0C93AA01108CFCB24EFA8D6845DCB7F1EB88316F2000B9D506B7350DB326E40CB60
              Function 04A778E0 Relevance: .0, Instructions: 19COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2170333704.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4a70000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6474c537dd0b3d069e04e0babb17288d01a38d25c9e3bd82f054f5dc3162d737
              • Instruction ID: b5408f70f573b09d9b793046b6a5fd8db8b1bc7f078fb28fe48ce969a5397c4b
              • Opcode Fuzzy Hash: 6474c537dd0b3d069e04e0babb17288d01a38d25c9e3bd82f054f5dc3162d737
              • Instruction Fuzzy Hash: C3D05E303147149FC768DB5CE840C6AB3EAEF893103248AAAF409C7771DA60FC058784
              Function 04A74968 Relevance: .0, Instructions: 19COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2170333704.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4a70000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: aa92b399a4aa0fac0d47b0cf572b337c2ba625e533c77eb6718b6be2a3e18592
              • Instruction ID: d71d83a4530c59427be5195910dc3a8cd2cec3248615de7b8cc0cc50da8ce8cd
              • Opcode Fuzzy Hash: aa92b399a4aa0fac0d47b0cf572b337c2ba625e533c77eb6718b6be2a3e18592
              • Instruction Fuzzy Hash: 59E08674A01209EFCB00EFE4E54545DBBF5EB49300B208579EC08A7364DB362F00AB51
              Function 04A7F458 Relevance: .0, Instructions: 14COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2170333704.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4a70000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: aba4810bcf232efb186563390a16ea3ca169eabebb032335e836a31b5a30b816
              • Instruction ID: 5d3ced5f97f9d81cc473e24e82f89d70cf0932f46a7e1c5a7993c058995abb82
              • Opcode Fuzzy Hash: aba4810bcf232efb186563390a16ea3ca169eabebb032335e836a31b5a30b816
              • Instruction Fuzzy Hash: 4BD0A77A1175828FCF43DF25EAC20943F71DE4360036844D4E0408F11BDA2CA59FCB10

              Non-executed Functions

              Function 06B02BE0 Relevance: 1.6, Strings: 1, Instructions: 312COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2173474616.0000000006B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_6b00000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID: O,
              • API String ID: 0-1074913414
              • Opcode ID: 8a5199accb2efa8837d8c7794b1d735989357b889dfbeb80c54d2954d0eb6b2a
              • Instruction ID: 8f80b88c8289b049ed5ea75c5b7c34f2cf16322cf2b99bac9faca6ec7ff49ec0
              • Opcode Fuzzy Hash: 8a5199accb2efa8837d8c7794b1d735989357b889dfbeb80c54d2954d0eb6b2a
              • Instruction Fuzzy Hash: B3E1E7B4E102198FDB54DFA8C5849AEBFF2FF89304F2481A9D414AB355D730AA46CF61
              Function 06B00C98 Relevance: .3, Instructions: 312COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2173474616.0000000006B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_6b00000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d39f589d5703bbf6095131cf7dee09efc2a68ee15b91f8a8fc9209784fad589c
              • Instruction ID: 49b468b700c0b01d297789e4b339fd15fa11baccad778f89405c0a69e91fa3bc
              • Opcode Fuzzy Hash: d39f589d5703bbf6095131cf7dee09efc2a68ee15b91f8a8fc9209784fad589c
              • Instruction Fuzzy Hash: 15E1E7B4E142198FDB14DFA8C580AAEBFF2FF89304F248169D454AB355D731A942CFA1
              Function 06B010D0 Relevance: .3, Instructions: 312COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2173474616.0000000006B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_6b00000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 108c4ee91b2054477193b194dc1fc8a103296d628d3754feae404a5a571faefa
              • Instruction ID: 78c8f6cafd6d8d7259937bc80269b90246623c61f0c941f3a6bef7ed5692be77
              • Opcode Fuzzy Hash: 108c4ee91b2054477193b194dc1fc8a103296d628d3754feae404a5a571faefa
              • Instruction Fuzzy Hash: 65E1E6B4E102198FDB54DFA9C5809AEBFF2FF89304F2481A9D415AB355D730A942CFA1
              Function 06B01508 Relevance: .3, Instructions: 312COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2173474616.0000000006B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_6b00000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: bb02491b1304880b8f6365121852c203223370f9a79571e9d3a3e9895efc8d76
              • Instruction ID: 93187588b583b8645efafd2c709d7f1550d1a81c7e66947e80917ddf50f8e1c5
              • Opcode Fuzzy Hash: bb02491b1304880b8f6365121852c203223370f9a79571e9d3a3e9895efc8d76
              • Instruction Fuzzy Hash: 20E1E6B4E102198FDB54DFA9C5809AEBFF2FF89304F2481A9D454AB355D730A942CFA1
              Function 06B01940 Relevance: .3, Instructions: 312COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2173474616.0000000006B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_6b00000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7126c5e269ac3e08a7cb5abdbcd51b660c6c3f4a02d61864d40dd3147bd99b05
              • Instruction ID: ab11c6e4c61bf3ff63b4911e8226bd6b8bac33e2a183570abd13667a2083cafe
              • Opcode Fuzzy Hash: 7126c5e269ac3e08a7cb5abdbcd51b660c6c3f4a02d61864d40dd3147bd99b05
              • Instruction Fuzzy Hash: F1E1E4B4E102198FDB14DFA9C5809AEBFF2FF89304F2481A9D414AB355D730A942CFA1
              Function 06A184D8 Relevance: .3, Instructions: 312COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2173322732.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_6a10000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 16b1677af17e0027aa91bd32eebfd49fe3f0a93596758ce7e001a1071bac8bdb
              • Instruction ID: d0fffeb661f4ef3c06b5a44de8b563e4451d949216eeb26a7e0e86b26f919bfc
              • Opcode Fuzzy Hash: 16b1677af17e0027aa91bd32eebfd49fe3f0a93596758ce7e001a1071bac8bdb
              • Instruction Fuzzy Hash: 7BE10874E102198FCB54EFA9C5809AEFBF2FF89304F24816AD414AB355D734A942CFA1
              Function 06A18018 Relevance: .3, Instructions: 312COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2173322732.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_6a10000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5d1f0c07f77dec0562f3795cd7392f07e3bb7dce9bc1596ee031ccb3603e6aef
              • Instruction ID: 6346954ee641940ff6841a4cdbceea0e72e4336ea4529b30e27d7cdf79cd14cb
              • Opcode Fuzzy Hash: 5d1f0c07f77dec0562f3795cd7392f07e3bb7dce9bc1596ee031ccb3603e6aef
              • Instruction Fuzzy Hash: 79E11874E102198FCB54EFA9C5809AEFBF2FF89304F248169D854AB355D734A942CFA1
              Function 06A18D88 Relevance: .3, Instructions: 312COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2173322732.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_6a10000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 03687075adbcab60e8ffd54a664366e637a90980646cf5efd63335c8b17316cc
              • Instruction ID: 7146012f0c24f104fe4a44315f92d17b8ef8614ef60a27d6dd2d894ce8859ee2
              • Opcode Fuzzy Hash: 03687075adbcab60e8ffd54a664366e637a90980646cf5efd63335c8b17316cc
              • Instruction Fuzzy Hash: 1BE10674E001198FDB54EFA9C5909AEFBF2FF89304F248169D418AB355D734A942CFA1
              Function 06A17BE0 Relevance: .3, Instructions: 312COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2173322732.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_6a10000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c09c72e12ddddb4237ac256b63dac78e9384fb16ebfc5f7661fc876e2e04cc6b
              • Instruction ID: 664304b40c1491347c018bb451e778fde62d124359cc973b4563ddb0c19a3d90
              • Opcode Fuzzy Hash: c09c72e12ddddb4237ac256b63dac78e9384fb16ebfc5f7661fc876e2e04cc6b
              • Instruction Fuzzy Hash: 34E1F674E002198FDB14EFA9C5809AEFBF2FF89304F649169D415AB355D730A942CFA1
              Function 0236D3C4 Relevance: .3, Instructions: 264COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2152295319.0000000002360000.00000040.00000800.00020000.00000000.sdmp, Offset: 02360000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2360000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3a6d633ed451aa669e72d67a230deeb746b6489bedf2fb248ed1a2d8bd16c1e6
              • Instruction ID: ebf7558f710f63b0b5492c1256ac7de22fcfd966279d7662c4051b362a91c191
              • Opcode Fuzzy Hash: 3a6d633ed451aa669e72d67a230deeb746b6489bedf2fb248ed1a2d8bd16c1e6
              • Instruction Fuzzy Hash: 58A19036E00205CFCF15DFB4D8485AEB7BAFF85304B15856AE906AB269DB31D916CF40
              Function 06A1AA10 Relevance: .2, Instructions: 169COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2173322732.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_6a10000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b52559d851bff2302d073eb6b9d0c64b101b98f6fa9a77d895ad7f514a22c68d
              • Instruction ID: bd969bfe2d89cb3dfa158d1cca8d40ff8a4435fa90f930a3ee2d5926b24fd225
              • Opcode Fuzzy Hash: b52559d851bff2302d073eb6b9d0c64b101b98f6fa9a77d895ad7f514a22c68d
              • Instruction Fuzzy Hash: E1718F74E016188FDB44DFAAC98499EFBF2BF88310F18C166E459AB215D734A942CF50
              Function 06B01931 Relevance: .1, Instructions: 140COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2173474616.0000000006B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_6b00000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8d5f2c370b142fff1db5a8978d368e759d08661d1c89f839fd5ac59c2df95772
              • Instruction ID: 6c66d7fbcb1fcace1759a5257dfee7efdcdc3489e7041125df38d848e96807dd
              • Opcode Fuzzy Hash: 8d5f2c370b142fff1db5a8978d368e759d08661d1c89f839fd5ac59c2df95772
              • Instruction Fuzzy Hash: D751ECB4E102198FDB14DFA9D9405AEBFF2EF89304F24C1A9D418A7356D7309A46CFA1
              Function 06A1A788 Relevance: .1, Instructions: 140COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2173322732.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_6a10000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d59cc7c5cfc4b4fa71ba8ecfc96758ff8a47028f430cbfe6fe74e1f7b9f8ef12
              • Instruction ID: e4b0bcf26deae58cdb4e626cd8140a219bab7760d517a9abc03910882edea9b3
              • Opcode Fuzzy Hash: d59cc7c5cfc4b4fa71ba8ecfc96758ff8a47028f430cbfe6fe74e1f7b9f8ef12
              • Instruction Fuzzy Hash: A2517275D016199FDB04DFE6C9446EEFBB2FF89311F10802AE919AB254D7345A46CF40
              Function 06A1A778 Relevance: .1, Instructions: 136COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2173322732.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_6a10000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6cf739856cd70f6f665a8420ba1b585a5a9e10790ef5620963804446955c24bd
              • Instruction ID: f6d2fcf5c95bb31f8b11467466393321fa93c8f77798e7e419f7e9efe142ad9e
              • Opcode Fuzzy Hash: 6cf739856cd70f6f665a8420ba1b585a5a9e10790ef5620963804446955c24bd
              • Instruction Fuzzy Hash: 8751D8B5E016199FDB04DFAAD8446DEFBF2BF88310F14C02AE519AB254D7349A46CF50
              Function 06B014F8 Relevance: .1, Instructions: 133COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2173474616.0000000006B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_6b00000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6709ee08fe01036b42eee2c5091e613cc6798a23b517354265c2aad526327ecd
              • Instruction ID: 07198f760599c223c8f09ca21a0b037146efafa83f77ed6ff8e64660f27bdd25
              • Opcode Fuzzy Hash: 6709ee08fe01036b42eee2c5091e613cc6798a23b517354265c2aad526327ecd
              • Instruction Fuzzy Hash: C051FBB4E112198BDB14DFA9C9805AEBFF2FF89304F24C1A9D418AB355D7319941CFA1
              Function 06A1A9FF Relevance: .1, Instructions: 131COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2173322732.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_6a10000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 57c0b7140a84a4301de00bf97cec55ea20cd6163c80f6e109ab63d72b57e72ae
              • Instruction ID: 0ea572559e2825f10abfc93b439710027a64036befb1f37aa199dc2b9bba0163
              • Opcode Fuzzy Hash: 57c0b7140a84a4301de00bf97cec55ea20cd6163c80f6e109ab63d72b57e72ae
              • Instruction Fuzzy Hash: 2B51A075E016188FDB48DFAAC98459EFBF2BF88310F18C16AD819AB315DB349946CF50
              Function 04A70318 Relevance: 41.7, Strings: 33, Instructions: 439COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2170333704.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4a70000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID: 4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q
              • API String ID: 0-2711123852
              • Opcode ID: 04e127641cdd79b2e7c23dc420bdffd69f02605ab9c6f566b382b607188aa62f
              • Instruction ID: 3592e04d84a05dd2412eb9f7bc5c3352c17d0b3ecbc6e4dcb785cbb102305848
              • Opcode Fuzzy Hash: 04e127641cdd79b2e7c23dc420bdffd69f02605ab9c6f566b382b607188aa62f
              • Instruction Fuzzy Hash: 3C123DB0E0130A8FCB18EF74E99569D7BFAFB80700F204969E049AF265DF3469558F91
              Function 04A70328 Relevance: 41.7, Strings: 33, Instructions: 434COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2170333704.0000000004A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A70000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_4a70000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID: 4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q
              • API String ID: 0-2711123852
              • Opcode ID: 88816a3065a84ebfb2eff860b2e81926da49249fc450b749d0f98bab194af13a
              • Instruction ID: 03c63e0c6bb5e122c16580eb8c4f22110ea2136997a719ed9e72baa7376f05d9
              • Opcode Fuzzy Hash: 88816a3065a84ebfb2eff860b2e81926da49249fc450b749d0f98bab194af13a
              • Instruction Fuzzy Hash: C2123CB0E0130A8FCB18EF74E99569D7BFAFB80700F204969E049AF265DF3469558F91

              Execution Graph

              Execution Coverage:0.6%
              Dynamic/Decrypted Code Coverage:6.5%
              Signature Coverage:1.6%
              Total number of Nodes:62
              Total number of Limit Nodes:5
              execution_graph 94552 42fce3 94553 42fc53 94552->94553 94555 42fcb0 94553->94555 94558 42ead3 94553->94558 94556 42fc8d 94561 42e9f3 94556->94561 94564 42cc53 94558->94564 94560 42eaee 94560->94556 94567 42cca3 94561->94567 94563 42ea0c 94563->94555 94565 42cc70 94564->94565 94566 42cc81 RtlAllocateHeap 94565->94566 94566->94560 94568 42ccc0 94567->94568 94569 42ccd1 RtlFreeHeap 94568->94569 94569->94563 94570 42bf03 94571 42bf20 94570->94571 94574 11e2df0 LdrInitializeThunk 94571->94574 94572 42bf48 94574->94572 94582 425033 94583 42504c 94582->94583 94584 425097 94583->94584 94587 4250d7 94583->94587 94589 4250dc 94583->94589 94585 42e9f3 RtlFreeHeap 94584->94585 94586 4250a7 94585->94586 94588 42e9f3 RtlFreeHeap 94587->94588 94588->94589 94590 42fbb3 94591 42fbc3 94590->94591 94592 42fbc9 94590->94592 94593 42ead3 RtlAllocateHeap 94592->94593 94594 42fbef 94593->94594 94575 411ca3 94576 411cb8 94575->94576 94579 42c923 94576->94579 94578 411cd1 94580 42c93d 94579->94580 94581 42c94e NtClose 94580->94581 94581->94578 94595 401ad8 94596 401ae0 94595->94596 94599 430083 94596->94599 94602 42e5b3 94599->94602 94601 401b8e 94603 42e5d9 94602->94603 94608 407593 94603->94608 94605 42e5ef 94607 42e60e 94605->94607 94611 41b383 NtClose 94605->94611 94607->94601 94610 4075a0 94608->94610 94612 4166f3 94608->94612 94610->94605 94611->94607 94613 416710 94612->94613 94615 416729 94613->94615 94616 42d383 94613->94616 94615->94610 94618 42d39d 94616->94618 94617 42d3cc 94617->94615 94618->94617 94623 42bf53 94618->94623 94621 42e9f3 RtlFreeHeap 94622 42d445 94621->94622 94622->94615 94624 42bf6d 94623->94624 94627 11e2c0a 94624->94627 94625 42bf99 94625->94621 94628 11e2c1f LdrInitializeThunk 94627->94628 94629 11e2c11 94627->94629 94628->94625 94629->94625

              Executed Functions

              Function 0042C923 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 28 42c923-42c95c call 4048c3 call 42db73 NtClose
              APIs
              • NtClose.NTDLL(00424D04,?,00000000,?,?,00424D04,?,0000A9D9), ref: 0042C957
              Memory Dump Source
              • Source File: 00000004.00000002.2323640935.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_400000_SecuriteInfo.jbxd
              Yara matches
              Similarity
              • API ID: Close
              • String ID:
              • API String ID: 3535843008-0
              • Opcode ID: 6b3b3c426d2163172bf3aa156b19c735216ea530695cccb968454dd5543b0e58
              • Instruction ID: eb0b2d780336f930fed0978dcc95a9ae672d0310119330f723e2138eb72c8308
              • Opcode Fuzzy Hash: 6b3b3c426d2163172bf3aa156b19c735216ea530695cccb968454dd5543b0e58
              • Instruction Fuzzy Hash: 8CE086762442547BD610FA5AEC01FD7B75CDFC5714F00841AFB1867281C670790187F4
              Function 011E2DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 37 11e2df0-11e2dfc LdrInitializeThunk
              APIs
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID: InitializeThunk
              • String ID:
              • API String ID: 2994545307-0
              • Opcode ID: aaaa47c61fe033c8ae60ddee7bc14cb19a7089b35fa0563c11ae5a66e21b4468
              • Instruction ID: 8bbe7ace7dc8c73456ee74beecaee5e41bb012b8589db98bc21e234580caf02c
              • Opcode Fuzzy Hash: aaaa47c61fe033c8ae60ddee7bc14cb19a7089b35fa0563c11ae5a66e21b4468
              • Instruction Fuzzy Hash: 5590023120180413D515715846047070009D7D1241F95C416A1425558DD766CA66A221
              Function 0042CC53 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 18 42cc53-42cc97 call 4048c3 call 42db73 RtlAllocateHeap
              APIs
              • RtlAllocateHeap.NTDLL(00000104,?,00424D0F,?,?,00424D0F,?,00000104,?,0000A9D9), ref: 0042CC92
              Memory Dump Source
              • Source File: 00000004.00000002.2323640935.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_400000_SecuriteInfo.jbxd
              Yara matches
              Similarity
              • API ID: AllocateHeap
              • String ID:
              • API String ID: 1279760036-0
              • Opcode ID: bb5c96e3ea438c1fafeff01b23d45c62e3cc3c0529c70b6fc417dd3fb41a58ed
              • Instruction ID: aa9b478c3da0df445d5dcc445698a16d9d1f36480510528e8c0c2af08e0909bf
              • Opcode Fuzzy Hash: bb5c96e3ea438c1fafeff01b23d45c62e3cc3c0529c70b6fc417dd3fb41a58ed
              • Instruction Fuzzy Hash: 22E06DB62012087BD610EE59EC41F9B37ACDFC4714F008519F908A7241C670B91186B8
              Function 0042CCA3 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 23 42cca3-42cce7 call 4048c3 call 42db73 RtlFreeHeap
              APIs
              • RtlFreeHeap.NTDLL(00000000,00000004,00000000,8BF44D89,00000007,00000000,00000004,00000000,004172B7,000000F4), ref: 0042CCE2
              Memory Dump Source
              • Source File: 00000004.00000002.2323640935.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_400000_SecuriteInfo.jbxd
              Yara matches
              Similarity
              • API ID: FreeHeap
              • String ID:
              • API String ID: 3298025750-0
              • Opcode ID: 9eacc333c94ce17935b362aed0592d509582fb615880c6b4ab5fa556899083e8
              • Instruction ID: fc3be202ab7a517368a152a3b01141b25cd9884c49f369d9f31264280699155c
              • Opcode Fuzzy Hash: 9eacc333c94ce17935b362aed0592d509582fb615880c6b4ab5fa556899083e8
              • Instruction Fuzzy Hash: D1E092B67102087FD610EE59DC41FEB37ACEFC5714F004419FA08A7241C670B91187B9
              Function 011E2C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 33 11e2c0a-11e2c0f 34 11e2c1f-11e2c26 LdrInitializeThunk 33->34 35 11e2c11-11e2c18 33->35
              APIs
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID: InitializeThunk
              • String ID:
              • API String ID: 2994545307-0
              • Opcode ID: 04c5527ef9d84566b5da584b905ad2c050401515cbb3470eca2c005908fae471
              • Instruction ID: f0d4fc4b3ee57a9efec2b01af106d48a2aff7c8fa0353080499e2426daf40731
              • Opcode Fuzzy Hash: 04c5527ef9d84566b5da584b905ad2c050401515cbb3470eca2c005908fae471
              • Instruction Fuzzy Hash: 2AB09B71901DC5C5DE15E7A4470C7177954B7D1701F25C065D3030741F4738C1E5E275

              Non-executed Functions

              Function 01222349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
              • API String ID: 0-2160512332
              • Opcode ID: 6388aa282fdbdce4127f7a9e6657ec276e04d7229ce92d60b33a423cd4102e76
              • Instruction ID: 12d41cf3874bd4f89cc912e5e5744d5300e031d152a7eb3274b826d6a2290c32
              • Opcode Fuzzy Hash: 6388aa282fdbdce4127f7a9e6657ec276e04d7229ce92d60b33a423cd4102e76
              • Instruction Fuzzy Hash: AA92AC71628352EFE725DE28C880B6FB7E8BB88714F04492DFA94D7250D775E844CB92
              Function 011D8620 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
              Download Yara Rule
              Strings
              • corrupted critical section, xrefs: 012154C2
              • 8, xrefs: 012152E3
              • Critical section debug info address, xrefs: 0121541F, 0121552E
              • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 0121540A, 01215496, 01215519
              • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 012154CE
              • Address of the debug info found in the active list., xrefs: 012154AE, 012154FA
              • double initialized or corrupted critical section, xrefs: 01215508
              • undeleted critical section in freed memory, xrefs: 0121542B
              • Critical section address., xrefs: 01215502
              • Thread identifier, xrefs: 0121553A
              • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 012154E2
              • Critical section address, xrefs: 01215425, 012154BC, 01215534
              • Thread is in a state in which it cannot own a critical section, xrefs: 01215543
              • Invalid debug info address of this critical section, xrefs: 012154B6
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
              • API String ID: 0-2368682639
              • Opcode ID: 7057cf4330a7e9fbc0b2fcd350d642db36e306ff2bb03182a4aa4ece32d23846
              • Instruction ID: d10d02d5224c30e11b1cf5df6faad30615afe07c6ff5890b4c226734faac7af9
              • Opcode Fuzzy Hash: 7057cf4330a7e9fbc0b2fcd350d642db36e306ff2bb03182a4aa4ece32d23846
              • Instruction Fuzzy Hash: 4B81BEB1A50349AFDB24CF99C845BAEBBF5FB49714F108159FA04B7280D3B5A941CB60
              Function 011D29F9 Relevance: 14.2, Strings: 11, Instructions: 411COMMON
              Download Yara Rule
              Strings
              • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 01212412
              • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 012122E4
              • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 01212506
              • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 01212602
              • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 012124C0
              • @, xrefs: 0121259B
              • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 01212498
              • RtlpResolveAssemblyStorageMapEntry, xrefs: 0121261F
              • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 012125EB
              • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 01212624
              • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 01212409
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
              • API String ID: 0-4009184096
              • Opcode ID: 3a34432e8be83f38ad7eabe16b21794158733e7bae0c5d31881d1423266a02f1
              • Instruction ID: 4cf605444c92a2335d3570b62ce8ab6c9e235fdf88bfaedd3b429bdee00340e7
              • Opcode Fuzzy Hash: 3a34432e8be83f38ad7eabe16b21794158733e7bae0c5d31881d1423266a02f1
              • Instruction Fuzzy Hash: 8D027FB1D002299FDB35DB54CC80BEAB7B8AB55704F1141EAE709A7241EB70AF84CF59
              Function 01248B42 Relevance: 12.6, Strings: 10, Instructions: 146COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
              • API String ID: 0-2515994595
              • Opcode ID: 603fb19348c1858a666f9b44bc79bc36f91db9224b92dda58b932c78376182dc
              • Instruction ID: dfc54a648b929e7d65cb670a86876515c66cede75d2b119cf9552961a6633de1
              • Opcode Fuzzy Hash: 603fb19348c1858a666f9b44bc79bc36f91db9224b92dda58b932c78376182dc
              • Instruction Fuzzy Hash: DF51D1715353029BD32EDFA8D848BABBBE8FF98254F14491DEA95C3280E770D604C792
              Function 01250274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
              • API String ID: 0-1700792311
              • Opcode ID: 968a30d341a5175a234d2228983e15e466852dd14e14541118c39f19e5f19306
              • Instruction ID: b0c5ec9f9c12b442d04a03ac8002acc99ed4f91828a5e9df5ed10da81b56af5f
              • Opcode Fuzzy Hash: 968a30d341a5175a234d2228983e15e466852dd14e14541118c39f19e5f19306
              • Instruction Fuzzy Hash: DDD11F31520286DFDB6ADF68D881AAEBFF1FF49704F088059F9559B252C734D981CB18
              Function 012289B3 Relevance: 9.0, Strings: 7, Instructions: 259COMMON
              Download Yara Rule
              Strings
              • VerifierDebug, xrefs: 01228CA5
              • VerifierFlags, xrefs: 01228C50
              • VerifierDlls, xrefs: 01228CBD
              • HandleTraces, xrefs: 01228C8F
              • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 01228A67
              • AVRF: -*- final list of providers -*- , xrefs: 01228B8F
              • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 01228A3D
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
              • API String ID: 0-3223716464
              • Opcode ID: 3af404f86c1f80c72f9f432c5e21ae9b117f90dc15bf97d8fb5850d86f908991
              • Instruction ID: 996ae53931a105cab5272021eaf83b8975cc89fcee383ed115be9ccc3aed6f60
              • Opcode Fuzzy Hash: 3af404f86c1f80c72f9f432c5e21ae9b117f90dc15bf97d8fb5850d86f908991
              • Instruction Fuzzy Hash: 39913472A65322BFEB26EF2CD881B2E77E4AB54B14F05445DFA40AB240D770DC04CB95
              Function 011AEA80 Relevance: 8.6, Strings: 6, Instructions: 1073COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T${
              • API String ID: 0-1109411897
              • Opcode ID: f0ae96d036c917e5f33b8361b4733faab4c8622b396e54f9d447cbe38dab44ef
              • Instruction ID: bfd4bbf0a57c1f59c37ccec9da7cebffe3c8f70f9967994f7f3386ce1270705f
              • Opcode Fuzzy Hash: f0ae96d036c917e5f33b8361b4733faab4c8622b396e54f9d447cbe38dab44ef
              • Instruction Fuzzy Hash: 86A28D74A1566A8FDB69DF18CC887ADBBB1EF45304F5182E9D60DA7291DB309E81CF00
              Function 011D63FF Relevance: 7.8, Strings: 6, Instructions: 261COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
              • API String ID: 0-792281065
              • Opcode ID: 943d63ad029cf312498535f2f656b022f486d56a818c8e20a732d2f389d84af9
              • Instruction ID: 30f071d5f1f148ccd89bbd7bed5d7b3e572333864bf1c879839b96b1010af99f
              • Opcode Fuzzy Hash: 943d63ad029cf312498535f2f656b022f486d56a818c8e20a732d2f389d84af9
              • Instruction Fuzzy Hash: 6B913A70B107569BEB3EEF5CE848BEE3BE1BB61B24F100129D6046B289D7745841CBD1
              Function 0119645D Relevance: 7.6, Strings: 6, Instructions: 150COMMON
              Download Yara Rule
              Strings
              • Getting the shim engine exports failed with status 0x%08lx, xrefs: 011F9A01
              • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 011F9A2A
              • minkernel\ntdll\ldrinit.c, xrefs: 011F9A11, 011F9A3A
              • LdrpInitShimEngine, xrefs: 011F99F4, 011F9A07, 011F9A30
              • apphelp.dll, xrefs: 01196496
              • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 011F99ED
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
              • API String ID: 0-204845295
              • Opcode ID: c4a3a1c0c1d153109c5a5f88e1fc72ec88f07385fa234280c09657473f178307
              • Instruction ID: c923c91787860cdba6ee5da4bc0a796fa1aca3d9bf8db214579a036b10de3746
              • Opcode Fuzzy Hash: c4a3a1c0c1d153109c5a5f88e1fc72ec88f07385fa234280c09657473f178307
              • Instruction Fuzzy Hash: C751A2712083059FEB2DEF28D885BAB77E4FF84648F01491DF69597264E730E944CBA2
              Function 011D2674 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
              Download Yara Rule
              Strings
              • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 01212180
              • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 01212178
              • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 0121219F
              • SXS: %s() passed the empty activation context, xrefs: 01212165
              • RtlGetAssemblyStorageRoot, xrefs: 01212160, 0121219A, 012121BA
              • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 012121BF
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
              • API String ID: 0-861424205
              • Opcode ID: 403c5f0587b5c112b6f19861a9ffc65f4a11d85baed7dc0f7152cf3832eff12a
              • Instruction ID: cbf010f4c766ee6ea11370686b2f5fd88fd35fa4af5087039ae22fd483ba3ff0
              • Opcode Fuzzy Hash: 403c5f0587b5c112b6f19861a9ffc65f4a11d85baed7dc0f7152cf3832eff12a
              • Instruction Fuzzy Hash: 47315736F50225B7E739DA998C81F6B7AB8DF72A40F264058FB1077145D3709A00C6A1
              Function 011DC6A6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
              Download Yara Rule
              Strings
              • minkernel\ntdll\ldrredirect.c, xrefs: 01218181, 012181F5
              • minkernel\ntdll\ldrinit.c, xrefs: 011DC6C3
              • LdrpInitializeProcess, xrefs: 011DC6C4
              • LdrpInitializeImportRedirection, xrefs: 01218177, 012181EB
              • Unable to build import redirection Table, Status = 0x%x, xrefs: 012181E5
              • Loading import redirection DLL: '%wZ', xrefs: 01218170
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
              • API String ID: 0-475462383
              • Opcode ID: f2fee530c52eb892aa2515df567c788f62a2b099b628be0259408d87e04027f0
              • Instruction ID: b5c4109a5c36924f163b4d6fbbf1d30c6d5d089681aed889e86d57ad12ce64ae
              • Opcode Fuzzy Hash: f2fee530c52eb892aa2515df567c788f62a2b099b628be0259408d87e04027f0
              • Instruction Fuzzy Hash: 44310471754346AFD228EB2CD889E2A77D4EFA4F14F05095CF9456B391E720ED04C7A2
              Function 011E096E Relevance: 6.6, APIs: 4, Instructions: 606COMMON
              Download Yara Rule
              APIs
                • Part of subcall function 011E2DF0: LdrInitializeThunk.NTDLL ref: 011E2DFA
              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 011E0BA3
              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 011E0BB6
              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 011E0D60
              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 011E0D74
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
              • String ID:
              • API String ID: 1404860816-0
              • Opcode ID: 465dde23eb81e2bef9d1fad934dfbf98b9b88ff8798b80aed4d348a9a48b0fdf
              • Instruction ID: 667879fcb941ccc7816ce8e2bd58d33e18631d6c43bb1eecc7fb946b169f423c
              • Opcode Fuzzy Hash: 465dde23eb81e2bef9d1fad934dfbf98b9b88ff8798b80aed4d348a9a48b0fdf
              • Instruction Fuzzy Hash: A8429D71A00716DFDB25CF68C894BAAB7F5FF08304F0445A9E989DB245E770AA84CF61
              Function 011AA3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
              • API String ID: 0-379654539
              • Opcode ID: fe401db8e55f9945acdb54f39b311e1c9d93891af200d34c16bd442202f07e27
              • Instruction ID: 19accd501ae6cea20abe2b7de441f9454a39aeb20f8f4de52102b9cc02d7cd83
              • Opcode Fuzzy Hash: fe401db8e55f9945acdb54f39b311e1c9d93891af200d34c16bd442202f07e27
              • Instruction Fuzzy Hash: B8C1CF78108382CFD72ACF58D044B6ABBE4FF84704F45896AFA958B291E334C949CB57
              Function 011D8402 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
              Download Yara Rule
              Strings
              • @, xrefs: 011D8591
              • minkernel\ntdll\ldrinit.c, xrefs: 011D8421
              • LdrpInitializeProcess, xrefs: 011D8422
              • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 011D855E
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
              • API String ID: 0-1918872054
              • Opcode ID: d3ba5e1e0ec6b030035cb076ed5a4dd52969a76ba9d4a305cce57414dce7c8e0
              • Instruction ID: a96891278f3e63e7442a222cfdfce5fe860605dcd858a0825e8a756ea52d1976
              • Opcode Fuzzy Hash: d3ba5e1e0ec6b030035cb076ed5a4dd52969a76ba9d4a305cce57414dce7c8e0
              • Instruction Fuzzy Hash: B4919B71558345AFDB2ADF65CC90FABBAECBF94648F40092EFA8492151E370D904CB62
              Function 011D273C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
              Download Yara Rule
              Strings
              • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 012122B6
              • SXS: %s() passed the empty activation context, xrefs: 012121DE
              • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 012121D9, 012122B1
              • .Local, xrefs: 011D28D8
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
              • API String ID: 0-1239276146
              • Opcode ID: b487464a8c444b1b047b35f7a05f5a4381b039eb49607973af5938cb4739fefe
              • Instruction ID: 707f081823d7fb1effc3d69f3d9e3f7e4cdf075e21581dfdbba24d7da89f1018
              • Opcode Fuzzy Hash: b487464a8c444b1b047b35f7a05f5a4381b039eb49607973af5938cb4739fefe
              • Instruction Fuzzy Hash: 7AA1C33190122ADBDB2DCF58CC84BA9B7B1BF68314F2541E9E918A7255E7309E81CF91
              Function 011A64AB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
              Download Yara Rule
              Strings
              • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 01201028
              • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 0120106B
              • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 01200FE5
              • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 012010AE
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
              • API String ID: 0-1468400865
              • Opcode ID: 7610221e5526c3d7dd7b4b15c4f2bb53f0bd297c387d24d1f3e1ff5736c4d51a
              • Instruction ID: b9b695124049d456acefd955d7c87411fb31c67366396081abb476242b04dae5
              • Opcode Fuzzy Hash: 7610221e5526c3d7dd7b4b15c4f2bb53f0bd297c387d24d1f3e1ff5736c4d51a
              • Instruction Fuzzy Hash: 327112B1904305AFCB25DF14C884B9B7FA9AF557A4F840568F9888B187D734D588CBD2
              Function 011C245A Relevance: 5.1, Strings: 4, Instructions: 111COMMON
              Download Yara Rule
              Strings
              • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 0120A992
              • minkernel\ntdll\ldrinit.c, xrefs: 0120A9A2
              • apphelp.dll, xrefs: 011C2462
              • LdrpDynamicShimModule, xrefs: 0120A998
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
              • API String ID: 0-176724104
              • Opcode ID: 6185a47da23869ac665c0a4692b12cc9884654cd4758f0707bc305a6592bca65
              • Instruction ID: e3415e36bab6b009e46896a0aa546e7f812d3e5f1a213a1dcd1cb3c29d2f8e3d
              • Opcode Fuzzy Hash: 6185a47da23869ac665c0a4692b12cc9884654cd4758f0707bc305a6592bca65
              • Instruction Fuzzy Hash: FD314E75710302EBDB3ADF6DA949AB977B4FB80B14F55011DE9006B286C7B05881C780
              Function 011B29A0 Relevance: 4.7, Strings: 3, Instructions: 966COMMON
              Download Yara Rule
              Strings
              • HEAP: , xrefs: 011B3264
              • Unable to release memory at %p for %Ix bytes - Status == %x, xrefs: 011B327D
              • HEAP[%wZ]: , xrefs: 011B3255
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
              • API String ID: 0-617086771
              • Opcode ID: dd2014744e85c2f3eaba73328242f4fa7ac0b6d6377f0647e28a9e56c9a988dc
              • Instruction ID: 1ecf5458cfdb7fb235b57fc1b2cd0621d7110a4add403c1ac1660862f668d36e
              • Opcode Fuzzy Hash: dd2014744e85c2f3eaba73328242f4fa7ac0b6d6377f0647e28a9e56c9a988dc
              • Instruction Fuzzy Hash: CA92CC70A046499FDB29CF69C484BEEBBF1FF08304F188099E869AB391D735A945CF50
              Function 011B0770 Relevance: 4.2, Strings: 3, Instructions: 414COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
              • API String ID: 0-4253913091
              • Opcode ID: 33b27b0afc29caa3e6bf9136dbf4da6bec8155159fab0d31136c41c5f6b26d22
              • Instruction ID: 5eff1018dcf8486dce8d6674e8fbb213c36d6d725b34988d35e19122ca9cc099
              • Opcode Fuzzy Hash: 33b27b0afc29caa3e6bf9136dbf4da6bec8155159fab0d31136c41c5f6b26d22
              • Instruction Fuzzy Hash: 5DF1A070A10606DFEB2ACF68C8D4BAAB7B5FF48304F144268E5569B392D734E981CF51
              Function 011C6962 Relevance: 4.0, Strings: 2, Instructions: 1492COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID: $@
              • API String ID: 0-1077428164
              • Opcode ID: f06e79f351949ad47e8ed9a6911afc60d946af88c48bd60cd3552a5dc5854fd4
              • Instruction ID: 70b9f8e5db411c37e67c2be81b958793b843110ddd0f1f95db7f76c10ebc27f6
              • Opcode Fuzzy Hash: f06e79f351949ad47e8ed9a6911afc60d946af88c48bd60cd3552a5dc5854fd4
              • Instruction Fuzzy Hash: 19C293716183419FD72ACF28C881BABBBE5AF98B14F05892DE989C7281D774D805CF52
              Function 0119A197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID: FilterFullPath$UseFilter$\??\
              • API String ID: 0-2779062949
              • Opcode ID: ac473ee3b253fa4cad06348e72d35efef4c1c0e1c9a11f83771d41b0a3efb15b
              • Instruction ID: f5132424e17df46bee75d8dc13f8330ba24486d98235c45983f2d8723e5c3fd4
              • Opcode Fuzzy Hash: ac473ee3b253fa4cad06348e72d35efef4c1c0e1c9a11f83771d41b0a3efb15b
              • Instruction Fuzzy Hash: F9A16D759116299BDF39DF68CC88BEAB7B8EF44704F1001E9EA09A7250D7359E84CF90
              Function 011C0BCB Relevance: 4.0, Strings: 3, Instructions: 210COMMON
              Download Yara Rule
              Strings
              • Failed to allocated memory for shimmed module list, xrefs: 0120A10F
              • LdrpCheckModule, xrefs: 0120A117
              • minkernel\ntdll\ldrinit.c, xrefs: 0120A121
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
              • API String ID: 0-161242083
              • Opcode ID: 909c15445a57d8ac073d3f61c72b2ac52aa7ea2115f636798451fa1e89399eb5
              • Instruction ID: a95bbc6ffc356efd74a545c1781c1195715727357ba68a78778eadbb5b3be854
              • Opcode Fuzzy Hash: 909c15445a57d8ac073d3f61c72b2ac52aa7ea2115f636798451fa1e89399eb5
              • Instruction Fuzzy Hash: 6D71DE74A00306DFDB2ADF6CD984BBEB7F4FB58A08F14406DE502AB241E330A941CB54
              Function 011B0A5B Relevance: 3.9, Strings: 3, Instructions: 190COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
              • API String ID: 0-1334570610
              • Opcode ID: 1b2f58d91ee3af387983406b8eb082d096da104c1dc347abe8979a8801a8b288
              • Instruction ID: 9c65d1d263f9f39ec07d361df0f120dea9e5db5a191358166b2513fd07504e40
              • Opcode Fuzzy Hash: 1b2f58d91ee3af387983406b8eb082d096da104c1dc347abe8979a8801a8b288
              • Instruction Fuzzy Hash: CD61AD75610302DFDB2DCF28C584BAABBF1FF49704F14865AE9598B292D770E881CB91
              Function 011DC720 Relevance: 3.9, Strings: 3, Instructions: 141COMMON
              Download Yara Rule
              Strings
              • Failed to reallocate the system dirs string !, xrefs: 012182D7
              • LdrpInitializePerUserWindowsDirectory, xrefs: 012182DE
              • minkernel\ntdll\ldrinit.c, xrefs: 012182E8
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
              • API String ID: 0-1783798831
              • Opcode ID: 1046552ffdf99e172fa28d5eba330ffc7e4ecaea4ee597e423e2ab04055bc6dd
              • Instruction ID: 9fc0dd9a2959986f052014390e503728b567cda50f0f753ead1328fcae6fd507
              • Opcode Fuzzy Hash: 1046552ffdf99e172fa28d5eba330ffc7e4ecaea4ee597e423e2ab04055bc6dd
              • Instruction Fuzzy Hash: 7F411372650701AFDB29EB6CE888B9B77E8EF58654F01492EF948D3294E774D800CBD1
              Function 0125C188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
              Download Yara Rule
              Strings
              • PreferredUILanguages, xrefs: 0125C212
              • @, xrefs: 0125C1F1
              • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 0125C1C5
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
              • API String ID: 0-2968386058
              • Opcode ID: 9dbc38d583c42c38b08279c88874f9b3ce392843edec2239aa95280c3a2d2f0e
              • Instruction ID: 7637eabe07344e090d05144627519f2ebe8e18a976e410e8db98578eddb82d78
              • Opcode Fuzzy Hash: 9dbc38d583c42c38b08279c88874f9b3ce392843edec2239aa95280c3a2d2f0e
              • Instruction Fuzzy Hash: 2B417271E1030AEBDF55DBD8C891BEEBBBCAB14744F14406AEA09F7240E7749A448B90
              Function 01234144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
              • API String ID: 0-1373925480
              • Opcode ID: c7d842e1eff6b89ad7b8ddcbd4d5d5e39187a6e976b0d01a6aa2b4f6c05ea2c8
              • Instruction ID: 9cd006a26853d9e89bbfc41ba75a40f899be064cd7e7de21b819b8f7cfd5303e
              • Opcode Fuzzy Hash: c7d842e1eff6b89ad7b8ddcbd4d5d5e39187a6e976b0d01a6aa2b4f6c05ea2c8
              • Instruction Fuzzy Hash: D54127B1A20699CBEB25EFD8C840BADBBB4FF95344F14049ADA41FB381D7748901CB10
              Function 01224755 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
              Download Yara Rule
              Strings
              • minkernel\ntdll\ldrredirect.c, xrefs: 01224899
              • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 01224888
              • LdrpCheckRedirection, xrefs: 0122488F
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
              • API String ID: 0-3154609507
              • Opcode ID: 20f8d9e625ffc1f6a94e1e3e685bdfd434e3f61d28638bfb7ca1205ffa67321d
              • Instruction ID: fbed56e78b28851b1c3750663773018c4355d1d26d12397c2a0c2423d28f7e02
              • Opcode Fuzzy Hash: 20f8d9e625ffc1f6a94e1e3e685bdfd434e3f61d28638bfb7ca1205ffa67321d
              • Instruction Fuzzy Hash: 7C41B232A342F2ABCB25EE5CD840A6A7BE4FF49A50F050559FE589B351D7B0D800CB92
              Function 011B0BBE Relevance: 3.8, Strings: 3, Instructions: 70COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
              • API String ID: 0-2558761708
              • Opcode ID: fc5271a4ec1b2adde520dfbec327a65bae5790213748ed88a32c5e4013730850
              • Instruction ID: 9d21ade1c219a36fc33bc2e5a532d1b1cf0df4bf968646ccf2cd653b54c42127
              • Opcode Fuzzy Hash: fc5271a4ec1b2adde520dfbec327a65bae5790213748ed88a32c5e4013730850
              • Instruction Fuzzy Hash: D911CD31324142DFDB2EDE18D485BBAB3B5EF44A19F1A8259F4068B292DB30D840CB56
              Function 012220DE Relevance: 3.8, Strings: 3, Instructions: 41COMMON
              Download Yara Rule
              Strings
              • LdrpInitializationFailure, xrefs: 012220FA
              • minkernel\ntdll\ldrinit.c, xrefs: 01222104
              • Process initialization failed with status 0x%08lx, xrefs: 012220F3
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
              • API String ID: 0-2986994758
              • Opcode ID: fea5048ae4b4898cb790f97ca1cb54ca0853a9aa68e5369a505958ecb3e0fd95
              • Instruction ID: 61fd0fde3999ebc3f2bffef746453adc0b5a29ca3b24b91a9d9ac9af55c4853d
              • Opcode Fuzzy Hash: fea5048ae4b4898cb790f97ca1cb54ca0853a9aa68e5369a505958ecb3e0fd95
              • Instruction Fuzzy Hash: 57F0C275650319BFEB28EB4CDD4AFED37A8FB41B54F204059FB0077686D6B0A900CA91
              Function 011B03E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON
              Download Yara Rule
              APIs
              Strings
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID: ___swprintf_l
              • String ID: #%u
              • API String ID: 48624451-232158463
              • Opcode ID: 55c338345d1a3600b78cb376b3a2bfc77fde37ca0ac7df159b6c2c1f8ae54502
              • Instruction ID: 12170cac04a2742a06167bb6ddffff47e1388f12989daec252e8dbf4d90f82cf
              • Opcode Fuzzy Hash: 55c338345d1a3600b78cb376b3a2bfc77fde37ca0ac7df159b6c2c1f8ae54502
              • Instruction Fuzzy Hash: F6715C71A1014A9FDB06DFA8C984FAEB7F8BF18704F154165EA05E7251EB38EE01CB61
              Function 011AA9D0 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
              Download Yara Rule
              Strings
              • LdrResSearchResource Enter, xrefs: 011AAA13
              • LdrResSearchResource Exit, xrefs: 011AAA25
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
              • API String ID: 0-4066393604
              • Opcode ID: 4008f7a4ab5a34608d4bf3029f8adffc57b0000d6ab0616046c311365f5752a1
              • Instruction ID: 6da4f83444fc6d34b06d0ee30c7232eafae37526165038589bb290b651947440
              • Opcode Fuzzy Hash: 4008f7a4ab5a34608d4bf3029f8adffc57b0000d6ab0616046c311365f5752a1
              • Instruction Fuzzy Hash: A3E1B475E10219DFEB2ACF98D994BAEBFB9FF08310F50052AEA01E7281D7749940CB51
              Function 0126A352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID: `$`
              • API String ID: 0-197956300
              • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
              • Instruction ID: bf4c915429e59c1c459a8efef7f0b44bb319549abfffd30415d4a253b35d1385
              • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
              • Instruction Fuzzy Hash: 01C1C0312243429FEB25CF28C841B6BBBE9AFD4318F184A2CF696972D0D774D985CB51
              Function 0121E6F2 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID: InitializeThunk
              • String ID: Legacy$UEFI
              • API String ID: 2994545307-634100481
              • Opcode ID: 8bb320da68188d0337664a97c42cc919e17b59cd96bfc7fed59d630b1550ec47
              • Instruction ID: f0db5063fb853e3cc25dce8a8c77edc0cc230ded3b795e95b2b24f20d9e1c6a7
              • Opcode Fuzzy Hash: 8bb320da68188d0337664a97c42cc919e17b59cd96bfc7fed59d630b1550ec47
              • Instruction Fuzzy Hash: 60617D71E102199FEB1ADFA8CC40BADBBF9FB54704F16402DEA09EB255D731A941CB50
              Function 012443D4 Relevance: 2.7, Strings: 2, Instructions: 169COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID: @$MUI
              • API String ID: 0-17815947
              • Opcode ID: 740eec1faf1b5c45199cf6b0ee6ef0615bd56f609df722bc45fee98d9b88b9f7
              • Instruction ID: b240ed32a9f950aa764dc08af1dcfcae9461fb402b39beb6b6f0b41cddac61e2
              • Opcode Fuzzy Hash: 740eec1faf1b5c45199cf6b0ee6ef0615bd56f609df722bc45fee98d9b88b9f7
              • Instruction Fuzzy Hash: 9F514771E1065EAFDF15DFE9CC90BEEBBBCEB14658F100129E615A7280D73099058BA0
              Function 011A04E5 Relevance: 2.7, Strings: 2, Instructions: 153COMMON
              Download Yara Rule
              Strings
              • kLsE, xrefs: 011A0540
              • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 011A063D
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
              • API String ID: 0-2547482624
              • Opcode ID: d023e3487f13ec12f31f771c349aeefcd875a1cdae7a47f0e6c3e1f6b63b000d
              • Instruction ID: 968d68a23b68e46c66ec029ff059308c7539fe9914225587688fbc889c4aa895
              • Opcode Fuzzy Hash: d023e3487f13ec12f31f771c349aeefcd875a1cdae7a47f0e6c3e1f6b63b000d
              • Instruction Fuzzy Hash: 6351D079504B428FD729DF68C4446A7BFE4AF89308F50483EF6EA87241E770E545CB92
              Function 011AA2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
              Download Yara Rule
              Strings
              • RtlpResUltimateFallbackInfo Exit, xrefs: 011AA309
              • RtlpResUltimateFallbackInfo Enter, xrefs: 011AA2FB
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
              • API String ID: 0-2876891731
              • Opcode ID: bc66de5c17ccb56e6d2b936a881d34b0b04dfaf60f06574f4f11ce94d96118ef
              • Instruction ID: 73f8138356d56bfd0593a2d9d8436464056ce8c673a0984630629202924967ea
              • Opcode Fuzzy Hash: bc66de5c17ccb56e6d2b936a881d34b0b04dfaf60f06574f4f11ce94d96118ef
              • Instruction Fuzzy Hash: C441F334A18656DBDB1ACF59D844B6EBBF4FF84304F2441A6EA00DB392E3B5D900CB41
              Function 011DA5D0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID: InitializeThunk
              • String ID: Cleanup Group$Threadpool!
              • API String ID: 2994545307-4008356553
              • Opcode ID: 735027da1c70cc8541b265911047b6a2ae6748214640c44e30c2c03865311d3b
              • Instruction ID: 969d5e9c5835c5bead821bf09d641b2b6b5aef77ee26a7f72cef4bdda07cb725
              • Opcode Fuzzy Hash: 735027da1c70cc8541b265911047b6a2ae6748214640c44e30c2c03865311d3b
              • Instruction Fuzzy Hash: 7201D1B2244704EFE315DF14DD49F2677E9EB85719F058939A64CC7590E374D804CB46
              Function 011AC7C0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID: MUI
              • API String ID: 0-1339004836
              • Opcode ID: 18f97300a960953821075a50df0d307f14ead96276e3a7ad40cf556ad7fe3781
              • Instruction ID: dcd71fd038ca4b09de9c05c843bad8eb539711e742b35920251fe9287234496d
              • Opcode Fuzzy Hash: 18f97300a960953821075a50df0d307f14ead96276e3a7ad40cf556ad7fe3781
              • Instruction Fuzzy Hash: 85827B79E006198FEF28CFA8D880BEDBFB1BF48350F548169E919AB750D7309941CB91
              Function 01226420 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID: 0-3916222277
              • Opcode ID: 4b56623e634c4e04a7104265373acae53794fc1b061cd789eea33529fcc3ea9d
              • Instruction ID: 7c0c4944ea69e736753459862e836c50815d182d1392cfc4f7a6503a2efcfa75
              • Opcode Fuzzy Hash: 4b56623e634c4e04a7104265373acae53794fc1b061cd789eea33529fcc3ea9d
              • Instruction Fuzzy Hash: 8991727295062ABFEB25DF95CC85FAEBBB8EF14B54F104055FA00AB190D774AD00CB60
              Function 0124E10E Relevance: 1.5, Strings: 1, Instructions: 255COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID: 0-3916222277
              • Opcode ID: 3f6692ef856113aad212e6c91bff1c18f404136f6d4321266347c528f27d195b
              • Instruction ID: af418b5444f3eb3e6e254b85906fb54aa86438f185f89440852d17c20b2859e6
              • Opcode Fuzzy Hash: 3f6692ef856113aad212e6c91bff1c18f404136f6d4321266347c528f27d195b
              • Instruction Fuzzy Hash: 5791AE3291060AABEB2ADBA5D884FEFBBB9FF45744F010029F615A7250D7789901CB50
              Function 011DA660 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID: GlobalTags
              • API String ID: 0-1106856819
              • Opcode ID: 2234256fbb8499ed700d17256a23046817cddc6bbc0bab8c8e65be80ed5b18d5
              • Instruction ID: 24def4af8c743a897861d49d2204be39db8f8803fc54daebec90975ee3090011
              • Opcode Fuzzy Hash: 2234256fbb8499ed700d17256a23046817cddc6bbc0bab8c8e65be80ed5b18d5
              • Instruction Fuzzy Hash: 00716D75E1021A8FDF28CF9CD5906ADBBF2FF68710F14812EE905A7245E7B19845CB50
              Function 01244978 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID: .mui
              • API String ID: 0-1199573805
              • Opcode ID: fa8d7dd153b5c921d28de85e8b9264db8f0cc86ce9312d637f2e02086040dbcc
              • Instruction ID: 21731a76caed7a669425e0cf5686d2121e6d67274dfbc448f75527b9a2ef507e
              • Opcode Fuzzy Hash: fa8d7dd153b5c921d28de85e8b9264db8f0cc86ce9312d637f2e02086040dbcc
              • Instruction Fuzzy Hash: F351A472D2026ADBDF19EF99D841BAEBBB4BF14614F054129EA11BB240D7749C01CBE4
              Function 011BE627 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID: EXT-
              • API String ID: 0-1948896318
              • Opcode ID: 6b0452db0656fe6540734f162ee0a3a054169aa8c993430902a614019450e71b
              • Instruction ID: ac7b0ffdbac290d044bbf665f900390308ed33ce5f90a4478b96300432d4c6af
              • Opcode Fuzzy Hash: 6b0452db0656fe6540734f162ee0a3a054169aa8c993430902a614019450e71b
              • Instruction Fuzzy Hash: 0D418371509702ABD719DB75C880BEBBBE8AF88718F44092DF685D7180E774D904C793
              Function 0121C730 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID: BinaryHash
              • API String ID: 0-2202222882
              • Opcode ID: 8aab6c4115d98454e6ccc94cc5feb8669816b580fa98cae34b25909658e5cbb8
              • Instruction ID: cc3724ae0f7855bc5c0873f6b5bdce8190678c0918f27088bf73f868afadaab7
              • Opcode Fuzzy Hash: 8aab6c4115d98454e6ccc94cc5feb8669816b580fa98cae34b25909658e5cbb8
              • Instruction Fuzzy Hash: 6C41A5B1D5052DAADB21DA50CC84FDEB7BCAB54718F0045E5EB08A7140DB709E498F94
              Function 01236B40 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID: #
              • API String ID: 0-1885708031
              • Opcode ID: dc05b6cce11e3fafd7e1601d1a38b866dab53f3648e4f119032f355c13f5ddfd
              • Instruction ID: 2a7d1e836fe83ff433754210499ba4d2df558a15fcfc3ac113ae2b30ea8f3988
              • Opcode Fuzzy Hash: dc05b6cce11e3fafd7e1601d1a38b866dab53f3648e4f119032f355c13f5ddfd
              • Instruction Fuzzy Hash: EF313D71A1071ABBDB26CF69C858BEE7BBCDF84704F144428EA40AB282D775DE05CB54
              Function 0121CA72 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID: BinaryName
              • API String ID: 0-215506332
              • Opcode ID: 477aef889c2d10ae5971ec50948d5c9f499ec33de67791eb63fffab6cde1480d
              • Instruction ID: 0068208e4d5530b6cd231d4f7a7d29f2abb62d3cf97d5c4659fc61134ea588f6
              • Opcode Fuzzy Hash: 477aef889c2d10ae5971ec50948d5c9f499ec33de67791eb63fffab6cde1480d
              • Instruction Fuzzy Hash: EF31293A950516AFDB16DB58C855E6FBBF4FF60710F014129E901E7254E730AE10D7D0
              Function 0122892A Relevance: 1.3, Strings: 1, Instructions: 47COMMON
              Download Yara Rule
              Strings
              • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 0122895E
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
              • API String ID: 0-702105204
              • Opcode ID: 021d7fd09660273a546c811b4ffc45d3ec786e5383ac218032b7306c9701e4d7
              • Instruction ID: 87dbb89b9ad33695ed4405b87adaa849159584b45fb2e84368987c82897878c5
              • Opcode Fuzzy Hash: 021d7fd09660273a546c811b4ffc45d3ec786e5383ac218032b7306c9701e4d7
              • Instruction Fuzzy Hash: 2401F732730232BBEB396F5E9884B6E7FA5EF85654B44001DF74106651CB70F881C792
              Function 01242000 Relevance: .8, Instructions: 757COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f031476f750908f2a8432717ce54cf7e501f9c03daf62f87fc9881032adf290f
              • Instruction ID: 5e7248ee00afc676f30ef7870fb144257fde901f07a855bcd5765432c404c1f8
              • Opcode Fuzzy Hash: f031476f750908f2a8432717ce54cf7e501f9c03daf62f87fc9881032adf290f
              • Instruction Fuzzy Hash: D142C435628342CBE72DCF6AD890A6FBBE5EF94704F08092DFA8697250D770D845CB52
              Function 01238158 Relevance: .6, Instructions: 617COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2f15d0d217d751b8da7208320117f082a2645afca89099b735e0c9b2eb63a59c
              • Instruction ID: b837b74ffa0ed240924c07db1412abcb4bf42ed29ecb4dbd1293cb73f47eb856
              • Opcode Fuzzy Hash: 2f15d0d217d751b8da7208320117f082a2645afca89099b735e0c9b2eb63a59c
              • Instruction Fuzzy Hash: 1B424EB5E102198FEB25CF69C881BADBBF5FF88304F148199EA49EB241D7349985CF50
              Function 011B2840 Relevance: .6, Instructions: 605COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: fe320b6a71685e05bdd3994a62761d4a14137044ee05c58f95df4680d118d156
              • Instruction ID: 3e0b498ddecc8d9e490f0c0291c2a21ac5c63706e83e8b983bd42f6877174bed
              • Opcode Fuzzy Hash: fe320b6a71685e05bdd3994a62761d4a14137044ee05c58f95df4680d118d156
              • Instruction Fuzzy Hash: 23321270A207568FDB2ACF69C8447BEBBF2FF84304F14421DD5469B682D735A925CB50
              Function 0124A118 Relevance: .6, Instructions: 591COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c00495155098e764fe88cf793d620ed1b10f7e85ed0d625a54f16fdd520cfe4f
              • Instruction ID: 3e962b72b4257d1df46523fdafaa722ca0059ead915d16726ec9dc6e080f5ce9
              • Opcode Fuzzy Hash: c00495155098e764fe88cf793d620ed1b10f7e85ed0d625a54f16fdd520cfe4f
              • Instruction Fuzzy Hash: CA22BD746B46628FEB2DCF2DC095376BBE1AF44300F088459EA978F286E375D452DB60
              Function 011A6A50 Relevance: .5, Instructions: 548COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 05ef4845fac60ebe59af03060410e6313c138571f76587c649152f0c3dcc4627
              • Instruction ID: edcd7567ecfc4604cee4889f37f8b7f54c13793471af027c0a0a5e639ba9e764
              • Opcode Fuzzy Hash: 05ef4845fac60ebe59af03060410e6313c138571f76587c649152f0c3dcc4627
              • Instruction Fuzzy Hash: E132D274A00215CFDB29CF68C480BAEBBF1FF48310F544669EA55AB392D734E851CB91
              Function 011C4A35 Relevance: .4, Instructions: 423COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
              • Instruction ID: bfda294161321c780be25f0b947a60223ad5fbaadbb04f6f9b662788272cff7c
              • Opcode Fuzzy Hash: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
              • Instruction Fuzzy Hash: D6F1A074E1420A9FDB29CF99C490BAEBBF5BF68B14F04812DE901AB751E734E841CB50
              Function 0123892B Relevance: .4, Instructions: 386COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ddc617bcc71bed360f220fe88e81c0f2f3a9638764576215814241e30443e7ec
              • Instruction ID: 47fe4f31afc78d26ff21e82579ba2a06733e97d5e698afc7a1f57f86d7cf3017
              • Opcode Fuzzy Hash: ddc617bcc71bed360f220fe88e81c0f2f3a9638764576215814241e30443e7ec
              • Instruction Fuzzy Hash: 9CD1D5B1A2060A9BDF19CF69C841AFEB7F1AFC4304F188269E555EB241E735E905CB50
              Function 011A65D0 Relevance: .4, Instructions: 383COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: bbcdd83d4456e932e606145af39129e329e3ddec604d8a93aa291e53f38b6a47
              • Instruction ID: e090ab76720ee5e8e66ab7c889138ecaadfdc7c35f39aac8d9997e03dec3404e
              • Opcode Fuzzy Hash: bbcdd83d4456e932e606145af39129e329e3ddec604d8a93aa291e53f38b6a47
              • Instruction Fuzzy Hash: C9E1B175608342CFC719CF68C080A6ABFE1FF88314F498A6DE99987351E731E905CB92
              Function 01198397 Relevance: .4, Instructions: 380COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4a663c8d1eb1b7cb32b92637d3fec3e8adf90a6a7698dd13638c4de20eca7bda
              • Instruction ID: 29e679a14d13e70faa071297e584fdf8f18c242d96a2f8bd6a225be4af6d6083
              • Opcode Fuzzy Hash: 4a663c8d1eb1b7cb32b92637d3fec3e8adf90a6a7698dd13638c4de20eca7bda
              • Instruction Fuzzy Hash: 5FD11571A0060A9BDF1CCF69C890BBE77B5BF55718F05422DEA26DB280E734E911CB60
              Function 01228243 Relevance: .3, Instructions: 322COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
              • Instruction ID: 3c64499eb31ce17538ad6030b9bd97175bee5ca0f49b2267cc3bc7a153bbd883
              • Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
              • Instruction Fuzzy Hash: E7B15F74A10616BFDB24DB99C940AAFBBF9FF85304F14446EEA4297790EB34E905CB10
              Function 011B0535 Relevance: .3, Instructions: 300COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
              • Instruction ID: dcb91dcc9e432c439c319b2beed113e41c4d27cecf20aca8b565f5257905a0e2
              • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
              • Instruction Fuzzy Hash: 7FB12831610646AFDB1ADB68C894BBFBBF6AF48304F154259E652D7282D730ED41CB90
              Function 011A83C0 Relevance: .3, Instructions: 281COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d2b5778b31fa4a0cd5064a9ca06cc0a51e867c0b3bdbc23795ae413c4840a3fb
              • Instruction ID: da817822a2f0cc972167270db7b6e2e66d596f366b90ab824b276f5ddc178fd3
              • Opcode Fuzzy Hash: d2b5778b31fa4a0cd5064a9ca06cc0a51e867c0b3bdbc23795ae413c4840a3fb
              • Instruction Fuzzy Hash: 0AC15874118341CFE768CF19C484BABBBE5BF88704F44496DE98987291E774E908CF92
              Function 0119C427 Relevance: .3, Instructions: 280COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9c86dd61455b8a834448d187a37e73c187f2228d03c7f7b32a64eeaa852cbd89
              • Instruction ID: 55eb32e3761d2cae53934284f906f5aae346697ba5321e648079f482cf9e4fcd
              • Opcode Fuzzy Hash: 9c86dd61455b8a834448d187a37e73c187f2228d03c7f7b32a64eeaa852cbd89
              • Instruction Fuzzy Hash: 13B18370B002668BEB68CF58D890BA9B7F1EF44704F0485E9D55AE7281EB34DD86CF61
              Function 011CE5E7 Relevance: .3, Instructions: 278COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e3c880cce451714d33ad7ed9bb97b9e6ef6e611ca0b8d71622f69c745701955c
              • Instruction ID: e6e48a90a3d1e8294d62b982a4bc5110f554fd7a8166efc987a8e28b6aec9f9e
              • Opcode Fuzzy Hash: e3c880cce451714d33ad7ed9bb97b9e6ef6e611ca0b8d71622f69c745701955c
              • Instruction Fuzzy Hash: 3CA13831E516259FEB3ACB9CC948BADBFA4BB15B14F050219EA10AB2C2D7749D40CBD1
              Function 011E0185 Relevance: .3, Instructions: 276COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7647f190d8965162a8310f4a8f36873c457ba78f76648af32fbcc106a0fb63bf
              • Instruction ID: 0034eaa41589faf6cefa0e5050a48d3fbf734784990f0593d81d1ac1f6db0b7c
              • Opcode Fuzzy Hash: 7647f190d8965162a8310f4a8f36873c457ba78f76648af32fbcc106a0fb63bf
              • Instruction Fuzzy Hash: 16A10671B00A1ADFDB2DDFA9C594BAAB7F1FF58318F004029EA0597281DB74E841CB50
              Function 01274500 Relevance: .3, Instructions: 275COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d2532873adb1d8f146491e8363066003e141c604d0347c958f23f35e702d381b
              • Instruction ID: 11884c4fe491c29ba1f9c92757537c1c36f6230f6f65a5df076ef27016dc5a5f
              • Opcode Fuzzy Hash: d2532873adb1d8f146491e8363066003e141c604d0347c958f23f35e702d381b
              • Instruction Fuzzy Hash: 15A1DE72A24692DFC725EF18C980B6BBBE9FF58708F050528E689DB651D334ED01CB91
              Function 01272B57 Relevance: .3, Instructions: 266COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
              • Instruction ID: 67f3fd7599d2c9ac4b2ce75d7ee63a9ad7079097797e0aad6e7351a9677e4bd9
              • Opcode Fuzzy Hash: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
              • Instruction Fuzzy Hash: 6FB13871E1065ADFDF29CFA9C880AAEBBB5FF58310F148169EA14A7354D730A941CF90
              Function 012260E0 Relevance: .3, Instructions: 264COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1179cd365b254152d21260be88e249aa93c1ebfc1ba40e7e6d8b4cd5b8c8970a
              • Instruction ID: 2bf7d9c1e2a5bb0bccc151e0888951d416ee297ee45879050bbf4708b6541349
              • Opcode Fuzzy Hash: 1179cd365b254152d21260be88e249aa93c1ebfc1ba40e7e6d8b4cd5b8c8970a
              • Instruction Fuzzy Hash: 49918272D10226BFDB15CFA8D884BBEBBB5AF49710F154169EA10AB341D774E9009BA0
              Function 011BE3F0 Relevance: .3, Instructions: 261COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: fb7a62031ec38d92c541424a646eac37548c43bf07e68ef601b8d579a1aa627a
              • Instruction ID: bbdeb0f93eb3ce540435b4c7df56d3deb21e162dd28098681e8f07178b9610d1
              • Opcode Fuzzy Hash: fb7a62031ec38d92c541424a646eac37548c43bf07e68ef601b8d579a1aa627a
              • Instruction Fuzzy Hash: F2914635A01216CBEB2D9B5CC4C4BF97BA1EF84718F054165EA0ADB382E738D941CB51
              Function 0126AB40 Relevance: .2, Instructions: 222COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
              • Instruction ID: 5ca037f3a95ace88f84c47558176357411a7504a9408e8a5eb5576860d699a9e
              • Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
              • Instruction Fuzzy Hash: 91819271A202069FDF19CF58C881AAEBBFAFF94310F148569DA16AB3C4D774D941CB50
              Function 011DE284 Relevance: .2, Instructions: 212COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d45b423a2f929d16274e34ad2e7a65a626e817b1e4ce64a8eac26d8107d9b4c2
              • Instruction ID: d2bf06215670b3f5dec8669ba8d967d1c158d5ce5a6938b9c2b51b771ad01811
              • Opcode Fuzzy Hash: d45b423a2f929d16274e34ad2e7a65a626e817b1e4ce64a8eac26d8107d9b4c2
              • Instruction Fuzzy Hash: 55818171A05609EFDB29CFA9C890BEEBBFAFF48354F104429E555A7250DB30AC45CB60
              Function 011BC640 Relevance: .2, Instructions: 206COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 32515ef5fed3923e31025ded2612b0be1fcc4f88acd4fc432d4bcf0cf70222cc
              • Instruction ID: 59bac3f505972a2189bb0958503d76a8c43c33a350a585c701730e310483c6be
              • Opcode Fuzzy Hash: 32515ef5fed3923e31025ded2612b0be1fcc4f88acd4fc432d4bcf0cf70222cc
              • Instruction Fuzzy Hash: BE71BD75C106669BCB2A8F69D490BFEBBB5FF58710F15421AE942AB391D3709801CBD0
              Function 012547A0 Relevance: .2, Instructions: 202COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2aacedb78ce53cea658ae6fb89d9015f3de9bf4d0f5345953b7eb1df8266b44a
              • Instruction ID: ba3dbcd2a66ad21916c25fa65c6c1ea2a4af2f96421ff078954151d528cf5126
              • Opcode Fuzzy Hash: 2aacedb78ce53cea658ae6fb89d9015f3de9bf4d0f5345953b7eb1df8266b44a
              • Instruction Fuzzy Hash: D071B670910246EFDFA4EF9DD999A9AFBF9FF90300F00415AEB1097258E7718980CB64
              Function 011B260B Relevance: .2, Instructions: 201COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 160f33afd89f77f5821dccfa6c31684b2714ecd7307427f38da7f74a46753596
              • Instruction ID: 810b3e11bd560c020c2ed77e4929266e14760cada9bc7b7b900f4aa9f4e997d1
              • Opcode Fuzzy Hash: 160f33afd89f77f5821dccfa6c31684b2714ecd7307427f38da7f74a46753596
              • Instruction Fuzzy Hash: DA71D3356146428FD31ADF28C480BAAB7E5FF84314F0585A9E854CB352DB34E84ACB92
              Function 0122035C Relevance: .2, Instructions: 198COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
              • Instruction ID: bbc36724521e770487668394b03173663bb40c926c54ea8fd97ceef260d0607d
              • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
              • Instruction Fuzzy Hash: FA71AC71A2061AEFDB14DFA9C984EEEBBB8FF48304F104469E505E7250DB34EA01CB90
              Function 012362A0 Relevance: .2, Instructions: 198COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d0ea3bc1490aa0db218a79410cde854bfc289680667a8e261718b88e0bcb8896
              • Instruction ID: 4a4ed8cca06ebb6554ffa38cbe5057875a2b1516ea4024d668c978613d207a30
              • Opcode Fuzzy Hash: d0ea3bc1490aa0db218a79410cde854bfc289680667a8e261718b88e0bcb8896
              • Instruction Fuzzy Hash: DF71F2B2660B02BFEB368F58C855F56BBFAEF80724F144418E315872A1D7B5EA44CB50
              Function 01278324 Relevance: .2, Instructions: 192COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: eb96f5b4ccac8ee279b872be76190dba0fa582b5eba5676d880bb6e5275fa969
              • Instruction ID: 9fc253cbf82d904e5ed63f18303a1960a069883c36d32b5ce21edd3696b277f9
              • Opcode Fuzzy Hash: eb96f5b4ccac8ee279b872be76190dba0fa582b5eba5676d880bb6e5275fa969
              • Instruction Fuzzy Hash: E9712C71E1061AAFDF16DF94C885FEFBBB9FB04354F104119E620A7290E774AA45CB90
              Function 0125A250 Relevance: .2, Instructions: 184COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5968baf11aa31114152da86bf0985c8981d4c5cf68c5536840fd028b50a5ec5f
              • Instruction ID: df51acd5d8881d27b3807444559eaad9954b3d75cccfb0992acfe041ec8a1c73
              • Opcode Fuzzy Hash: 5968baf11aa31114152da86bf0985c8981d4c5cf68c5536840fd028b50a5ec5f
              • Instruction Fuzzy Hash: E751D272524712AFD751DEA8C889E6BBBE8EFC4754F010A29BE40DB150D770ED05C7A2
              Function 01248350 Relevance: .2, Instructions: 161COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ccf7a2321565f6bdc5571b704319dddb2624fe458732eb050bef8cd7f409bc08
              • Instruction ID: c6f69123348feb4863e2c9bf2ae79c234dac3799f67482815862be3f5b373d2b
              • Opcode Fuzzy Hash: ccf7a2321565f6bdc5571b704319dddb2624fe458732eb050bef8cd7f409bc08
              • Instruction Fuzzy Hash: 0A51D170920705DFD729DF9AC880A6BFBF8FF54714F10461ED252576A0D7B0A541CB90
              Function 011DE443 Relevance: .2, Instructions: 158COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: bce672c9c3d308c1db894f467c413a052bfe47d7418bf88e770b241c225346d5
              • Instruction ID: b1bc5095df13c7036c01c935491732ed06134b703276502a13fb3d9007e21ca3
              • Opcode Fuzzy Hash: bce672c9c3d308c1db894f467c413a052bfe47d7418bf88e770b241c225346d5
              • Instruction Fuzzy Hash: 93518E71211A06DFCB2AEFA9C9D0EAAB3F9FF14788F41042AE61187260D730E951CB50
              Function 01244180 Relevance: .2, Instructions: 156COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: fc7adf1f832b171c9853bccd8b294ee500ab6ab180ae7b7fa23df05458f7bbdd
              • Instruction ID: d47a1bc0cd5ec7cbab4e66376dcc217d2f821f25dc87b0cac0adf41ac5be7487
              • Opcode Fuzzy Hash: fc7adf1f832b171c9853bccd8b294ee500ab6ab180ae7b7fa23df05458f7bbdd
              • Instruction Fuzzy Hash: C0519C716183828FD758EF29C881A6BBBE5FFD8A08F54492DF585C7250EB30D905CB52
              Function 011C45B1 Relevance: .2, Instructions: 156COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
              • Instruction ID: 3d130bbc6ce795dce8303917e4ecc86571d194627c22f8eb05507239619e3b94
              • Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
              • Instruction Fuzzy Hash: 7E51E135E0461AAFDF1ACF98C850BEEBBB5AF54B54F04416EEA00AB640D734DD44CBA0
              Function 0122E9E0 Relevance: .2, Instructions: 154COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
              • Instruction ID: 34d2df1b91affa61fcacc7a8b4a8390052c0d012cb7ff952b8eb4ea6aee86759
              • Opcode Fuzzy Hash: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
              • Instruction Fuzzy Hash: 6051DB71D1022AFFEF21DF94C895BAEBB79BF00324F164655D61267190E7709D40EBA0
              Function 01268B28 Relevance: .2, Instructions: 152COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 90a7a6dd43d3af136895602c1bd4f501ed8154276b77bdd35416c5380dbd63c0
              • Instruction ID: 2fdab9ffa9aab2e4e72ae86440cf116e07a7813a007507454a1fb499f6442c73
              • Opcode Fuzzy Hash: 90a7a6dd43d3af136895602c1bd4f501ed8154276b77bdd35416c5380dbd63c0
              • Instruction Fuzzy Hash: 7A41F6B07217029BD729DB2DC994B7FBB9EEF90620F048219EA55D72C4EB70D881C791
              Function 0122CBF0 Relevance: .1, Instructions: 148COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 466d8d68453dd6732410100decf09f546460f6a3a56fb81f52cdc8596fb9d42c
              • Instruction ID: a6a2b784d2fb790017cd6fc163dab03c6de9cb4cf93d7bf5c96007905c4a0f27
              • Opcode Fuzzy Hash: 466d8d68453dd6732410100decf09f546460f6a3a56fb81f52cdc8596fb9d42c
              • Instruction Fuzzy Hash: 4951CC7291022AEFCB20DFA8D8849AEBBF9FF48358B504529D605A7704D734AD11CFD0
              Function 011DA430 Relevance: .1, Instructions: 139COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 23adf0ab0d28ea4b773e2ce5a4aa98703fe71bc9aab50364c7c75a141544697a
              • Instruction ID: 8050203762a1e18e7328e8d00249fa182df197dc2532074319466e080de8fc91
              • Opcode Fuzzy Hash: 23adf0ab0d28ea4b773e2ce5a4aa98703fe71bc9aab50364c7c75a141544697a
              • Instruction Fuzzy Hash: AF412432A40202ABCF2DEF6CB885F6E77A5AB6571CF05046CEE069B245D7B29840C791
              Function 0126A9D3 Relevance: .1, Instructions: 139COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
              • Instruction ID: 1cf01a4829a7eaf11b49b590b33888f751331199c221da9810d0d4a6188f24d6
              • Opcode Fuzzy Hash: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
              • Instruction Fuzzy Hash: 5F41E7316207179FD729CF28C984A6EB7ADFF90214B05462EEA1297680EB30FD58C7D0
              Function 011D01F8 Relevance: .1, Instructions: 138COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b9c9e25eedd7093df6a29b7efdb25bd05fb27e1f10fc6ec469108deae7274804
              • Instruction ID: 7f8775de3fd4e4f5186b1618e0b3f6fb2a0c05feed19f734f8040fc8b5af8837
              • Opcode Fuzzy Hash: b9c9e25eedd7093df6a29b7efdb25bd05fb27e1f10fc6ec469108deae7274804
              • Instruction Fuzzy Hash: 1641DC35D0121A9BDB18DF98C440AEEBBB4FF5C704F15812AF915E7240EB359C41CBA5
              Function 011CEBFC Relevance: .1, Instructions: 138COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ef9956d76e6f2235452a027b7903acf08e08cc62e61919b8964561f1f202f806
              • Instruction ID: f7a20572df44768370b04fd6277788aeb9f9a889d2593367fc44683675d54739
              • Opcode Fuzzy Hash: ef9956d76e6f2235452a027b7903acf08e08cc62e61919b8964561f1f202f806
              • Instruction Fuzzy Hash: 104104712113029FD729DF28C884A6BBBF9FF98228F01492DE657C3652DB35E848CB55
              Function 011E2750 Relevance: .1, Instructions: 137COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
              • Instruction ID: 4bcddd27c0745a716abcf48f3ad5cbe3fee55df1012fc003e65fe2118bd3b23a
              • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
              • Instruction Fuzzy Hash: BD518975A11256CFCB15CF98C480AAEF7F2FF94720F2481A9DA16A7355D730AE42CB90
              Function 011A6154 Relevance: .1, Instructions: 133COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 29cc79a26dd093b1a899e872a7792a71d9bdb9695e452d16e656e23222289004
              • Instruction ID: e030fd1a1e0fb3ba480a208f3a6a839ba562c81c59788cbcbfe341837e4d890b
              • Opcode Fuzzy Hash: 29cc79a26dd093b1a899e872a7792a71d9bdb9695e452d16e656e23222289004
              • Instruction Fuzzy Hash: 9C51E870900217DBEB2E8B68CC44BE8BFB1FF15318F5842AAD529976D1D7346981CF85
              Function 011A0BCD Relevance: .1, Instructions: 130COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5feea7ad9cb06067fbc8fec52edd15701bbf61cca698580d37436760f7be3a67
              • Instruction ID: 4e2e8d1bea3fbbf49ab8a5ba27d9feee49bf7d3cd589ffc17b50337e45c7c257
              • Opcode Fuzzy Hash: 5feea7ad9cb06067fbc8fec52edd15701bbf61cca698580d37436760f7be3a67
              • Instruction Fuzzy Hash: 3C41A575A002289BDF29DF68C940BEE7BB4EF49740F4100A9EA08AB251D7349E84CF91
              Function 0126866E Relevance: .1, Instructions: 129COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
              • Instruction ID: c87b56127a81d5ae368a346d7a0b17d4670dffb0ae9324ebe4becb0558e6ed3b
              • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
              • Instruction Fuzzy Hash: C7419675B20306AFDB19DF99CC84ABFBBBEAF88610F144069EA04A7381D774DD808750
              Function 011A0887 Relevance: .1, Instructions: 128COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8438c9f2fc989de053163122a708b7e41439afe36ffbc09e46b838edc18f620f
              • Instruction ID: 2b57654da782b29e37e1075835f6aedb8db1eaa809a4f99d728d89a7a13cd670
              • Opcode Fuzzy Hash: 8438c9f2fc989de053163122a708b7e41439afe36ffbc09e46b838edc18f620f
              • Instruction Fuzzy Hash: EF41BFB56007029FE72DCF28C880A66BBF9FF49314B504A6DE54AC6A50E730F859CB90
              Function 011CA470 Relevance: .1, Instructions: 127COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9b616ddc422a48d1dca29ca3e533a3cc8906c2dd3253e200b32b1d0dbec16714
              • Instruction ID: 3804edff239cd2e2fd3ce13da9c8fdeb224b83cf97e01b6e6b285f18f23ce36f
              • Opcode Fuzzy Hash: 9b616ddc422a48d1dca29ca3e533a3cc8906c2dd3253e200b32b1d0dbec16714
              • Instruction Fuzzy Hash: A341F33294020ACFDF2ADF6CE5987EDBBB0FF24B14F454159D511AB281EB349941CBA1
              Function 011A8BF0 Relevance: .1, Instructions: 124COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 82a5a342f2af3407aeca369f0558e051ce914874175525e0901e4409dac0f413
              • Instruction ID: 41f565b9e74cfa7814eec4fd8c4bb7f6b5105a8a9d9af5ee4e5e96ec05d6b9cf
              • Opcode Fuzzy Hash: 82a5a342f2af3407aeca369f0558e051ce914874175525e0901e4409dac0f413
              • Instruction Fuzzy Hash: C3411336900243CFD72DAF5CD988A9EBFB5FB94708F55812AD9019B24AD739D842CF90
              Function 01198918 Relevance: .1, Instructions: 123COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5129fe2a7eca8ae760170362389b3d907c5e77b51b5a4e41d4d355cbacad09fe
              • Instruction ID: 15cd5d71be7d27166121001bd2e5e49247eb505e4eaaa013547e021e5b3580a4
              • Opcode Fuzzy Hash: 5129fe2a7eca8ae760170362389b3d907c5e77b51b5a4e41d4d355cbacad09fe
              • Instruction Fuzzy Hash: 3241BE325087069ED716DF68C840A6BF7E9EF85B54F40092EFA94D7250E730DE048B97
              Function 0119A020 Relevance: .1, Instructions: 122COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
              • Instruction ID: 8c6ddc3c2df482fe89a4fdd30e397c0b1a8bf3e019da2f242079ceb45f4638ad
              • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
              • Instruction Fuzzy Hash: 4D413931A08212DBDF2DDE28D4507BABB71EF90754F1AC06EEB558B240D7329D84CB92
              Function 011A09AD Relevance: .1, Instructions: 122COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9f15b1eeb766bd62b24b8f7a471829c32ddf1299cefa20ff283af5bc5610bc06
              • Instruction ID: 474c82ddb882e59d065c7cc09052552719fc7130858f9e4bd4dbfcf521bf62b1
              • Opcode Fuzzy Hash: 9f15b1eeb766bd62b24b8f7a471829c32ddf1299cefa20ff283af5bc5610bc06
              • Instruction Fuzzy Hash: 63419775600701EFD329CF18C880B66BBF5FF58318FA18A2AE449CB251E730E942CB91
              Function 011D0710 Relevance: .1, Instructions: 121COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
              • Instruction ID: cf6a8e9ae1505bb6eab40fea795d7cab5366024bff891d493bae03c3c55c1591
              • Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
              • Instruction Fuzzy Hash: 12411871A00A05EFDB28CF98C991AAABBF5FF18700F11496DE596DB650D330EA44CF50
              Function 011A262C Relevance: .1, Instructions: 119COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 07db012e33b0581e85605ce4a0ab7f4d478659c0934c46cd47a6de5a7a3fa206
              • Instruction ID: cd8972b4c123a498e83e8ee0aec301ffa90612aa56d17290749107cc41afe7b0
              • Opcode Fuzzy Hash: 07db012e33b0581e85605ce4a0ab7f4d478659c0934c46cd47a6de5a7a3fa206
              • Instruction Fuzzy Hash: 2141E0B9901B01CFCB2EEF68C940A69BFF1FF54314F5582ADC50A8B6A1DB309A41CB41
              Function 011DC8F9 Relevance: .1, Instructions: 116COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d8e26196e05a7c9f1241e56cc0b79a9b97f42169000cb1b010cbf6725f6c4e1f
              • Instruction ID: 03d701abff5e256615dd44ec023aa0e769d40b12e8d10f00a260aa5c39771362
              • Opcode Fuzzy Hash: d8e26196e05a7c9f1241e56cc0b79a9b97f42169000cb1b010cbf6725f6c4e1f
              • Instruction Fuzzy Hash: 6A319EB1A10356DFDB1ACF68C040799BBF0FB49728F2085AED119DB251E7369902CF90
              Function 012207C3 Relevance: .1, Instructions: 114COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 569d4233962044d6e9019ddd47f6bdce66036c7c7c1d56889861d13a5e4a0b0a
              • Instruction ID: 966ba3f0db87e19debd10f2ea586c64dfded2ae4126f2b828391447171fc1690
              • Opcode Fuzzy Hash: 569d4233962044d6e9019ddd47f6bdce66036c7c7c1d56889861d13a5e4a0b0a
              • Instruction Fuzzy Hash: 77419D72518351AFD720DF69C845B9BBBE8FF88724F004A2EF598C7250D7B09904CB92
              Function 011980A0 Relevance: .1, Instructions: 111COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 84e5ef45f0d0ff51e1dd08feb0bd6a36591248491f330213eddd58dc541aa984
              • Instruction ID: 2bf6d3bf5768c63618be90e2b10797416ab8918e51067918a916e732f169207c
              • Opcode Fuzzy Hash: 84e5ef45f0d0ff51e1dd08feb0bd6a36591248491f330213eddd58dc541aa984
              • Instruction Fuzzy Hash: 1841F2B1E0461AEFCF0DDF18C880AA8BBB1BF45764F158239D825A7280D734ED418BD0
              Function 012205A7 Relevance: .1, Instructions: 111COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d7afe546a3aaba669961463482032f4aa13f09a13fb6b6af1375c27765803d7b
              • Instruction ID: b3fe22a4c6f1791fcecfa96155ba409ccac54db553fc593e64441b63f2b9634c
              • Opcode Fuzzy Hash: d7afe546a3aaba669961463482032f4aa13f09a13fb6b6af1375c27765803d7b
              • Instruction Fuzzy Hash: 1941C372614652AFD324DF6CD880A7EB7E9FFC8700F140619FA9497680E734E914C7AA
              Function 011A4859 Relevance: .1, Instructions: 111COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b4364685fafea23ab98df8f670a3f38301f22c7f4550aca8f52ede9c36bf537c
              • Instruction ID: db7e80f9172dd0a979e2cb9a83f2ecbbb7a1be69bf0fd728b8313b8792ff5c5c
              • Opcode Fuzzy Hash: b4364685fafea23ab98df8f670a3f38301f22c7f4550aca8f52ede9c36bf537c
              • Instruction Fuzzy Hash: 7341C3342043028BD729DF2CD894B2ABFE9EF84364F58442DE655876A1E7B0D865CB92
              Function 01198B50 Relevance: .1, Instructions: 111COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 30572d0f502824d602731e2d542ab1087bd86515bf860e3b76738ab194145a98
              • Instruction ID: 06624dbdea92fb676c65570fe3a8333266435c1301b1ad387b0de8bc6640196a
              • Opcode Fuzzy Hash: 30572d0f502824d602731e2d542ab1087bd86515bf860e3b76738ab194145a98
              • Instruction Fuzzy Hash: B8418E71A016098FCF18DF69C9809DDBBF1BF8A324B25862ED566A7250D734A901CB40
              Function 011B02E1 Relevance: .1, Instructions: 106COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
              • Instruction ID: a52f97ed073521786b01417ab77ef03f6ecc32759720c8590dec086306196056
              • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
              • Instruction Fuzzy Hash: 32312831A09245AFDB1A9B68CC84BDFBFF9AF18350F048165F815D7392D7749884CBA1
              Function 0124E3DB Relevance: .1, Instructions: 105COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f348cf05f04b200da96f0aff084296e16c0c10592c8b9b9db3736a51158fa52c
              • Instruction ID: cbacc80acfdd4b2ba0aa5c5b4a3b3819a7cb79e840538c6cd8c1b585d02d3898
              • Opcode Fuzzy Hash: f348cf05f04b200da96f0aff084296e16c0c10592c8b9b9db3736a51158fa52c
              • Instruction Fuzzy Hash: 4831AA35750716ABE72A9F958C81FAB77A5FB58B54F010028F600AB291DBB8DD01C7A0
              Function 01254B4B Relevance: .1, Instructions: 104COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 408e6ecb8d18d8683f2aeea3e3d7511a991f8e7fa2d21aa3cbe6036293d6f5d4
              • Instruction ID: a165d15c57daec2c17208f601c8d99f2b6c8e2189d77868290c42567f8b4a61d
              • Opcode Fuzzy Hash: 408e6ecb8d18d8683f2aeea3e3d7511a991f8e7fa2d21aa3cbe6036293d6f5d4
              • Instruction Fuzzy Hash: BE31D2326152428FC325EF1DD8C4E66B7F6FB80364F09446EEA959B251E730E881CF91
              Function 011A4260 Relevance: .1, Instructions: 102COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9132aec2c3cbaa120f2385c957bcb95aaefc385c92cbfd0008cdf52316dc0ba9
              • Instruction ID: 7febde7cfc2598dad10d156a70078870abd0425d62c4ada00536fd401de2efa3
              • Opcode Fuzzy Hash: 9132aec2c3cbaa120f2385c957bcb95aaefc385c92cbfd0008cdf52316dc0ba9
              • Instruction Fuzzy Hash: 7C41DF35200B46DFE72ACF28C881BD6BBE9BF48354F058529F6598B691C774E800CB94
              Function 01254BB0 Relevance: .1, Instructions: 101COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6b513bec8d188659972c724d4ba177a77dc06fc0fc6bb282b0397a3ff87e34bf
              • Instruction ID: 5d1f566f28a8e4e3801ac4062c4a79a3760c11f78a67fcfb614caa501c492c54
              • Opcode Fuzzy Hash: 6b513bec8d188659972c724d4ba177a77dc06fc0fc6bb282b0397a3ff87e34bf
              • Instruction Fuzzy Hash: CE31BC716242429FD324EF2CD8C4A6AB7E5FBC4720F05452DFE659B290E730E844CBA1
              Function 0121EB1D Relevance: .1, Instructions: 100COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0a24d6a1bb5a795ac7b55aa5ba6e6745973188fb107c404f2e8f9a0bfbf31050
              • Instruction ID: 6866e65d03b3016bf0acdbbfa66dbfc4bb679b5f97f7f85e7fc5b6cf5d67c53a
              • Opcode Fuzzy Hash: 0a24d6a1bb5a795ac7b55aa5ba6e6745973188fb107c404f2e8f9a0bfbf31050
              • Instruction Fuzzy Hash: 1131E2313216839BF327DB5CCD48B69BBD8BF60B44F1E04A0AF418B6D5EB28D940C221
              Function 012661C3 Relevance: .1, Instructions: 97COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 91b3e139e07d4523a1e149e001b53ee7883b54372babffdfe55baf43231e8879
              • Instruction ID: 26e040216bf24f0e9f198978dd13d19485b333a2a5d864c7866d544c00c77fd8
              • Opcode Fuzzy Hash: 91b3e139e07d4523a1e149e001b53ee7883b54372babffdfe55baf43231e8879
              • Instruction Fuzzy Hash: 8B31F375A1025AEBDB15DF98CC84FAEB7B9FB44B44F454168EA00EB284D770ED40CBA4
              Function 0124483A Relevance: .1, Instructions: 96COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c4e5b96f62758728fdb19237f862f0c2a960c6a43a88827ebbd6e97550deb10c
              • Instruction ID: 4ba6b50a3e8f393fa3062a7e11647c3da9db91ebd10d78c82eb780f1e3d7625c
              • Opcode Fuzzy Hash: c4e5b96f62758728fdb19237f862f0c2a960c6a43a88827ebbd6e97550deb10c
              • Instruction Fuzzy Hash: 5A315576A5016DABCF25EF54DC84BDEBBF5AB98710F1000A5E508A7250CB309E519F90
              Function 011CEB20 Relevance: .1, Instructions: 96COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5ee004344fd5598ac6145eb87bc5c2e80beb4d92b2e5eda39fcff0cd70e91341
              • Instruction ID: 695069cb95e0d690b076f8cb6ec897580d082463cbf2a87dbc165af2d7d7a1c6
              • Opcode Fuzzy Hash: 5ee004344fd5598ac6145eb87bc5c2e80beb4d92b2e5eda39fcff0cd70e91341
              • Instruction Fuzzy Hash: EF31D372E12215AFDB35DFA9C840BAEBBF9EF14B50F014529E516E7290D3709E008BA1
              Function 012660B8 Relevance: .1, Instructions: 95COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: bd6a815a8ebdbd717bb0e68740db1e4a0753d8d7b8da5e8bc1a40348253a4048
              • Instruction ID: 7f562d3ccd4561960004a4e7fa4e0b8b493d98c0e5077e9b52709a5e1da2bb79
              • Opcode Fuzzy Hash: bd6a815a8ebdbd717bb0e68740db1e4a0753d8d7b8da5e8bc1a40348253a4048
              • Instruction Fuzzy Hash: D031E571B20606EFDB169FADC890BAABBBDEF44754F1040A9E505DB381DB70DD418B90
              Function 011A07AF Relevance: .1, Instructions: 95COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 33fcd2fe5cc1c6d24cc6ebdb4b8e8784688590e4ea2e610a128c651bc9a7f102
              • Instruction ID: c23036cdd1f75195d8bac4224fdee2625cbf375476643326799b2e86dce9121b
              • Opcode Fuzzy Hash: 33fcd2fe5cc1c6d24cc6ebdb4b8e8784688590e4ea2e610a128c651bc9a7f102
              • Instruction Fuzzy Hash: 5A31353AE05302DBCB1EDE28C880AABBFA5AF98250F42442DFD5597310DB30DC1187E6
              Function 011A8550 Relevance: .1, Instructions: 94COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 96f5ca0fc57a657724709edfe08497b7b90d3d87dbaa44fe1ccc4268b645c4e6
              • Instruction ID: 2c7f38d646fd060e50c73a8b9e097d570af7c22d1c3499d15c615d027ccd5829
              • Opcode Fuzzy Hash: 96f5ca0fc57a657724709edfe08497b7b90d3d87dbaa44fe1ccc4268b645c4e6
              • Instruction Fuzzy Hash: 45318E75619302CFE725CF19C844B2AFBE6FB98B00F454A6EEA8497391D770E844CB91
              Function 011DA6C7 Relevance: .1, Instructions: 92COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
              • Instruction ID: 1904efd064ede6e8d83e2bc680e0e0158771eba8f6daf5017f947382e9c76b67
              • Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
              • Instruction Fuzzy Hash: D7312AB2B00B01AFD769CF69DD41B57BBF8AF18A50F15092DA59AC3650E771E900CB60
              Function 0124EBD0 Relevance: .1, Instructions: 91COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a6d52d5ac3494ccb58b68581523438064ed31b3933baa2015d0759e894c0be21
              • Instruction ID: cab1e2b8709b999f95a683543c9d465853386291c3273f051f17dee98fa06136
              • Opcode Fuzzy Hash: a6d52d5ac3494ccb58b68581523438064ed31b3933baa2015d0759e894c0be21
              • Instruction Fuzzy Hash: 0531CAB1625302CFCB19DF1DC58089ABBF1FF89218F0649AEE5889B211D334E944CF96
              Function 011C438F Relevance: .1, Instructions: 89COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 67f1f77f08de954eb2d6d0eb896a97a44a3b4b6fc12792d301414b6848ce9f56
              • Instruction ID: 17c22fd5bf329321109f45c575b699fde1bdbe1f29f2f9416c4ec46568fad35f
              • Opcode Fuzzy Hash: 67f1f77f08de954eb2d6d0eb896a97a44a3b4b6fc12792d301414b6848ce9f56
              • Instruction Fuzzy Hash: 1931F631F142069FD728DFB8C890AAEBBF9BBA4B08F10852DD105D7A95D730D945CB90
              Function 0119CB7E Relevance: .1, Instructions: 89COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
              • Instruction ID: ae3a33d34a773125f732b692b7e361c49091e302fee0227e59605a1d51ed88fc
              • Opcode Fuzzy Hash: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
              • Instruction Fuzzy Hash: 1D213B35E042576ADB08DBB98410BEFBBB5EF10740F0680359E55E7340E374D90087D0
              Function 0119C156 Relevance: .1, Instructions: 88COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9d7529f16f88cc12d25875f050aafda243285277feffc642979f14adfd030d71
              • Instruction ID: 22e0f70d3fd24a5ed7fbeaf27f042fd3c24d5eee2711f9984aeb589220c2434e
              • Opcode Fuzzy Hash: 9d7529f16f88cc12d25875f050aafda243285277feffc642979f14adfd030d71
              • Instruction Fuzzy Hash: B5313EB25002018BDF29AF5CDC85BB97BB4EF50318F5481ADDA459F345DB34D986CB90
              Function 0125C3CD Relevance: .1, Instructions: 88COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
              • Instruction ID: df89cda39ae77cb5ed7d0272a969c7157e151e129a67fbc4b7159d82eac59e76
              • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
              • Instruction Fuzzy Hash: B6212D3A610B5676CF19AB958840EBABFB8EF50714F40801AFEA587551F734D960C360
              Function 0119E420 Relevance: .1, Instructions: 88COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: bd027b2905972c9349f497744fb59325f53cafdca457ee3ecdcdbaf5dd907518
              • Instruction ID: ceaddca43a2cc8847b409a463c1eb35ee8f9ecc35487d7382081be675d339577
              • Opcode Fuzzy Hash: bd027b2905972c9349f497744fb59325f53cafdca457ee3ecdcdbaf5dd907518
              • Instruction Fuzzy Hash: AA31D631A0252C9BDF39DB18CC41FEE77B9AB15744F0100A1E665E7290D774AE80CF91
              Function 011D4588 Relevance: .1, Instructions: 87COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
              • Instruction ID: dbcf41539a7ac46a304ef7bab4a699f6ae98e56077944ecf4b74806180868109
              • Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
              • Instruction Fuzzy Hash: BA217171A00609EFCB19CF58C9C0A8EBBB5FF48714F108065FE169BA81D771EA058B90
              Function 011D44B0 Relevance: .1, Instructions: 87COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: adc876161b9c7a708b447aa8aa1679c9e8d0933749d880906c990e6d25abb319
              • Instruction ID: b023f7412fc16b922e127baa0faa28d0483618cd7d8fd79a0277217209dd30ec
              • Opcode Fuzzy Hash: adc876161b9c7a708b447aa8aa1679c9e8d0933749d880906c990e6d25abb319
              • Instruction Fuzzy Hash: E521D272604746ABCB2ACF58D880B6B77E4FF88760F414529FD549BA41D730E901CFA2
              Function 0119E388 Relevance: .1, Instructions: 86COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
              • Instruction ID: b8eba99755533c64ba0a577e10cf3233bec4b295cd5127da054ac38350cca0bf
              • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
              • Instruction Fuzzy Hash: A0318B31600605EFDB29CFA8C984F6AB7B9FF45354F1445A9E522CB290E730EE02CB51
              Function 0121E609 Relevance: .1, Instructions: 86COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 323cc5cfddf8ae416565e457dc42160305b0099f56a49f90a1c2b27889e216b5
              • Instruction ID: c89936e05eed0737555e019c3e67b535f6ceccdaceb8e3a73dcc18275cb63e60
              • Opcode Fuzzy Hash: 323cc5cfddf8ae416565e457dc42160305b0099f56a49f90a1c2b27889e216b5
              • Instruction Fuzzy Hash: EC31F175A20246DFCB19CF1CC8849AEB7F5FFA4304B164859EC099B399E770EA40CB94
              Function 012206F1 Relevance: .1, Instructions: 79COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0c9a61df4046342a730b6c61ced691aebf6cf0e467c506e3e7fcdc2e83245541
              • Instruction ID: 97474230a11585ddc7e825418f061b9f3a3c709b7deadc386f332ff15220a286
              • Opcode Fuzzy Hash: 0c9a61df4046342a730b6c61ced691aebf6cf0e467c506e3e7fcdc2e83245541
              • Instruction Fuzzy Hash: 2F21B17191052AABCF19DF59C881ABEB7F4FF48744F400069F541EB240D778AD42CBA4
              Function 0122019F Relevance: .1, Instructions: 78COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 72d1af1e8d2aaead9d728a9eff79826dcd1cb854fd9853b01a45273782c6faf7
              • Instruction ID: 06c67f304112676485c346e1d97a587efd153df847d7eaa078bfc844fd5d8ec5
              • Opcode Fuzzy Hash: 72d1af1e8d2aaead9d728a9eff79826dcd1cb854fd9853b01a45273782c6faf7
              • Instruction Fuzzy Hash: 8D21AB71610615BBD719DBACC884A6AB7A8FF48744F14016AFA04D76A0D734ED10CB68
              Function 01220283 Relevance: .1, Instructions: 74COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5dc11f35eb12efb0a59d1485450d29cce9a9728ee35a4f5b566b408015d8ca30
              • Instruction ID: df76166cc43fae8f388e73095a1be8c98e672f0c509e14999430a15bc60fd9d9
              • Opcode Fuzzy Hash: 5dc11f35eb12efb0a59d1485450d29cce9a9728ee35a4f5b566b408015d8ca30
              • Instruction Fuzzy Hash: A5212572914356AFD311EF59C884F9FBBECAF91244F080456FE90C7251D730D904C6A6
              Function 011C2835 Relevance: .1, Instructions: 73COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: cba1535905ca485af699cfc2c60239f4b8be405f4420434b68b32c4b6de97234
              • Instruction ID: fac39f1f09a811a3bbb9157988fab3d0de3ab6f27adb3123a2c13a02a80af84e
              • Opcode Fuzzy Hash: cba1535905ca485af699cfc2c60239f4b8be405f4420434b68b32c4b6de97234
              • Instruction Fuzzy Hash: 3D21F6316657829BF32B576CCC44B693BD4AF51F74F290368FA209B6E2DB78C8118251
              Function 011DA30B Relevance: .1, Instructions: 70COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 436e973bee3dca122b5e24db0d25365307ef3b9d3d95d4412dd1fcecdb4b430b
              • Instruction ID: b043f54236d756724d97a5780cda651a24eb656b9f5c6904cb9a7d35dcfe114d
              • Opcode Fuzzy Hash: 436e973bee3dca122b5e24db0d25365307ef3b9d3d95d4412dd1fcecdb4b430b
              • Instruction Fuzzy Hash: 7D21BB75210A01AFCB29DF29CD40B46B7F6FF18B08F248468E509CBB61E771E842CB94
              Function 0125A49A Relevance: .1, Instructions: 70COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9e6bb90a5d50f910c632e455d72bd9063691e10b348db16f871e6ec4f4aa8ba0
              • Instruction ID: b865149f64516afc40fd61ff7780025d2bfc4a53f2daa34a79071453483719b8
              • Opcode Fuzzy Hash: 9e6bb90a5d50f910c632e455d72bd9063691e10b348db16f871e6ec4f4aa8ba0
              • Instruction Fuzzy Hash: 24112C727B0B11BFD3625A55AC82F27BA99DBD4B64F510129BF18CB280DBB0DC018795
              Function 01220946 Relevance: .1, Instructions: 70COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c643be9c026788c06b62bb089574e062a368af9451470e12e388c6ba1faee9a9
              • Instruction ID: f0304ec2c4361294bcdff09b8a98c09893afcc32da3385d8d65ae5934c8f42a2
              • Opcode Fuzzy Hash: c643be9c026788c06b62bb089574e062a368af9451470e12e388c6ba1faee9a9
              • Instruction Fuzzy Hash: 4E21E9B1E50219ABCB14DFAAE984AAEFBF9FF98600F10012FE505A7244DB709941CB54
              Function 012380A8 Relevance: .1, Instructions: 69COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
              • Instruction ID: 8adbd0fb3359786751f165c061413a1780abb9f9a24c8833cf98dfca2380d314
              • Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
              • Instruction Fuzzy Hash: CB218CB2A1020AEFDF129F98CC40BAEBBBAEF98310F204419F950AB251D774D9518B50
              Function 011D0124 Relevance: .1, Instructions: 68COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
              • Instruction ID: 3bf537585e71cb37b72a2186f6cee5fd3c73c5c4ea3921c6b455b9d49645c7a1
              • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
              • Instruction Fuzzy Hash: C7110473600705BFD72A9F58CC80F9ABBB8EB84758F110029F6008B180D771ED44CB64
              Function 011A8770 Relevance: .1, Instructions: 68COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0b5f5103dfe42daaff507b535b0df48915a0dcf9810c4d7bd64469530c42b208
              • Instruction ID: a2496a29501d3c6241f8403f5616368fa7ec34e72de14b8bca1879b9688de4f2
              • Opcode Fuzzy Hash: 0b5f5103dfe42daaff507b535b0df48915a0dcf9810c4d7bd64469530c42b208
              • Instruction Fuzzy Hash: FC11C479700A119BDB19CF9DC4C0A16BFE9AF4A711B99407DEE089F204D7B2DD11C790
              Function 011A80E9 Relevance: .1, Instructions: 66COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 01805e2b6318f49dbafba3f73d0459bb7d90394647e55bcfe845a3f0750a0aa6
              • Instruction ID: acf1c5f58dc46120710f3d200c5a3795b38f5258562395758ecf13019018f59a
              • Opcode Fuzzy Hash: 01805e2b6318f49dbafba3f73d0459bb7d90394647e55bcfe845a3f0750a0aa6
              • Instruction Fuzzy Hash: 90215B75A00206DFCB19CFA8C581AAEBBB5FB88319F64416DD105AB311CB71BD06CBD0
              Function 011D674D Relevance: .1, Instructions: 65COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 639201f5bed37b7de5d0fe16d168d463fcac6ad207d79f2aa6b0faf39f943f3e
              • Instruction ID: 6ca186a64f8c695da947d1c2603a57cbaa317430ee306fd4af2c976528a08279
              • Opcode Fuzzy Hash: 639201f5bed37b7de5d0fe16d168d463fcac6ad207d79f2aa6b0faf39f943f3e
              • Instruction Fuzzy Hash: 9B218E71510A01EFD7289FA8C881B66B7E8FF44250F41882DE59EC7250DB30A850CB61
              Function 01236870 Relevance: .1, Instructions: 63COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 989a21b434866b4fe3df496ea4a53c8fd21253f85dc69841992f6933523c23ae
              • Instruction ID: ccd85611468512b370e92f3db72913dfe19004eaf8c350016e6af58238286a89
              • Opcode Fuzzy Hash: 989a21b434866b4fe3df496ea4a53c8fd21253f85dc69841992f6933523c23ae
              • Instruction Fuzzy Hash: B511E3B2260515FFC722CB9DC980F9AB7ACEF99B54F014025F205DB250DB70EA05C7A0
              Function 011CE8C0 Relevance: .1, Instructions: 63COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a64c3e91c1797361363d271f950b3a6314481a8f7aa39f8331a53c7c10f22ce2
              • Instruction ID: 0ff85a55c823a4b9f2bb44fdb890fc66620006c5058b3b81b8288740ced8a0a5
              • Opcode Fuzzy Hash: a64c3e91c1797361363d271f950b3a6314481a8f7aa39f8331a53c7c10f22ce2
              • Instruction Fuzzy Hash: 7C112B333111159FCF1EDB29CD91AAF7A96EFD5774B25452DD922CB2D1EA309802C390
              Function 011D66B0 Relevance: .1, Instructions: 61COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 90f49ccca3f78c183a703d7c145f0906c7480e00076a1df369f49fd6ab586093
              • Instruction ID: 6828490756576fdcee1abd0df31de9f74607dfbb92c132dae05c5b089d44a750
              • Opcode Fuzzy Hash: 90f49ccca3f78c183a703d7c145f0906c7480e00076a1df369f49fd6ab586093
              • Instruction Fuzzy Hash: 6D11CE76A01609DFCB2DCF9DD580E9ABBF9EF98650B06407AD9059B310E734DD00CBA0
              Function 0126A8E4 Relevance: .1, Instructions: 61COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
              • Instruction ID: f2394c3d23947fff3fbda6b043f909118fc9a1195d66fd77b05545965b901c0b
              • Opcode Fuzzy Hash: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
              • Instruction Fuzzy Hash: CA110836610505AFDB19CB58CC01B9DF7F9EF84210F154269EC55A7380D671ED51CB80
              Function 0122E7E1 Relevance: .1, Instructions: 59COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
              • Instruction ID: 7c0ec6499eab5536a7bf5327704e58cceb59ac8bf8ddd93c9765986405a4f331
              • Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
              • Instruction Fuzzy Hash: B611E371620622FFE7219F48C840B5EBBA6EF41754F078428EA889B170D7B0DC40EB91
              Function 011C27ED Relevance: .1, Instructions: 58COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 947594e547eeab43d69be5e54d116aa71efd5683229d8be7555fa9be417e32f3
              • Instruction ID: 3caeb1bdce50f8700b006318a1bbf01ae53b636aea5df655fe8752d18409df66
              • Opcode Fuzzy Hash: 947594e547eeab43d69be5e54d116aa71efd5683229d8be7555fa9be417e32f3
              • Instruction Fuzzy Hash: BE012631255646ABE31FA66EDC84F6B7BCCEF91B54F460078FA008B281DB34DC00C2A1
              Function 011A4690 Relevance: .1, Instructions: 57COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6aa547d7e6a3c21e9c5db1abb268ff9b61142827ac2f3aa7e61811b0b71fe60e
              • Instruction ID: f00fe5e076a7b702086c9f848bce43e9b3b8e01f8393f905f511025bfd6c7254
              • Opcode Fuzzy Hash: 6aa547d7e6a3c21e9c5db1abb268ff9b61142827ac2f3aa7e61811b0b71fe60e
              • Instruction Fuzzy Hash: 1211A03A240B95AFDB2ACF9DD840B567FA5EB85764F494119F9048BA50C3B0E800CF60
              Function 01274B00 Relevance: .1, Instructions: 57COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4df110b4ee3f2daf70737701520ac0fad3780003f5a343e3c825275c47ff684d
              • Instruction ID: a02a8e8c70099971620cdc3688b10b73f7f6aac61e084f26b8e9e3bd21342159
              • Opcode Fuzzy Hash: 4df110b4ee3f2daf70737701520ac0fad3780003f5a343e3c825275c47ff684d
              • Instruction Fuzzy Hash: 151106326106529FD722AA6DD840F77B7A5FFC4710F155429EA4687250EB30AC02C790
              Function 011D6620 Relevance: .1, Instructions: 56COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9b6908970ef068d715b42efcc3463cc55a39c0cd24df96e041284b1309e4aa8c
              • Instruction ID: 1074d612c047f76d19c9f6c20fc584567068ce14852846ff80440d536e2b6e94
              • Opcode Fuzzy Hash: 9b6908970ef068d715b42efcc3463cc55a39c0cd24df96e041284b1309e4aa8c
              • Instruction Fuzzy Hash: B011A176A00715ABDB26DF9DC9C0B9EFBB9FF84754F500459DA01A7200D734AD01CBA0
              Function 011CEA2E Relevance: .1, Instructions: 56COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 45b808ab6c580e414399020d62469db5cb855f68acfbf174c95c0d0e081615d4
              • Instruction ID: ac805cac5369c5922c828072d860a3c5de413a13691e64eab44847ccd58c64de
              • Opcode Fuzzy Hash: 45b808ab6c580e414399020d62469db5cb855f68acfbf174c95c0d0e081615d4
              • Instruction Fuzzy Hash: DE0192756011499FC72ADB1DE448F26BBF9EF95718F25816EE1058B260D770EC42CB90
              Function 011CE53E Relevance: .1, Instructions: 55COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
              • Instruction ID: 3e49b88c223abeb6e5fe8bcf4fb408b6ba902e2fbe8889901e1e8eaaa0ea0447
              • Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
              • Instruction Fuzzy Hash: BD11E9752A26C69BE73B9B1CCA84B653B94BB60B58F1A04A4DE4187683F338D841C251
              Function 0122E75D Relevance: .1, Instructions: 54COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
              • Instruction ID: 7a4fcf505aba01f7b78116f8982f10dfb268094ef0a34c99a8f1e1371de517c3
              • Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
              • Instruction Fuzzy Hash: 1501D636610226BFFB295F58C801FAE7EA9EB40754F168424FA059B160D771DD40EB90
              Function 0119A250 Relevance: .1, Instructions: 52COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
              • Instruction ID: 7b9173f6f480a91687a23efe16b82b498ceb67bf251dc06bff8d18b624c13361
              • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
              • Instruction Fuzzy Hash: 57014931804B219BCF398F59E840A327BF5FF5576070085ADFCA58B281D331D404CB60
              Function 01274940 Relevance: .1, Instructions: 52COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 22e6c4a81c584360a0bf6c2f11cf758289e4af4b9a8d6bb49ffff79c3cb5f6db
              • Instruction ID: fcad7d7e75e010243fd8027011b01d7dcbcb1646e1eaf80468a5d29e5aba5c67
              • Opcode Fuzzy Hash: 22e6c4a81c584360a0bf6c2f11cf758289e4af4b9a8d6bb49ffff79c3cb5f6db
              • Instruction Fuzzy Hash: 9C012632561152EFC332EF1CD840E53B7A8EB81374B264216EA689B1D6E730E801CBD0
              Function 0121E1D0 Relevance: .1, Instructions: 51COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a9d3986b0fff060b2af50547dc3651a058be16efd1b72707f589a9fb8218878b
              • Instruction ID: bca37656cc612ec165ffbd5a1fe6d349cded7700869b61388a828a7ef84b5c90
              • Opcode Fuzzy Hash: a9d3986b0fff060b2af50547dc3651a058be16efd1b72707f589a9fb8218878b
              • Instruction Fuzzy Hash: 5411E132251201EFCB1AEF09CC90F467BB8FF58B88F100065EE058B251C331ED01CA90
              Function 011A6259 Relevance: .1, Instructions: 51COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3608707cd5fd45e913d37e3d3bc41414f915d4b557acf59716cbaac7280bef34
              • Instruction ID: c0d30eb117917324d49859c4fe6fe5aeed388178348ae33053f61322c1c53cda
              • Opcode Fuzzy Hash: 3608707cd5fd45e913d37e3d3bc41414f915d4b557acf59716cbaac7280bef34
              • Instruction Fuzzy Hash: AB115A71941629ABEF29ABA4CC56FE9B6B8AB04714F5041D5A318A60E0DB709E81CF84
              Function 01226050 Relevance: .0, Instructions: 50COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9b7cfc58d240406319ce54d3ab98ff42a4af0be81c8aa9a4a1887afa2998711a
              • Instruction ID: 9a2018aa8f7073d48d16e2cbb6b6a33c17a5548e88636537b2f30d4e23eb9808
              • Opcode Fuzzy Hash: 9b7cfc58d240406319ce54d3ab98ff42a4af0be81c8aa9a4a1887afa2998711a
              • Instruction Fuzzy Hash: 32111773900019ABCB16DB94CC84DDFBBBDEF48258F044166E906A7211EA34AA15CBA0
              Function 011A208A Relevance: .0, Instructions: 50COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
              • Instruction ID: 8c5eb8ee38fdfd833ed65e351c2a5f6f99edf1c14678602bb869df84fb6122a0
              • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
              • Instruction Fuzzy Hash: 5201F5372001118BDF1D9A59D980BA67B67BFD4600F9645A9ED058F246DBB1C881C391
              Function 01236500 Relevance: .0, Instructions: 50COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 88b4e03646f2dc8e2e7e6f153f24e2eae2022d32fd84fe252f0693611b2fdbaf
              • Instruction ID: 058cf0f2863f56b530534f64257d36c5f67a726dc9b4f965f0a25317fb686588
              • Opcode Fuzzy Hash: 88b4e03646f2dc8e2e7e6f153f24e2eae2022d32fd84fe252f0693611b2fdbaf
              • Instruction Fuzzy Hash: A4110872610146AFC711CF18E400BA1F7B9FB96304F088169E944CB355D731ED41CBA0
              Function 0122C810 Relevance: .0, Instructions: 50COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d2aa35a38d7026883f65b8a28ea18d8bb1ff49909d91f10cf1c27a340ccdf4ea
              • Instruction ID: 4fda8afa7cca6d1bca171d5263a86ebf193cc8b95914291ac69da7ce60fb04c0
              • Opcode Fuzzy Hash: d2aa35a38d7026883f65b8a28ea18d8bb1ff49909d91f10cf1c27a340ccdf4ea
              • Instruction Fuzzy Hash: 6D114CB1A10209ABCB04DF99D585A9EBBF4FF58210F10806AE904E7340D274EA018BA4
              Function 0124EA60 Relevance: .0, Instructions: 50COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7f3a724d569f160256b669d06a666d3fcc4e474b392f42ffa0258d93a6f38582
              • Instruction ID: 7a5acb53a67479e001ea3de8f48c0b0ca1ded40e229dfabe2fe46ada862adda6
              • Opcode Fuzzy Hash: 7f3a724d569f160256b669d06a666d3fcc4e474b392f42ffa0258d93a6f38582
              • Instruction Fuzzy Hash: 7F01FC311501229FDB3EAF29C484DBABBB9FF51654B06442EE2555B611CB34EC41CBE1
              Function 0119C020 Relevance: .0, Instructions: 49COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
              • Instruction ID: 5cb0954df4aeeedb84e212a4e2e442b51ea34b40c7f22f8399e9a1f2778f5524
              • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
              • Instruction Fuzzy Hash: 7E0168321007459FEF2A96AAD804FBB77F9FFD5214F05881DE6968B550DB70E402C791
              Function 011E20F0 Relevance: .0, Instructions: 49COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5211f3221967e4a42d5cb38085ef19881c7ad0458ee1f4a05faf13d6e2438e7b
              • Instruction ID: 8a3e3a30f624e482da3b3c292dcf135256f2bc237c1da26f8acb3d2f82d41b32
              • Opcode Fuzzy Hash: 5211f3221967e4a42d5cb38085ef19881c7ad0458ee1f4a05faf13d6e2438e7b
              • Instruction Fuzzy Hash: C0116935A0164DABCB09EFA8C854EAE7BF9EB54644F004059EA019B290DB35EE11CB90
              Function 011DE5CF Relevance: .0, Instructions: 49COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5697a8ae8e24278c7804bcbf3c613b2d8204e29893b824f17c569306c213532b
              • Instruction ID: ffb4c74030280897e6350511471b429f685b88f36df5e19235f5301ab7081d95
              • Opcode Fuzzy Hash: 5697a8ae8e24278c7804bcbf3c613b2d8204e29893b824f17c569306c213532b
              • Instruction Fuzzy Hash: 6201D471211906BBC719AB69CDC4E93BBECFB656A87000529F20987550DB34FC15C6A0
              Function 012369C0 Relevance: .0, Instructions: 49COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: be71a6c3180caf97e2f875c29a12704c4d0967aeb7cfb5e963bf76aeede88c46
              • Instruction ID: 2a8f3915e6741d96677e01491ba7c28175c8e8321552b837a213b9c4f16e5844
              • Opcode Fuzzy Hash: be71a6c3180caf97e2f875c29a12704c4d0967aeb7cfb5e963bf76aeede88c46
              • Instruction Fuzzy Hash: 5901F072234602ABC324DF6DD889967BBECFF94664F214519E95587180D7309A12C7D1
              Function 0122C460 Relevance: .0, Instructions: 48COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5cb15f215b1a0688da979189606551bbe1cdee05d6d3891973d619883533495c
              • Instruction ID: ea4085271737af19103722052bfd60effd8478e235947b4fa32bf6f62340fc40
              • Opcode Fuzzy Hash: 5cb15f215b1a0688da979189606551bbe1cdee05d6d3891973d619883533495c
              • Instruction Fuzzy Hash: 15115775A10219BBDB15EFA8D844EAEBBB5EB48254F004059F90197390DB34EA21CB90
              Function 0122C97C Relevance: .0, Instructions: 48COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 28b16e256d209b04be6fa5320470d68b6a5ffe9b6ec5ee7955ac6771c50498bf
              • Instruction ID: 2a3016a2010acc69a5993b350ac953056c80a9b78ad97d8f4ceef0ff31b3cc18
              • Opcode Fuzzy Hash: 28b16e256d209b04be6fa5320470d68b6a5ffe9b6ec5ee7955ac6771c50498bf
              • Instruction Fuzzy Hash: 741179B1618309AFC704DF69D44699FBBE4EF98710F00495AFA98D7390E630E910CB92
              Function 0122CA11 Relevance: .0, Instructions: 48COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c223ee70b7b33070eb2891daf08731c7aaa751af41f099c147dee62807da1b41
              • Instruction ID: 17d5ba013072be429403859e19dcf5fcd1f6501ca4e69d07ed16cba82388b80d
              • Opcode Fuzzy Hash: c223ee70b7b33070eb2891daf08731c7aaa751af41f099c147dee62807da1b41
              • Instruction Fuzzy Hash: 231179B1618309AFC704DF69D44598FBBE4FF99750F00896AF958D73A0E630E910CB92
              Function 01274A80 Relevance: .0, Instructions: 48COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
              • Instruction ID: cb52a9231a68e259f2c11482e7c687caad7ad04b486230d99a44f6bdacbd6480
              • Opcode Fuzzy Hash: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
              • Instruction Fuzzy Hash: AC01D8332106429FD725BA59D854F97B7EAFBC6610F044919E7428B650DAB0F850C794
              Function 011BE016 Relevance: .0, Instructions: 46COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
              • Instruction ID: a0fb3c9174db2f2249d358396de3eac49cfeaf713ceca1d2305e8450d51bb283
              • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
              • Instruction Fuzzy Hash: 230184313055849FE32A971DC988FAA7BE8EF44754F0904A5FA05CB691D738DC40C622
              Function 0119826B Relevance: .0, Instructions: 46COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f04a0ea973a03383bdc9cd947d5336aa6cc3e333de86cd8ccef902697cf2ea78
              • Instruction ID: b2474c30fef11f9fdd9fdbc6011ba3eb0a3df0b07e512e3a4842abd56ce8f9b0
              • Opcode Fuzzy Hash: f04a0ea973a03383bdc9cd947d5336aa6cc3e333de86cd8ccef902697cf2ea78
              • Instruction Fuzzy Hash: 26018F32610509ABDB1CEBA9E9049BEB7B9EF82610B1580A9DA01E7684DF20DD01C691
              Function 0124EB50 Relevance: .0, Instructions: 46COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID: InitializeThunk
              • String ID:
              • API String ID: 2994545307-0
              • Opcode ID: c903c18979c65dd30408273b546464b7b38d57a607a2746f6c8a1a0f505b3bc5
              • Instruction ID: a24b0557b3ad4a0a5a7585974366315b4fcb0b68027c7e8044d895ef01a90300
              • Opcode Fuzzy Hash: c903c18979c65dd30408273b546464b7b38d57a607a2746f6c8a1a0f505b3bc5
              • Instruction Fuzzy Hash: 3F01DF71290601AFE3399B19D841F86BAA8BF54B54F01082EE3068B390D7B4A8418B64
              Function 011A2582 Relevance: .0, Instructions: 45COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e09fcaad02faccb87490f873b1e835728301bda769b308fe489a8f132c095f9b
              • Instruction ID: 3171c63a8dd48fb37206784e825ca69e836198d8d84698fe54941bd96876b650
              • Opcode Fuzzy Hash: e09fcaad02faccb87490f873b1e835728301bda769b308fe489a8f132c095f9b
              • Instruction Fuzzy Hash: 73F0F932641611B7C73ADB56CC40F97BEAAEB84A90F014029E60597640D730ED01C6A0
              Function 011CC073 Relevance: .0, Instructions: 43COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
              • Instruction ID: 5ec790f8c2c5ff8b49c9b12adcdba9b5a16a2228b9df8f38ec370c4412e13b30
              • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
              • Instruction Fuzzy Hash: DAF0C2B2600A15ABD328CF4DDC40F57FBEEDBD1A84F048128E509C7220EA31ED04CB90
              Function 0119C310 Relevance: .0, Instructions: 43COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
              • Instruction ID: 45c542734dd680e3dee896d0ea29b3015a29f4bc825826dd3e27e35f4eb0357a
              • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
              • Instruction Fuzzy Hash: DFF0FC332086739BDF3E16594840B6BA9958FE5E64F1A0035E26D9B244CB648F0256D1
              Function 0127634F Relevance: .0, Instructions: 43COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 70c347ea48af29b665cf7852db6a37de10cab7d778d2f24d69564cd32a51e854
              • Instruction ID: 05b5201051c2ba60c6b2cec1b42b31fba635754853c5642f45f14af5997f1433
              • Opcode Fuzzy Hash: 70c347ea48af29b665cf7852db6a37de10cab7d778d2f24d69564cd32a51e854
              • Instruction Fuzzy Hash: 07018F71A2060AEFDB04DFA9E445AAEBBF8FF58704F10406AF910E7350D7749A00CBA4
              Function 0127625D Relevance: .0, Instructions: 43COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: fac82540c66fbe8f86e4bef132564d2faf0c384f2c986444d459dfca95c97fce
              • Instruction ID: bdfb98ec9e4d689aa4a8a5be5527f83edce5de38ae70d368695fc74de0c35351
              • Opcode Fuzzy Hash: fac82540c66fbe8f86e4bef132564d2faf0c384f2c986444d459dfca95c97fce
              • Instruction Fuzzy Hash: 58018F71A1060AEFDB04DFA9E485AAEB7F8FF58304F10406AF914E7350D774AA00CBA4
              Function 012762D6 Relevance: .0, Instructions: 43COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f368b7d090c5ba6bfad5be7416efa7609727050c67d466805afb3d5ff297ae74
              • Instruction ID: 083dd1841e487146ca9d179876766a51a809d42f9afc0fd05f0b260e897e08e0
              • Opcode Fuzzy Hash: f368b7d090c5ba6bfad5be7416efa7609727050c67d466805afb3d5ff297ae74
              • Instruction Fuzzy Hash: AA017171A10609AFDB04DFA9E44599EBBF8EF58704F50405AE910E7350D7749A00CBA0
              Function 011DCA6F Relevance: .0, Instructions: 42COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
              • Instruction ID: 7fcf40ee645f8e91f332b5fa8d5211def28aa7cab7e07b1ad1d3d8be4eabc795
              • Opcode Fuzzy Hash: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
              • Instruction Fuzzy Hash: 7E01F9316506859BD32ADB1DC845F99BBD8FF51754F094469FB048B691EB78C800C252
              Function 012761E5 Relevance: .0, Instructions: 41COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9bb79c14cc279f0be69b04ebd43791fb62024522cca4e87e0da36dac4373455c
              • Instruction ID: 71f9c024cb709899b8e83aafb94307c76786ffda65bdb2c2a9a67a90d48d75eb
              • Opcode Fuzzy Hash: 9bb79c14cc279f0be69b04ebd43791fb62024522cca4e87e0da36dac4373455c
              • Instruction Fuzzy Hash: 38014F71A10649ABDB04DFA9E845AEEBBF8BF58714F14405AE501E7280D774EA01CB94
              Function 012263C0 Relevance: .0, Instructions: 41COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
              • Instruction ID: bd4888de5a85905c1b29dec7811f2beee19fd7da5d5149e426d5c7276f8eb924
              • Opcode Fuzzy Hash: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
              • Instruction Fuzzy Hash: FBF0F97221001DBFEF019F94DD80DEF7B7EEB59698B104125FA11A2160D635DE21EBA0
              Function 0122A4B0 Relevance: .0, Instructions: 40COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d8537196108c87a9fa2f8cfbaf27823c76662b0fb3a4b7c80152b6b9830ea8aa
              • Instruction ID: 0920e13bba6376ac8cabdebdacd38f85ada6bb0d1c46b6bfd10c72a6034f0ee8
              • Opcode Fuzzy Hash: d8537196108c87a9fa2f8cfbaf27823c76662b0fb3a4b7c80152b6b9830ea8aa
              • Instruction Fuzzy Hash: 38019A36510119ABCF129F84EC44EDE7F66FB4C764F058105FE1866620C376D970EB81
              Function 0119C0F0 Relevance: .0, Instructions: 39COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: da5796353fd8b2cc132d0295b909633a5de9baf0cb458654926ee3d292cb417d
              • Instruction ID: 4c92cbb6a5493be10e36844ae55a93952490bf9779e3eb86499b9bfc0a375d0d
              • Opcode Fuzzy Hash: da5796353fd8b2cc132d0295b909633a5de9baf0cb458654926ee3d292cb417d
              • Instruction Fuzzy Hash: D6F024B22042419BFB1C96198D01B3236AAF7D0650F66803AEB558B3C1EB70DC0183D9
              Function 011D656A Relevance: .0, Instructions: 39COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: abcde1e9e0bb7b8b25db1e462c7ad0391ec8bfc97a8d8e0f4d65ac4df0f67767
              • Instruction ID: b79fa18b9a7d750f4a287223f28645ad9e51fc659feec9318cb92a3a55902387
              • Opcode Fuzzy Hash: abcde1e9e0bb7b8b25db1e462c7ad0391ec8bfc97a8d8e0f4d65ac4df0f67767
              • Instruction Fuzzy Hash: 0601A470610AC29BE72AEB6CCD48B6937E8BB50B44F980590FA05CB6DAD76CD441C210
              Function 0124437C Relevance: .0, Instructions: 37COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
              • Instruction ID: 873e7463024356f7db64e6570887535b7fe360a0c31e55ce74534a8887348a27
              • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
              • Instruction Fuzzy Hash: 57F0E93336199347E77EBB2D8410B2AAE96AF90D00B25052CA742CB640DF60DD408780
              Function 0122E872 Relevance: .0, Instructions: 36COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
              • Instruction ID: b09f7077bc02788eddbc58f3a0319f2630d062c03d2ec119b84ec8e582ce0bca
              • Opcode Fuzzy Hash: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
              • Instruction Fuzzy Hash: 36F05433731522ABD3259A4ECC80F5AB768AFD5A60F5A0065E7549B274C7A0EC0297D1
              Function 0122C89D Relevance: .0, Instructions: 36COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 55fd4afefd8625b144c588d870ff5bff0e3728aace9f30d132c1ef73c126911a
              • Instruction ID: 2ac991cc0dafb852658dba777b8985486636ddd4e548ff87aa0ebaa7ba8ab2b0
              • Opcode Fuzzy Hash: 55fd4afefd8625b144c588d870ff5bff0e3728aace9f30d132c1ef73c126911a
              • Instruction Fuzzy Hash: FCF0AF70625704AFC314EF68C846A1EBBE4FF98714F40865AB898DB390E634EA10C796
              Function 011D0854 Relevance: .0, Instructions: 35COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
              • Instruction ID: e56893a78887f2139e53e2ab6a1cad0c1b6a59a25dff96d8a31ce19c1026e53c
              • Opcode Fuzzy Hash: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
              • Instruction Fuzzy Hash: 93F0B472A10204AFE719DB25CD05F97B6E9EF9C344F158078A545D7160FBB0ED41C754
              Function 0122C912 Relevance: .0, Instructions: 34COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 31e7bb03d9b9eec8fb54c40cda2542160442a77580d8e912fd985a7f3c7db843
              • Instruction ID: 8ac5b1ed8b80b90ec214cc25c1cce0e351c280368892c5e8e522bfb2cfdaf03d
              • Opcode Fuzzy Hash: 31e7bb03d9b9eec8fb54c40cda2542160442a77580d8e912fd985a7f3c7db843
              • Instruction Fuzzy Hash: 41F0AF70A10209AFCB04EFA9D555AAEB7F4EF18304F008055E915EB385DA34EA01CB50
              Function 011A47FB Relevance: .0, Instructions: 33COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2fa87b364d78e22c2a4642971edefd817ed2d1a110477c5026488e2d96ef3c3a
              • Instruction ID: d26c028cd7022b1b4d3df033b372cf5342cc63de22ece26642032502877b5f8c
              • Opcode Fuzzy Hash: 2fa87b364d78e22c2a4642971edefd817ed2d1a110477c5026488e2d96ef3c3a
              • Instruction Fuzzy Hash: 9BF024399122E09FE73ACBECE044B217FD49B00630F8D886AC54983D22C3A0E880C641
              Function 01260115 Relevance: .0, Instructions: 32COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0e4d74f6ea6480712f15f8e7a3d4893781d1381483be72e96b37837ffc6767d8
              • Instruction ID: b3499159b9e7b58b47c526c67ee0cb3920f875c11bb7ab1329ad2197bcafab24
              • Opcode Fuzzy Hash: 0e4d74f6ea6480712f15f8e7a3d4893781d1381483be72e96b37837ffc6767d8
              • Instruction Fuzzy Hash: B9F05C274367C68ADF325B3C74943E17F98A741014F1910C5E9A157249C57494C3D328
              Function 011DC5ED Relevance: .0, Instructions: 31COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 44a8be89799277fbca00636da681b398445f55bb93c9de0779d559e942397dc8
              • Instruction ID: 16d87de1974976cafe59f0d6b07725050b3e0f23415d5871cf0ea6ec90194cff
              • Opcode Fuzzy Hash: 44a8be89799277fbca00636da681b398445f55bb93c9de0779d559e942397dc8
              • Instruction Fuzzy Hash: C8F0E2715216919FE32E972CC148B61BBE49B417A4F1D9D2DE50687712C360E880CAD1
              Function 011E2619 Relevance: .0, Instructions: 31COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
              • Instruction ID: 779f300876d84fcdc6aeff75d1108ce3ee497bdb554af0fca6f3481119ec1140
              • Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
              • Instruction Fuzzy Hash: 3DE0D872340A012BE7269F99CCD4F477BAEDFD6B14F040479B9045F252CBE2DD0986A4
              Function 01236030 Relevance: .0, Instructions: 29COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
              • Instruction ID: 591d4eda385bad5ef772d39670dace6bd4aec4cfd601a92432166883ccc1d848
              • Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
              • Instruction Fuzzy Hash: 9EF030B2124204AFE3218F09D985F52F7FDFB45364F45C025E6099B561D37AED40CBA4
              Function 011A0710 Relevance: .0, Instructions: 28COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
              • Instruction ID: 871f3c54677bb85ca36199ed0748bcda8fc82dbedceeee9d5e034a8a8556b76e
              • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
              • Instruction Fuzzy Hash: 1DF0E5392057459BDB1ECF59C040AE57FA4FB45360B010058FD828B311D731E982CB52
              Function 011D49D0 Relevance: .0, Instructions: 28COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
              • Instruction ID: b385afa407a442c0c2723c479536afbb81fb8e600724b4ef632201738e7a4fe2
              • Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
              • Instruction Fuzzy Hash: C9E0D832244155ABD7395A59C800B6677A6DBD07A0F160429E2428BD54DB70DC40C7DA
              Function 01274164 Relevance: .0, Instructions: 27COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 44a2050224dea9a091c0a8e2a06ffb2bd38a642ad79c7b9054b851b15864ea4c
              • Instruction ID: bd30295a1cdee6a7144ea5545b522ae2d5b7a078df509959ff0bdfe8f3f6f7d5
              • Opcode Fuzzy Hash: 44a2050224dea9a091c0a8e2a06ffb2bd38a642ad79c7b9054b851b15864ea4c
              • Instruction Fuzzy Hash: 2FF0E531A355D24FE772F72CF280B5377E0AB10630F0A0554D50087912C330DC40C650
              Function 0124678E Relevance: .0, Instructions: 27COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
              • Instruction ID: c0ee2a4717a231da8ed93b3709807d12888a305ef82410f6a733c0f00ee45bae
              • Opcode Fuzzy Hash: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
              • Instruction Fuzzy Hash: 62E0D832640210BBEB2997598D01F9ABEADDB50E94F150054B600D7094D630DE00C690
              Function 012708C0 Relevance: .0, Instructions: 25COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
              • Instruction ID: 4014adbd56b54c145622310901c67d778902e5a40f371d1ad239355948cb6844
              • Opcode Fuzzy Hash: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
              • Instruction Fuzzy Hash: E9E09B316503518BCB258A1DC141A63B7E8DF97760F15806DEE0547612C271F856C6D4
              Function 011A25E0 Relevance: .0, Instructions: 23COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 936abbf66b33a65cf7eb4edfbc2102202ca574b0c5a93621104b5c7b8f7193b9
              • Instruction ID: 76ca31e020ceb4db01c173a4e301741ef81975cc7fa2b3743d6ebfadee577652
              • Opcode Fuzzy Hash: 936abbf66b33a65cf7eb4edfbc2102202ca574b0c5a93621104b5c7b8f7193b9
              • Instruction Fuzzy Hash: 59E0D8321009549BC725FF69DD05F8B7BDAEF64368F014515F11957590CB74AC10C7C4
              Function 0125A456 Relevance: .0, Instructions: 23COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
              • Instruction ID: 48c38ea3d9719f1141f47f364a2939d5a5a9a143f28a23d1fdfe5c62aa46b7cb
              • Opcode Fuzzy Hash: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
              • Instruction Fuzzy Hash: 48E09231020A52DFE77A6F6AC888B527EE0FF50715F148D2DE196124B0C7B598D1CA40
              Function 01224000 Relevance: .0, Instructions: 22COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
              • Instruction ID: 7416aec93ec998349377bf3b2874bb97a7ff6af446ee956a61f3444db0b52e3f
              • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
              • Instruction Fuzzy Hash: 1EE0C2343103569FE719DF1AC040B667BB6BFD5A10F28C068EA488F205EB36E982CB40
              Function 011DCA38 Relevance: .0, Instructions: 22COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4b9a934755ba25c5803f6a18690a260854be1b2f0847ae0b79f0d335e19105cc
              • Instruction ID: 13b4a8ffa19a2233c9dd4e79bbc4172e058dff8b14ce3d1d8b9afbfd127879f0
              • Opcode Fuzzy Hash: 4b9a934755ba25c5803f6a18690a260854be1b2f0847ae0b79f0d335e19105cc
              • Instruction Fuzzy Hash: 49D02B324D10306ACB7EE218BC44FD33A5A9B64620F024C69F10892010E714DC81D6C4
              Function 0119823B Relevance: .0, Instructions: 21COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
              • Instruction ID: 186775983f7034e9df1de355c4df60a4d409cacbdc06691c587069725b1eaf06
              • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
              • Instruction Fuzzy Hash: 7AE0C232444A18EFDF3E2F69DC14F5176F5FF55F14F21486AE091060A487B4AC82CB45
              Function 011A2050 Relevance: .0, Instructions: 20COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 22d213be1995998829f1898756877c6f0cdee4a82c97f43eef486adc9414ebdd
              • Instruction ID: a6933ab9c383bdbcdc777dae34f8f698886c63714e58b2eeac591eaf60770a5e
              • Opcode Fuzzy Hash: 22d213be1995998829f1898756877c6f0cdee4a82c97f43eef486adc9414ebdd
              • Instruction Fuzzy Hash: 8AE08C321004506BC215FA5DED40E8A779AEBA5264F440121F15487694CB74AC11C794
              Function 011D8A90 Relevance: .0, Instructions: 20COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
              • Instruction ID: b4dd8f87134511f8036f8f3d7d1461ca69eb543adaf2b13c81ed1f0d214dd925
              • Opcode Fuzzy Hash: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
              • Instruction Fuzzy Hash: DBE08633111A1487C72CDE18D511B7277A4EF45720F09463EE61347780C634F544C795
              Function 011DE59C Relevance: .0, Instructions: 16COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
              • Instruction ID: e2b2e6075d3619cb0e1932a7a3067f50f0a4ef949ab5cd52ab2a68a1b89ef19b
              • Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
              • Instruction Fuzzy Hash: 8BD0A932224620ABDB72AA1CFC00FC333E8BB98B24F06045AF018C7054C360AC82CA84
              Function 0121E908 Relevance: .0, Instructions: 16COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
              • Instruction ID: 33c3c8071b1bf5650573afa578b57071f8791511bd440435e72472a7eb0399c7
              • Opcode Fuzzy Hash: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
              • Instruction Fuzzy Hash: 88E08C359206819BCF17DF99CA40F4ABBF5BB90B00F190044E5085B224C334A800CB40
              Function 0119A0E3 Relevance: .0, Instructions: 15COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
              • Instruction ID: d415f3e0840b2bfecca1ee53f3f470e43c1cdac106851a6d74944c26a4754fd2
              • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
              • Instruction Fuzzy Hash: EFD0223232203093CF2C56957800FA36909EF81A94F0A002D741A93800C2148C43C2E0
              Function 011DA830 Relevance: .0, Instructions: 14COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
              • Instruction ID: 2215f4073f4eaf0c304f41da2140ec3e9592ef2ad91c72f568595e0c0b4f307d
              • Opcode Fuzzy Hash: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
              • Instruction Fuzzy Hash: 61D022370E010CBBCB119FA2CC01F903BA8E760BA0F004020F504870A0C63AE860C580
              Function 011DCA24 Relevance: .0, Instructions: 14COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a9cd06b5136aaea38b42ba06496b397c38701effe79566338b148e37d8b3d86f
              • Instruction ID: 6a16eb5633c411da0f649652bd8cd233550ab131b123271ad6991d7e97a545b6
              • Opcode Fuzzy Hash: a9cd06b5136aaea38b42ba06496b397c38701effe79566338b148e37d8b3d86f
              • Instruction Fuzzy Hash: 67D0A9306A1002CFDF2ECF88CA90E7E3AF0FB30640B40006CE700A2428E328FC02CA80
              Function 011B02A0 Relevance: .0, Instructions: 13COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
              • Instruction ID: f3d36b1941d0283d60d78174b74be604e97dce3f1180083d34cf692098417e47
              • Opcode Fuzzy Hash: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
              • Instruction Fuzzy Hash: 53D0C935222E80CFD71BCB0CC5A4B5633B4BB48B44F8144D0F501CBB62D76CD984CA00
              Function 011DC700 Relevance: .0, Instructions: 12COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
              • Instruction ID: 952346be73e4e5826205b98dab789a5e75c1859fb2631e7303dc0368a1832ca4
              • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
              • Instruction Fuzzy Hash: 71C012322A0648AFC716AA99CD41F427BA9EBA8B40F000022F2048B670C631E821EA84
              Function 011C0310 Relevance: .0, Instructions: 11COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
              • Instruction ID: 74a1d415ef1bd7943b137273ff97da689999080981b6c8aac42a37e4205048bb
              • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
              • Instruction Fuzzy Hash: B2D01236100248EFCB05DF41C890D9A772AFBD8F10F109019FD19077108A31ED63DA50
              Function 011A0750 Relevance: .0, Instructions: 9COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
              • Instruction ID: 9eb856c8be26e99e2fafe2d9786fb043d6547eff428a2bf1c442a1f55a593680
              • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
              • Instruction Fuzzy Hash: A0C04879712A428FCF1ADF2AD6D4F8977E4FB44754F160890E909CBB22E724E811CA10
              Function 011E2890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
              Download Yara Rule
              APIs
              Strings
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID: ___swprintf_l
              • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
              • API String ID: 48624451-2108815105
              • Opcode ID: def4202602b1acee81080f0b760c011acb8805770da7124a3572bd59ae0df238
              • Instruction ID: 1d9eb0c0cc8fde56147b142742b253ed1895fd0c7eeebc46e2bf7f0b340977fe
              • Opcode Fuzzy Hash: def4202602b1acee81080f0b760c011acb8805770da7124a3572bd59ae0df238
              • Instruction Fuzzy Hash: 265106B6A04556BFCB29DBAC88A497EFBFCBB582407148129F565D3642E374DE00C7A0
              Function 01252410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
              Download Yara Rule
              APIs
              Strings
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID: ___swprintf_l
              • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
              • API String ID: 48624451-2108815105
              • Opcode ID: d837c42102a10df4efa33d92a2b9f778653712050e57f724a271df3e04ebd5ce
              • Instruction ID: 0554a2b3c0cdd5e028e410d7a83775387c2b36aa5f31b51248965fde05a8310d
              • Opcode Fuzzy Hash: d837c42102a10df4efa33d92a2b9f778653712050e57f724a271df3e04ebd5ce
              • Instruction Fuzzy Hash: 11510875A10646EECF78DF6CC8D097FBBF9EB44204B048459EAA6D7682D7B4DA008760
              Function 011D7630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
              Download Yara Rule
              Strings
              • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 01214742
              • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 01214655
              • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 012146FC
              • Execute=1, xrefs: 01214713
              • CLIENT(ntdll): Processing section info %ws..., xrefs: 01214787
              • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 01214725
              • ExecuteOptions, xrefs: 012146A0
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
              • API String ID: 0-484625025
              • Opcode ID: 820798f559021f54047e1240830bc9c63ea58c9c38393cc028d27385d7bf7bca
              • Instruction ID: eff885abb795704ec3862f937e3a431aec985fdb69222bc4215c45f6a6fd9637
              • Opcode Fuzzy Hash: 820798f559021f54047e1240830bc9c63ea58c9c38393cc028d27385d7bf7bca
              • Instruction Fuzzy Hash: 38514C31A0021A7AEF29EBA8EC89FFE77F8EF14708F040599D605A71C1E7709A418F50
              Function 01276940 Relevance: 9.4, APIs: 6, Instructions: 416COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
              • Instruction ID: 06ac9a9d2283036915908bd4e3d1c8ef8ddd4cb12f47608ae9f082a0cfebde30
              • Opcode Fuzzy Hash: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
              • Instruction Fuzzy Hash: E7024571518742AFE309CF18C494E6BBBE5EFD8704F44892DFA899B260DB31E905CB52
              Function 011EB5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
              Download Yara Rule
              APIs
              Strings
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID: __aulldvrm
              • String ID: +$-$0$0
              • API String ID: 1302938615-699404926
              • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
              • Instruction ID: 3850db725296d21684265c96447fa09c44c78f1ec168be2b39dfd5bd74169e1f
              • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
              • Instruction Fuzzy Hash: 2481E370E49A498EEF2D8EECC459BFEBBF1AF45310F18411AD851A76D1C7308840CB59
              Function 012520E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
              Download Yara Rule
              APIs
              Strings
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID: ___swprintf_l
              • String ID: %%%u$[$]:%u
              • API String ID: 48624451-2819853543
              • Opcode ID: 254ebcee32aa0dbaff9afbf4b93c76fe24c1831440e2a0bed6c138f566af83fa
              • Instruction ID: 457a6fab847642a9882eef2b26aa91aaa8337bf381d281d1ffcb39c2d895261c
              • Opcode Fuzzy Hash: 254ebcee32aa0dbaff9afbf4b93c76fe24c1831440e2a0bed6c138f566af83fa
              • Instruction Fuzzy Hash: 6D21837AA1011AEBDB14DFB9DC84ABFBBE8AF54644F04411AEE15E3241E730D9018BA0
              Function 011CF5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
              Download Yara Rule
              Strings
              • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 012102BD
              • RTL: Re-Waiting, xrefs: 0121031E
              • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 012102E7
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
              • API String ID: 0-2474120054
              • Opcode ID: aeb1e24b932acacd6d02ca8fc1e17fae2329434d43625f188667729c56b1f24f
              • Instruction ID: c12e12831146314cfad4fd2c6bce431088c7df0fb45c07790594d40950751fe1
              • Opcode Fuzzy Hash: aeb1e24b932acacd6d02ca8fc1e17fae2329434d43625f188667729c56b1f24f
              • Instruction Fuzzy Hash: E1E1CF306147429FD729CF28C884B6ABBE1BBA4B14F140A2DF6A5CB2D1D774D946CB42
              Function 011DBED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
              Download Yara Rule
              Strings
              • RTL: Re-Waiting, xrefs: 01217BAC
              • RTL: Resource at %p, xrefs: 01217B8E
              • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 01217B7F
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
              • API String ID: 0-871070163
              • Opcode ID: e8a8586dd81fc1e1a8274f2faeae93d3479d3e2719b8f652122eb9dde7fb767e
              • Instruction ID: 2a90bfaeba65498f1064431fa07bce6f8a05e1dae3194fee0a772c4f2df00c18
              • Opcode Fuzzy Hash: e8a8586dd81fc1e1a8274f2faeae93d3479d3e2719b8f652122eb9dde7fb767e
              • Instruction Fuzzy Hash: 8B41E3313047039FDB28DE29C840B6AB7E5EF9A710F110A2DFA5AD7680DB31E505CB96
              Function 011DB4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
              Download Yara Rule
              APIs
              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0121728C
              Strings
              • RTL: Re-Waiting, xrefs: 012172C1
              • RTL: Resource at %p, xrefs: 012172A3
              • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 01217294
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
              • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
              • API String ID: 885266447-605551621
              • Opcode ID: 8f5011073c13d7384c1f5defa73d98b6211daef68685a7e6a00809854354f88a
              • Instruction ID: cf2a398d047ef6cc06a0c8df2bb6f183d0f43d9d40cc4fd0982ef8f79699acec
              • Opcode Fuzzy Hash: 8f5011073c13d7384c1f5defa73d98b6211daef68685a7e6a00809854354f88a
              • Instruction Fuzzy Hash: DE411231714603ABC724DE29CC41BAAB7E5FBA5710F210619FA569B240DB31E8028BD5
              Function 01252300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
              Download Yara Rule
              APIs
              Strings
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID: ___swprintf_l
              • String ID: %%%u$]:%u
              • API String ID: 48624451-3050659472
              • Opcode ID: 6b2d76b75f5168d3551ed2bed41708155dee48d11f078e8d8be5d397fa1d3efe
              • Instruction ID: 3c50d6e072951bc90175bb66d17d311f61d95d5d22b699f7989b943ff8de4a86
              • Opcode Fuzzy Hash: 6b2d76b75f5168d3551ed2bed41708155dee48d11f078e8d8be5d397fa1d3efe
              • Instruction Fuzzy Hash: 80319A72A10119EFDB64DF2DDC80BEE77F8EF54610F440559ED49E3141EB309A488B60
              Function 011E7D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
              Download Yara Rule
              APIs
              Strings
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID: __aulldvrm
              • String ID: +$-
              • API String ID: 1302938615-2137968064
              • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
              • Instruction ID: 649128a9332493d380c5c3257d7a8f759753e6c9537132f3fa2544121e5fdda1
              • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
              • Instruction Fuzzy Hash: 3891A471E00A169AFB2CDFEDC8986BEBBE5FF44720F14451AE965E72C0D73089418792
              Function 011A9126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000004.00000002.2324721299.0000000001170000.00000040.00001000.00020000.00000000.sdmp, Offset: 01170000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_4_2_1170000_SecuriteInfo.jbxd
              Similarity
              • API ID:
              • String ID: $$@
              • API String ID: 0-1194432280
              • Opcode ID: ef610bd8e827249d9f79633f4ac32020e9aad294c294ab736ecfb449e342d40d
              • Instruction ID: 0b380e452ea2964359e6ecbce5fc3db6ff62986d4630ebacfcc0b364d0be2f9e
              • Opcode Fuzzy Hash: ef610bd8e827249d9f79633f4ac32020e9aad294c294ab736ecfb449e342d40d
              • Instruction Fuzzy Hash: 1E812C75D10269DBDB36DB54CC45BEEBBB8AB08714F0041EAEA19B7281D7705E84CFA0