Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SPA-198-2024.exe

Overview

General Information

Sample name:SPA-198-2024.exe
Analysis ID:1544859
MD5:018636d5cf9775c57e733e0f8f8de8a1
SHA1:ea30ceaf5fd685557e735c704953e367c11914cc
SHA256:04dab42e8f694a3fac6b3ea2532462e89e9118c928545710a872d34874376a49
Tags:exeuser-threatcat_ch
Infos:

Detection

FormBook
Score:80
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Yara detected AntiVM3
Yara detected FormBook
.NET source code contains potential unpacker
AI detected suspicious sample
Injects a PE file into a foreign processes
Machine Learning detection for sample
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • SPA-198-2024.exe (PID: 6228 cmdline: "C:\Users\user\Desktop\SPA-198-2024.exe" MD5: 018636D5CF9775C57E733E0F8F8DE8A1)
    • SPA-198-2024.exe (PID: 1776 cmdline: "C:\Users\user\Desktop\SPA-198-2024.exe" MD5: 018636D5CF9775C57E733E0F8F8DE8A1)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000003.00000002.2283198015.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000003.00000002.2284492644.0000000001D90000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      Process Memory Space: SPA-198-2024.exe PID: 6228JoeSecurity_AntiVM_3Yara detected AntiVM_3Joe Security

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        3.2.SPA-198-2024.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          3.2.SPA-198-2024.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security

            Sigma Signatures

            No Sigma rule has matched

            Suricata Signatures

            No Suricata rule has matched

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Multi AV Scanner detection for submitted file
            Source: SPA-198-2024.exeReversingLabs: Detection: 57%
            Yara detected FormBook
            Source: Yara matchFile source: 3.2.SPA-198-2024.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 3.2.SPA-198-2024.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000003.00000002.2283198015.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.2284492644.0000000001D90000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
            AI detected suspicious sample
            Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
            Machine Learning detection for sample
            Source: SPA-198-2024.exeJoe Sandbox ML: detected
            Source: SPA-198-2024.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: SPA-198-2024.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: Binary string: oybO.pdb source: SPA-198-2024.exe
            Source: Binary string: wntdll.pdbUGP source: SPA-198-2024.exe, 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: SPA-198-2024.exe, SPA-198-2024.exe, 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: oybO.pdbSHA256s source: SPA-198-2024.exe
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 4x nop then jmp 027B4500h0_2_027B3B4F
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 4x nop then jmp 027B4500h0_2_027B3F00

            E-Banking Fraud

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 3.2.SPA-198-2024.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 3.2.SPA-198-2024.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000003.00000002.2283198015.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.2284492644.0000000001D90000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_0042C433 NtClose,3_2_0042C433
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_0040A9E3 NtAllocateVirtualMemory,3_2_0040A9E3
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AB35C0 NtCreateMutant,LdrInitializeThunk,3_2_01AB35C0
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AB2DF0 NtQuerySystemInformation,LdrInitializeThunk,3_2_01AB2DF0
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AB2C70 NtFreeVirtualMemory,LdrInitializeThunk,3_2_01AB2C70
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AB3090 NtSetValueKey,3_2_01AB3090
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AB3010 NtOpenDirectoryObject,3_2_01AB3010
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AB4340 NtSetContextThread,3_2_01AB4340
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AB4650 NtSuspendThread,3_2_01AB4650
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AB39B0 NtGetContextThread,3_2_01AB39B0
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AB2BA0 NtEnumerateValueKey,3_2_01AB2BA0
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AB2B80 NtQueryInformationFile,3_2_01AB2B80
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AB2BE0 NtQueryValueKey,3_2_01AB2BE0
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AB2BF0 NtAllocateVirtualMemory,3_2_01AB2BF0
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AB2B60 NtClose,3_2_01AB2B60
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AB2AB0 NtWaitForSingleObject,3_2_01AB2AB0
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AB2AF0 NtWriteFile,3_2_01AB2AF0
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AB2AD0 NtReadFile,3_2_01AB2AD0
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AB2DB0 NtEnumerateKey,3_2_01AB2DB0
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AB2DD0 NtDelayExecution,3_2_01AB2DD0
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AB2D30 NtUnmapViewOfSection,3_2_01AB2D30
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AB2D00 NtSetInformationFile,3_2_01AB2D00
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AB2D10 NtMapViewOfSection,3_2_01AB2D10
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AB3D10 NtOpenProcessToken,3_2_01AB3D10
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AB3D70 NtOpenThread,3_2_01AB3D70
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AB2CA0 NtQueryInformationToken,3_2_01AB2CA0
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AB2CF0 NtOpenProcess,3_2_01AB2CF0
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AB2CC0 NtQueryVirtualMemory,3_2_01AB2CC0
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AB2C00 NtQueryInformationProcess,3_2_01AB2C00
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AB2C60 NtCreateKey,3_2_01AB2C60
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AB2FA0 NtQuerySection,3_2_01AB2FA0
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AB2FB0 NtResumeThread,3_2_01AB2FB0
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AB2F90 NtProtectVirtualMemory,3_2_01AB2F90
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AB2FE0 NtCreateFile,3_2_01AB2FE0
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AB2F30 NtCreateSection,3_2_01AB2F30
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AB2F60 NtCreateProcessEx,3_2_01AB2F60
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AB2EA0 NtAdjustPrivilegesToken,3_2_01AB2EA0
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AB2E80 NtReadVirtualMemory,3_2_01AB2E80
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AB2EE0 NtQueueApcThread,3_2_01AB2EE0
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AB2E30 NtWriteVirtualMemory,3_2_01AB2E30
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 0_2_00EAEF040_2_00EAEF04
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 0_2_027B53C80_2_027B53C8
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 0_2_027B00400_2_027B0040
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 0_2_027B00070_2_027B0007
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 0_2_027B20980_2_027B2098
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 0_2_027B20880_2_027B2088
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 0_2_027B16E80_2_027B16E8
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 0_2_029500060_2_02950006
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 0_2_029500400_2_02950040
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_004011103_2_00401110
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_0040E13B3_2_0040E13B
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_0042EAD33_2_0042EAD3
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_004023703_2_00402370
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_0040FCC33_2_0040FCC3
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_004166133_2_00416613
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_0040FEE33_2_0040FEE3
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_0040DF633_2_0040DF63
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_004027103_2_00402710
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_00402FD03_2_00402FD0
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A8B1B03_2_01A8B1B0
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B401AA3_2_01B401AA
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B381CC3_2_01B381CC
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A701003_2_01A70100
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B1A1183_2_01B1A118
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AB516C3_2_01AB516C
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A6F1723_2_01A6F172
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B4B16B3_2_01B4B16B
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B081583_2_01B08158
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B3F0E03_2_01B3F0E0
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B370E93_2_01B370E9
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A870C03_2_01A870C0
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B2F0CC3_2_01B2F0CC
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AC739A3_2_01AC739A
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B403E63_2_01B403E6
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A8E3F03_2_01A8E3F0
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B3132D3_2_01B3132D
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B3A3523_2_01B3A352
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A6D34C3_2_01A6D34C
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A852A03_2_01A852A0
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B212ED3_2_01B212ED
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A9B2C03_2_01A9B2C0
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B002C03_2_01B002C0
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B202743_2_01B20274
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B1D5B03_2_01B1D5B0
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B405913_2_01B40591
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A805353_2_01A80535
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B375713_2_01B37571
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B2E4F63_2_01B2E4F6
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B3F43F3_2_01B3F43F
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A714603_2_01A71460
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B324463_2_01B32446
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B3F7B03_2_01B3F7B0
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A7C7C03_2_01A7C7C0
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A807703_2_01A80770
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AA47503_2_01AA4750
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A9C6E03_2_01A9C6E0
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B316CC3_2_01B316CC
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A829A03_2_01A829A0
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B4A9A63_2_01B4A9A6
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A969623_2_01A96962
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A899503_2_01A89950
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A9B9503_2_01A9B950
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A668B83_2_01A668B8
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A838E03_2_01A838E0
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AAE8F03_2_01AAE8F0
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AED8003_2_01AED800
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A828403_2_01A82840
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A8A8403_2_01A8A840
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A9FB803_2_01A9FB80
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01ABDBF93_2_01ABDBF9
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AF5BF03_2_01AF5BF0
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B36BD73_2_01B36BD7
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B3FB763_2_01B3FB76
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B3AB403_2_01B3AB40
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AC5AA03_2_01AC5AA0
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B1DAAC3_2_01B1DAAC
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A7EA803_2_01A7EA80
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B2DAC63_2_01B2DAC6
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AF3A6C3_2_01AF3A6C
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B37A463_2_01B37A46
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B3FA493_2_01B3FA49
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A98DBF3_2_01A98DBF
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A7ADE03_2_01A7ADE0
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A9FDC03_2_01A9FDC0
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A8AD003_2_01A8AD00
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B37D733_2_01B37D73
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A83D403_2_01A83D40
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B31D5A3_2_01B31D5A
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B20CB53_2_01B20CB5
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B3FCF23_2_01B3FCF2
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A70CF23_2_01A70CF2
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AF9C323_2_01AF9C32
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A80C003_2_01A80C00
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B3FFB13_2_01B3FFB1
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AFEFA03_2_01AFEFA0
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A81F923_2_01A81F92
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A8CFE03_2_01A8CFE0
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A72FC83_2_01A72FC8
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AC2F283_2_01AC2F28
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AA0F303_2_01AA0F30
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B3FF093_2_01B3FF09
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AF4F403_2_01AF4F40
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A89EB03_2_01A89EB0
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B3CE933_2_01B3CE93
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A92E903_2_01A92E90
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B3EEDB3_2_01B3EEDB
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B3EE263_2_01B3EE26
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A80E593_2_01A80E59
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: String function: 01AEEA12 appears 86 times
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: String function: 01AB5130 appears 36 times
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: String function: 01A6B970 appears 268 times
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: String function: 01AFF290 appears 105 times
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: String function: 01AC7E54 appears 96 times
            Source: SPA-198-2024.exe, 00000000.00000002.2181939617.000000000B2C0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs SPA-198-2024.exe
            Source: SPA-198-2024.exe, 00000000.00000000.2139402540.000000000051C000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameoybO.exe( vs SPA-198-2024.exe
            Source: SPA-198-2024.exe, 00000000.00000002.2174558261.0000000000C4E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs SPA-198-2024.exe
            Source: SPA-198-2024.exe, 00000003.00000002.2283692332.0000000001B6D000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs SPA-198-2024.exe
            Source: SPA-198-2024.exeBinary or memory string: OriginalFilenameoybO.exe( vs SPA-198-2024.exe
            Source: SPA-198-2024.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: SPA-198-2024.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: 0.2.SPA-198-2024.exe.b2c0000.4.raw.unpack, mGaZqb0uhBVCNQDgWe.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.SPA-198-2024.exe.44c1f48.1.raw.unpack, adeKN0qSDhwrLpRHG8.csSecurity API names: _0020.SetAccessControl
            Source: 0.2.SPA-198-2024.exe.44c1f48.1.raw.unpack, adeKN0qSDhwrLpRHG8.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.SPA-198-2024.exe.44c1f48.1.raw.unpack, adeKN0qSDhwrLpRHG8.csSecurity API names: _0020.AddAccessRule
            Source: 0.2.SPA-198-2024.exe.443a128.0.raw.unpack, mGaZqb0uhBVCNQDgWe.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.SPA-198-2024.exe.443a128.0.raw.unpack, adeKN0qSDhwrLpRHG8.csSecurity API names: _0020.SetAccessControl
            Source: 0.2.SPA-198-2024.exe.443a128.0.raw.unpack, adeKN0qSDhwrLpRHG8.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.SPA-198-2024.exe.443a128.0.raw.unpack, adeKN0qSDhwrLpRHG8.csSecurity API names: _0020.AddAccessRule
            Source: 0.2.SPA-198-2024.exe.b2c0000.4.raw.unpack, adeKN0qSDhwrLpRHG8.csSecurity API names: _0020.SetAccessControl
            Source: 0.2.SPA-198-2024.exe.b2c0000.4.raw.unpack, adeKN0qSDhwrLpRHG8.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.SPA-198-2024.exe.b2c0000.4.raw.unpack, adeKN0qSDhwrLpRHG8.csSecurity API names: _0020.AddAccessRule
            Source: 0.2.SPA-198-2024.exe.44c1f48.1.raw.unpack, mGaZqb0uhBVCNQDgWe.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: classification engineClassification label: mal80.troj.evad.winEXE@3/1@0/0
            Source: C:\Users\user\Desktop\SPA-198-2024.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SPA-198-2024.exe.logJump to behavior
            Source: C:\Users\user\Desktop\SPA-198-2024.exeMutant created: NULL
            Source: SPA-198-2024.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: SPA-198-2024.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
            Source: C:\Users\user\Desktop\SPA-198-2024.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: SPA-198-2024.exeReversingLabs: Detection: 57%
            Source: unknownProcess created: C:\Users\user\Desktop\SPA-198-2024.exe "C:\Users\user\Desktop\SPA-198-2024.exe"
            Source: C:\Users\user\Desktop\SPA-198-2024.exeProcess created: C:\Users\user\Desktop\SPA-198-2024.exe "C:\Users\user\Desktop\SPA-198-2024.exe"
            Source: C:\Users\user\Desktop\SPA-198-2024.exeProcess created: C:\Users\user\Desktop\SPA-198-2024.exe "C:\Users\user\Desktop\SPA-198-2024.exe"Jump to behavior
            Source: C:\Users\user\Desktop\SPA-198-2024.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Users\user\Desktop\SPA-198-2024.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\Desktop\SPA-198-2024.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\SPA-198-2024.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\SPA-198-2024.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\SPA-198-2024.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\SPA-198-2024.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\SPA-198-2024.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\SPA-198-2024.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\SPA-198-2024.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\SPA-198-2024.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\Desktop\SPA-198-2024.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Users\user\Desktop\SPA-198-2024.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Users\user\Desktop\SPA-198-2024.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\Desktop\SPA-198-2024.exeSection loaded: dwrite.dllJump to behavior
            Source: C:\Users\user\Desktop\SPA-198-2024.exeSection loaded: textshaping.dllJump to behavior
            Source: C:\Users\user\Desktop\SPA-198-2024.exeSection loaded: windowscodecs.dllJump to behavior
            Source: C:\Users\user\Desktop\SPA-198-2024.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\SPA-198-2024.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\Desktop\SPA-198-2024.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\SPA-198-2024.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\SPA-198-2024.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
            Source: C:\Users\user\Desktop\SPA-198-2024.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
            Source: SPA-198-2024.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
            Source: SPA-198-2024.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: SPA-198-2024.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
            Source: Binary string: oybO.pdb source: SPA-198-2024.exe
            Source: Binary string: wntdll.pdbUGP source: SPA-198-2024.exe, 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: SPA-198-2024.exe, SPA-198-2024.exe, 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: oybO.pdbSHA256s source: SPA-198-2024.exe

            Data Obfuscation

            barindex
            .NET source code contains potential unpacker
            Source: 0.2.SPA-198-2024.exe.b2c0000.4.raw.unpack, adeKN0qSDhwrLpRHG8.cs.Net Code: bxV3LGxu8r System.Reflection.Assembly.Load(byte[])
            Source: 0.2.SPA-198-2024.exe.443a128.0.raw.unpack, adeKN0qSDhwrLpRHG8.cs.Net Code: bxV3LGxu8r System.Reflection.Assembly.Load(byte[])
            Source: 0.2.SPA-198-2024.exe.54b0000.3.raw.unpack, Uo.cs.Net Code: _202A_202E_206E_206A_202B_206A_200E_200D_206F_200D_200C_200B_206E_202C_202B_200E_206A_202D_202A_202C_202E_206B_202C_202E_202D_206F_206C_200E_202D_206B_202D_206D_202A_200C_200C_200B_200C_202B_200D_202E_202E System.Reflection.Assembly.Load(byte[])
            Source: 0.2.SPA-198-2024.exe.44c1f48.1.raw.unpack, adeKN0qSDhwrLpRHG8.cs.Net Code: bxV3LGxu8r System.Reflection.Assembly.Load(byte[])
            Source: 0.2.SPA-198-2024.exe.3990b90.2.raw.unpack, Uo.cs.Net Code: _202A_202E_206E_206A_202B_206A_200E_200D_206F_200D_200C_200B_206E_202C_202B_200E_206A_202D_202A_202C_202E_206B_202C_202E_202D_206F_206C_200E_202D_206B_202D_206D_202A_200C_200C_200B_200C_202B_200D_202E_202E System.Reflection.Assembly.Load(byte[])
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_00406155 push ss; retf 3_2_00406160
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_00403270 push eax; ret 3_2_00403272
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_0040227F pushad ; retf 3_2_00402280
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_0040BB30 push eax; ret 3_2_0040BB31
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_0041F3C9 push ss; retf 3_2_0041F3CB
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_00404DCD push ebx; iretd 3_2_00404DD8
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_004066BD push edx; iretd 3_2_004066BF
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_00413F7E pushad ; retf 3_2_00414025
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_00413FC5 pushad ; retf 3_2_00414025
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A709AD push ecx; mov dword ptr [esp], ecx3_2_01A709B6
            Source: SPA-198-2024.exeStatic PE information: section name: .text entropy: 7.916051940850805
            Source: 0.2.SPA-198-2024.exe.b2c0000.4.raw.unpack, Re1omydSctGUoJBUTr.csHigh entropy of concatenated method names: 'oF0XE0lTK4', 'tj6XGTQsiw', 'vZqXd84GrD', 'FR9XrYt50S', 'jDTXUiPuYc', 'hy5Xjvfhc8', 'm87XBWHgyQ', 'K7jXK2KJsE', 'Q1MX9dfj8u', 'GsKXe4kn97'
            Source: 0.2.SPA-198-2024.exe.b2c0000.4.raw.unpack, adeKN0qSDhwrLpRHG8.csHigh entropy of concatenated method names: 'gM9PInwr4k', 'd78PDs4PdZ', 'DyiP6PO99i', 'NfTPFxu96L', 'WKVPfSmpi0', 'NgYPHo85sU', 'aXfP5FY6wY', 'hKgPqFa3HH', 'LsiP2SEwlL', 'E1YP1Nsr4H'
            Source: 0.2.SPA-198-2024.exe.b2c0000.4.raw.unpack, K70SETcjOUOWydl3Vi.csHigh entropy of concatenated method names: 'uf0O1wl0mj', 'OKuOAR7L9V', 'ToString', 'lnZODRAqv8', 'aJ8O6GVhEm', 'KD8OFXTY3n', 'Vw5Of3GMmY', 'E8sOHLUK3g', 'xo3O5UiKT0', 'CjjOqBOHoi'
            Source: 0.2.SPA-198-2024.exe.b2c0000.4.raw.unpack, MyL9WQbPBN5pLHgCkbI.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'PsIWdueJsa', 'hSHWrBtsw1', 'y6iWMpEAV3', 'tHtWcWQWAE', 'r0aWRZZGbL', 'T3GWZHaG92', 'b7IWpQyIkb'
            Source: 0.2.SPA-198-2024.exe.b2c0000.4.raw.unpack, GP8oxI64VGuiEsQl3Q.csHigh entropy of concatenated method names: 'Dispose', 'g35bNYmMlA', 'Tj1nUPXy45', 'HXOSSQxpXv', 'coKburSNuw', 'WFEbzVd4ZJ', 'ProcessDialogKey', 'UHqn4CPwtg', 'DcSnbPGQmo', 'wwLnnnGD1b'
            Source: 0.2.SPA-198-2024.exe.b2c0000.4.raw.unpack, Nqwn7Melarenpb2IX6.csHigh entropy of concatenated method names: 'QvQ5DZTDRm', 'Bil5FtuEil', 'MpN5HYC8tC', 'MdEHuViEXf', 'e36HzYS93K', 'oIL54H2hQO', 'swN5b0wm7G', 'LNH5n4jYai', 'Nhb5P8tQ0k', 'Ak753u96QL'
            Source: 0.2.SPA-198-2024.exe.b2c0000.4.raw.unpack, IxP4DcxZUc3QqEdMfP.csHigh entropy of concatenated method names: 'ApP5lLOQ3N', 'yGl5Qg44ly', 'FPy5LhdrMZ', 'bll5vT9Lns', 'GI45CYYYpd', 'Be95i9kKsI', 'iXW5TnhJGV', 'kI250GONrs', 'Tof5JAcgU0', 'xPf5yqsEnk'
            Source: 0.2.SPA-198-2024.exe.b2c0000.4.raw.unpack, kESCURzqi2SloBB49j.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'JHKao0jhNc', 'RfqaXvNrwK', 'l6Sahlu5tP', 'aEraOqWxbd', 'juUamoAZKT', 'hkPaammi7G', 'zKQaWMC4sf'
            Source: 0.2.SPA-198-2024.exe.b2c0000.4.raw.unpack, cGD1bju1VOVDr5g9UU.csHigh entropy of concatenated method names: 'lfJab8LxR6', 'k1FaPns2II', 'Ihra3DwrJh', 'iIoaDPaskM', 'TLOa6GybSv', 'o5Jaf77di1', 'B8JaHOFEZ0', 'dZOmpJmFJi', 'pnSm7csINt', 'MramNe0jWA'
            Source: 0.2.SPA-198-2024.exe.b2c0000.4.raw.unpack, oKrSNu7w7FEVd4ZJRH.csHigh entropy of concatenated method names: 'Vx1mDHcWjr', 'v5em6o5I3w', 'iFFmFIx85b', 'lDRmfe5hmH', 'vZamHrknPF', 'dRJm5drGxL', 'PZbmqq044j', 'a4Cm2knbie', 'Nd0m1RE0Wf', 'zosmAd87sS'
            Source: 0.2.SPA-198-2024.exe.b2c0000.4.raw.unpack, cTckQWytkSX4SW88bk.csHigh entropy of concatenated method names: 'q9GfC9qvIO', 'soZfTTnSag', 'wP2FjXdapm', 'EHfFB2BDaq', 'mVLFK1tNC9', 'GV1F9kZX9n', 'AA0FeIUplk', 'gjwF8krIXt', 'WEpFxLPNwO', 'b37FEjYLMO'
            Source: 0.2.SPA-198-2024.exe.b2c0000.4.raw.unpack, t46aQgU4PkBHV7amt9.csHigh entropy of concatenated method names: 'VaavotbZctiRlC12Z5q', 's5Xx9XbM2YNCF1wHGtP', 'lbZHmwgEOC', 'FJDHap79A0', 'U7QHWOunhM', 'vQYvETbP8dsKV46xesf', 'QHNMmkbLV0SKbCKSJon'
            Source: 0.2.SPA-198-2024.exe.b2c0000.4.raw.unpack, V4xNdPZPVblcHfeyJp.csHigh entropy of concatenated method names: 'z6oO7LiLhn', 'v3GOu0FJme', 'Jvnm4QLLeg', 'TjCmb5Uy4p', 'gaPOVOXXX6', 'DKpOGUwdQP', 'qfGOs237wJ', 'EHwOdrbEMb', 'jHNOrXaLWp', 'u0iOMuCuyI'
            Source: 0.2.SPA-198-2024.exe.b2c0000.4.raw.unpack, AhqsMis2eqf6v1KUZp.csHigh entropy of concatenated method names: 'Etgo0F4o8C', 'lOQoJd8NLD', 'RCmowmE1lL', 'FjQoURm7dT', 'K56oBxgioB', 'o9NoKSCuLG', 'bvXoehAq2y', 'VP4o8nAjtG', 'enyoE2s91Q', 'lU9oVnQ7xY'
            Source: 0.2.SPA-198-2024.exe.b2c0000.4.raw.unpack, nk7v2hwfmx0qv2PaRH.csHigh entropy of concatenated method names: 'G9RHIBT9QJ', 'T3FH6weUL5', 'q4dHf3gxie', 'jBmH5EhCdr', 'WIlHq6Hqt5', 'VNBfRVVCur', 'FMxfZNqIFv', 'L5BfpBABsd', 'F1Df7yIcbN', 'jKYfN7Y2ja'
            Source: 0.2.SPA-198-2024.exe.b2c0000.4.raw.unpack, mGaZqb0uhBVCNQDgWe.csHigh entropy of concatenated method names: 'v856djA5XX', 'Cph6rd429i', 'afa6MCiAhh', 'dFi6cTdeeR', 'htd6R1AARq', 'yh86ZB91DR', 'DYh6pS1olK', 'YGr67MYhCA', 'V7x6NMmFb9', 'q6t6ufNNxT'
            Source: 0.2.SPA-198-2024.exe.b2c0000.4.raw.unpack, cpYI863Frku2NWsY9W.csHigh entropy of concatenated method names: 'kxAb5GaZqb', 'YhBbqVCNQD', 'wOub15ud8W', 'qyJbAbPTck', 's88bXbkok7', 'A2hbhfmx0q', 'XaVnv1t55qIhwt3yin', 'Ot71uIBr6IH1n93od3', 'IQabbLXZEc', 'hGxbPpd9Ck'
            Source: 0.2.SPA-198-2024.exe.b2c0000.4.raw.unpack, kCPwtgNTcSPGQmokwL.csHigh entropy of concatenated method names: 'DgMmwNpmbv', 'ymvmUuiyuH', 'LixmjZaba6', 'io0mBdWoFD', 'BoHmdO94eC', 'PVomKZVVKD', 'Next', 'Next', 'Next', 'NextBytes'
            Source: 0.2.SPA-198-2024.exe.b2c0000.4.raw.unpack, faTxQkJOu5ud8WOyJb.csHigh entropy of concatenated method names: 'TmSFvtcSty', 'xXsFiEoO9u', 'j9LF0qZQvj', 'BPXFJR0j2k', 'Eh9FXypLha', 'bfYFhJqVht', 'LDFFOkPyo5', 'y3gFma7FaU', 'sMFFaU52HR', 'fF6FW9MIiG'
            Source: 0.2.SPA-198-2024.exe.b2c0000.4.raw.unpack, cJsmM1bbh41fVe4qCxs.csHigh entropy of concatenated method names: 'ToString', 'MHuWPD7JSC', 'R0AW3yv9SL', 'eowWIdZfmj', 'RNpWDMIBfQ', 'N8uW6Ev219', 'aqdWFfSrBY', 'M5GWfV7tHb', 'qYPRPZcDAm4wHYZpfth', 'SYrKxwcH7Vs0WSAX8it'
            Source: 0.2.SPA-198-2024.exe.b2c0000.4.raw.unpack, n1AbHOb4AASn9qP5Zkv.csHigh entropy of concatenated method names: 'ENZalDLhIq', 'ynoaQbS0ym', 'KeMaLBiTmW', 'l5LavYfg9c', 'txGaCc79Ow', 'slBaiR5veS', 'VjmaTFdPTs', 'b2Xa0LMhBK', 'RSMaJCBgea', 'gq6ayOMFf1'
            Source: 0.2.SPA-198-2024.exe.b2c0000.4.raw.unpack, G70LPtnkfwrBUWNJQC.csHigh entropy of concatenated method names: 'ivvLODTq0', 'UXDv04SAa', 'qX8iLS0Pk', 'kIVTUhqur', 'dGkJVLE2v', 'pGiyOM85c', 'gsibitOleIfFm4VVfa', 'o4SpU9DhCktk9D9Wge', 'dFSJ6DHdFnHtIg3KwI', 'Tmbm9iLG4'
            Source: 0.2.SPA-198-2024.exe.443a128.0.raw.unpack, Re1omydSctGUoJBUTr.csHigh entropy of concatenated method names: 'oF0XE0lTK4', 'tj6XGTQsiw', 'vZqXd84GrD', 'FR9XrYt50S', 'jDTXUiPuYc', 'hy5Xjvfhc8', 'm87XBWHgyQ', 'K7jXK2KJsE', 'Q1MX9dfj8u', 'GsKXe4kn97'
            Source: 0.2.SPA-198-2024.exe.443a128.0.raw.unpack, adeKN0qSDhwrLpRHG8.csHigh entropy of concatenated method names: 'gM9PInwr4k', 'd78PDs4PdZ', 'DyiP6PO99i', 'NfTPFxu96L', 'WKVPfSmpi0', 'NgYPHo85sU', 'aXfP5FY6wY', 'hKgPqFa3HH', 'LsiP2SEwlL', 'E1YP1Nsr4H'
            Source: 0.2.SPA-198-2024.exe.443a128.0.raw.unpack, K70SETcjOUOWydl3Vi.csHigh entropy of concatenated method names: 'uf0O1wl0mj', 'OKuOAR7L9V', 'ToString', 'lnZODRAqv8', 'aJ8O6GVhEm', 'KD8OFXTY3n', 'Vw5Of3GMmY', 'E8sOHLUK3g', 'xo3O5UiKT0', 'CjjOqBOHoi'
            Source: 0.2.SPA-198-2024.exe.443a128.0.raw.unpack, MyL9WQbPBN5pLHgCkbI.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'PsIWdueJsa', 'hSHWrBtsw1', 'y6iWMpEAV3', 'tHtWcWQWAE', 'r0aWRZZGbL', 'T3GWZHaG92', 'b7IWpQyIkb'
            Source: 0.2.SPA-198-2024.exe.443a128.0.raw.unpack, GP8oxI64VGuiEsQl3Q.csHigh entropy of concatenated method names: 'Dispose', 'g35bNYmMlA', 'Tj1nUPXy45', 'HXOSSQxpXv', 'coKburSNuw', 'WFEbzVd4ZJ', 'ProcessDialogKey', 'UHqn4CPwtg', 'DcSnbPGQmo', 'wwLnnnGD1b'
            Source: 0.2.SPA-198-2024.exe.443a128.0.raw.unpack, Nqwn7Melarenpb2IX6.csHigh entropy of concatenated method names: 'QvQ5DZTDRm', 'Bil5FtuEil', 'MpN5HYC8tC', 'MdEHuViEXf', 'e36HzYS93K', 'oIL54H2hQO', 'swN5b0wm7G', 'LNH5n4jYai', 'Nhb5P8tQ0k', 'Ak753u96QL'
            Source: 0.2.SPA-198-2024.exe.443a128.0.raw.unpack, IxP4DcxZUc3QqEdMfP.csHigh entropy of concatenated method names: 'ApP5lLOQ3N', 'yGl5Qg44ly', 'FPy5LhdrMZ', 'bll5vT9Lns', 'GI45CYYYpd', 'Be95i9kKsI', 'iXW5TnhJGV', 'kI250GONrs', 'Tof5JAcgU0', 'xPf5yqsEnk'
            Source: 0.2.SPA-198-2024.exe.443a128.0.raw.unpack, kESCURzqi2SloBB49j.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'JHKao0jhNc', 'RfqaXvNrwK', 'l6Sahlu5tP', 'aEraOqWxbd', 'juUamoAZKT', 'hkPaammi7G', 'zKQaWMC4sf'
            Source: 0.2.SPA-198-2024.exe.443a128.0.raw.unpack, cGD1bju1VOVDr5g9UU.csHigh entropy of concatenated method names: 'lfJab8LxR6', 'k1FaPns2II', 'Ihra3DwrJh', 'iIoaDPaskM', 'TLOa6GybSv', 'o5Jaf77di1', 'B8JaHOFEZ0', 'dZOmpJmFJi', 'pnSm7csINt', 'MramNe0jWA'
            Source: 0.2.SPA-198-2024.exe.443a128.0.raw.unpack, oKrSNu7w7FEVd4ZJRH.csHigh entropy of concatenated method names: 'Vx1mDHcWjr', 'v5em6o5I3w', 'iFFmFIx85b', 'lDRmfe5hmH', 'vZamHrknPF', 'dRJm5drGxL', 'PZbmqq044j', 'a4Cm2knbie', 'Nd0m1RE0Wf', 'zosmAd87sS'
            Source: 0.2.SPA-198-2024.exe.443a128.0.raw.unpack, cTckQWytkSX4SW88bk.csHigh entropy of concatenated method names: 'q9GfC9qvIO', 'soZfTTnSag', 'wP2FjXdapm', 'EHfFB2BDaq', 'mVLFK1tNC9', 'GV1F9kZX9n', 'AA0FeIUplk', 'gjwF8krIXt', 'WEpFxLPNwO', 'b37FEjYLMO'
            Source: 0.2.SPA-198-2024.exe.443a128.0.raw.unpack, t46aQgU4PkBHV7amt9.csHigh entropy of concatenated method names: 'VaavotbZctiRlC12Z5q', 's5Xx9XbM2YNCF1wHGtP', 'lbZHmwgEOC', 'FJDHap79A0', 'U7QHWOunhM', 'vQYvETbP8dsKV46xesf', 'QHNMmkbLV0SKbCKSJon'
            Source: 0.2.SPA-198-2024.exe.443a128.0.raw.unpack, V4xNdPZPVblcHfeyJp.csHigh entropy of concatenated method names: 'z6oO7LiLhn', 'v3GOu0FJme', 'Jvnm4QLLeg', 'TjCmb5Uy4p', 'gaPOVOXXX6', 'DKpOGUwdQP', 'qfGOs237wJ', 'EHwOdrbEMb', 'jHNOrXaLWp', 'u0iOMuCuyI'
            Source: 0.2.SPA-198-2024.exe.443a128.0.raw.unpack, AhqsMis2eqf6v1KUZp.csHigh entropy of concatenated method names: 'Etgo0F4o8C', 'lOQoJd8NLD', 'RCmowmE1lL', 'FjQoURm7dT', 'K56oBxgioB', 'o9NoKSCuLG', 'bvXoehAq2y', 'VP4o8nAjtG', 'enyoE2s91Q', 'lU9oVnQ7xY'
            Source: 0.2.SPA-198-2024.exe.443a128.0.raw.unpack, nk7v2hwfmx0qv2PaRH.csHigh entropy of concatenated method names: 'G9RHIBT9QJ', 'T3FH6weUL5', 'q4dHf3gxie', 'jBmH5EhCdr', 'WIlHq6Hqt5', 'VNBfRVVCur', 'FMxfZNqIFv', 'L5BfpBABsd', 'F1Df7yIcbN', 'jKYfN7Y2ja'
            Source: 0.2.SPA-198-2024.exe.443a128.0.raw.unpack, mGaZqb0uhBVCNQDgWe.csHigh entropy of concatenated method names: 'v856djA5XX', 'Cph6rd429i', 'afa6MCiAhh', 'dFi6cTdeeR', 'htd6R1AARq', 'yh86ZB91DR', 'DYh6pS1olK', 'YGr67MYhCA', 'V7x6NMmFb9', 'q6t6ufNNxT'
            Source: 0.2.SPA-198-2024.exe.443a128.0.raw.unpack, cpYI863Frku2NWsY9W.csHigh entropy of concatenated method names: 'kxAb5GaZqb', 'YhBbqVCNQD', 'wOub15ud8W', 'qyJbAbPTck', 's88bXbkok7', 'A2hbhfmx0q', 'XaVnv1t55qIhwt3yin', 'Ot71uIBr6IH1n93od3', 'IQabbLXZEc', 'hGxbPpd9Ck'
            Source: 0.2.SPA-198-2024.exe.443a128.0.raw.unpack, kCPwtgNTcSPGQmokwL.csHigh entropy of concatenated method names: 'DgMmwNpmbv', 'ymvmUuiyuH', 'LixmjZaba6', 'io0mBdWoFD', 'BoHmdO94eC', 'PVomKZVVKD', 'Next', 'Next', 'Next', 'NextBytes'
            Source: 0.2.SPA-198-2024.exe.443a128.0.raw.unpack, faTxQkJOu5ud8WOyJb.csHigh entropy of concatenated method names: 'TmSFvtcSty', 'xXsFiEoO9u', 'j9LF0qZQvj', 'BPXFJR0j2k', 'Eh9FXypLha', 'bfYFhJqVht', 'LDFFOkPyo5', 'y3gFma7FaU', 'sMFFaU52HR', 'fF6FW9MIiG'
            Source: 0.2.SPA-198-2024.exe.443a128.0.raw.unpack, cJsmM1bbh41fVe4qCxs.csHigh entropy of concatenated method names: 'ToString', 'MHuWPD7JSC', 'R0AW3yv9SL', 'eowWIdZfmj', 'RNpWDMIBfQ', 'N8uW6Ev219', 'aqdWFfSrBY', 'M5GWfV7tHb', 'qYPRPZcDAm4wHYZpfth', 'SYrKxwcH7Vs0WSAX8it'
            Source: 0.2.SPA-198-2024.exe.443a128.0.raw.unpack, n1AbHOb4AASn9qP5Zkv.csHigh entropy of concatenated method names: 'ENZalDLhIq', 'ynoaQbS0ym', 'KeMaLBiTmW', 'l5LavYfg9c', 'txGaCc79Ow', 'slBaiR5veS', 'VjmaTFdPTs', 'b2Xa0LMhBK', 'RSMaJCBgea', 'gq6ayOMFf1'
            Source: 0.2.SPA-198-2024.exe.443a128.0.raw.unpack, G70LPtnkfwrBUWNJQC.csHigh entropy of concatenated method names: 'ivvLODTq0', 'UXDv04SAa', 'qX8iLS0Pk', 'kIVTUhqur', 'dGkJVLE2v', 'pGiyOM85c', 'gsibitOleIfFm4VVfa', 'o4SpU9DhCktk9D9Wge', 'dFSJ6DHdFnHtIg3KwI', 'Tmbm9iLG4'
            Source: 0.2.SPA-198-2024.exe.44c1f48.1.raw.unpack, Re1omydSctGUoJBUTr.csHigh entropy of concatenated method names: 'oF0XE0lTK4', 'tj6XGTQsiw', 'vZqXd84GrD', 'FR9XrYt50S', 'jDTXUiPuYc', 'hy5Xjvfhc8', 'm87XBWHgyQ', 'K7jXK2KJsE', 'Q1MX9dfj8u', 'GsKXe4kn97'
            Source: 0.2.SPA-198-2024.exe.44c1f48.1.raw.unpack, adeKN0qSDhwrLpRHG8.csHigh entropy of concatenated method names: 'gM9PInwr4k', 'd78PDs4PdZ', 'DyiP6PO99i', 'NfTPFxu96L', 'WKVPfSmpi0', 'NgYPHo85sU', 'aXfP5FY6wY', 'hKgPqFa3HH', 'LsiP2SEwlL', 'E1YP1Nsr4H'
            Source: 0.2.SPA-198-2024.exe.44c1f48.1.raw.unpack, K70SETcjOUOWydl3Vi.csHigh entropy of concatenated method names: 'uf0O1wl0mj', 'OKuOAR7L9V', 'ToString', 'lnZODRAqv8', 'aJ8O6GVhEm', 'KD8OFXTY3n', 'Vw5Of3GMmY', 'E8sOHLUK3g', 'xo3O5UiKT0', 'CjjOqBOHoi'
            Source: 0.2.SPA-198-2024.exe.44c1f48.1.raw.unpack, MyL9WQbPBN5pLHgCkbI.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'PsIWdueJsa', 'hSHWrBtsw1', 'y6iWMpEAV3', 'tHtWcWQWAE', 'r0aWRZZGbL', 'T3GWZHaG92', 'b7IWpQyIkb'
            Source: 0.2.SPA-198-2024.exe.44c1f48.1.raw.unpack, GP8oxI64VGuiEsQl3Q.csHigh entropy of concatenated method names: 'Dispose', 'g35bNYmMlA', 'Tj1nUPXy45', 'HXOSSQxpXv', 'coKburSNuw', 'WFEbzVd4ZJ', 'ProcessDialogKey', 'UHqn4CPwtg', 'DcSnbPGQmo', 'wwLnnnGD1b'
            Source: 0.2.SPA-198-2024.exe.44c1f48.1.raw.unpack, Nqwn7Melarenpb2IX6.csHigh entropy of concatenated method names: 'QvQ5DZTDRm', 'Bil5FtuEil', 'MpN5HYC8tC', 'MdEHuViEXf', 'e36HzYS93K', 'oIL54H2hQO', 'swN5b0wm7G', 'LNH5n4jYai', 'Nhb5P8tQ0k', 'Ak753u96QL'
            Source: 0.2.SPA-198-2024.exe.44c1f48.1.raw.unpack, IxP4DcxZUc3QqEdMfP.csHigh entropy of concatenated method names: 'ApP5lLOQ3N', 'yGl5Qg44ly', 'FPy5LhdrMZ', 'bll5vT9Lns', 'GI45CYYYpd', 'Be95i9kKsI', 'iXW5TnhJGV', 'kI250GONrs', 'Tof5JAcgU0', 'xPf5yqsEnk'
            Source: 0.2.SPA-198-2024.exe.44c1f48.1.raw.unpack, kESCURzqi2SloBB49j.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'JHKao0jhNc', 'RfqaXvNrwK', 'l6Sahlu5tP', 'aEraOqWxbd', 'juUamoAZKT', 'hkPaammi7G', 'zKQaWMC4sf'
            Source: 0.2.SPA-198-2024.exe.44c1f48.1.raw.unpack, cGD1bju1VOVDr5g9UU.csHigh entropy of concatenated method names: 'lfJab8LxR6', 'k1FaPns2II', 'Ihra3DwrJh', 'iIoaDPaskM', 'TLOa6GybSv', 'o5Jaf77di1', 'B8JaHOFEZ0', 'dZOmpJmFJi', 'pnSm7csINt', 'MramNe0jWA'
            Source: 0.2.SPA-198-2024.exe.44c1f48.1.raw.unpack, oKrSNu7w7FEVd4ZJRH.csHigh entropy of concatenated method names: 'Vx1mDHcWjr', 'v5em6o5I3w', 'iFFmFIx85b', 'lDRmfe5hmH', 'vZamHrknPF', 'dRJm5drGxL', 'PZbmqq044j', 'a4Cm2knbie', 'Nd0m1RE0Wf', 'zosmAd87sS'
            Source: 0.2.SPA-198-2024.exe.44c1f48.1.raw.unpack, cTckQWytkSX4SW88bk.csHigh entropy of concatenated method names: 'q9GfC9qvIO', 'soZfTTnSag', 'wP2FjXdapm', 'EHfFB2BDaq', 'mVLFK1tNC9', 'GV1F9kZX9n', 'AA0FeIUplk', 'gjwF8krIXt', 'WEpFxLPNwO', 'b37FEjYLMO'
            Source: 0.2.SPA-198-2024.exe.44c1f48.1.raw.unpack, t46aQgU4PkBHV7amt9.csHigh entropy of concatenated method names: 'VaavotbZctiRlC12Z5q', 's5Xx9XbM2YNCF1wHGtP', 'lbZHmwgEOC', 'FJDHap79A0', 'U7QHWOunhM', 'vQYvETbP8dsKV46xesf', 'QHNMmkbLV0SKbCKSJon'
            Source: 0.2.SPA-198-2024.exe.44c1f48.1.raw.unpack, V4xNdPZPVblcHfeyJp.csHigh entropy of concatenated method names: 'z6oO7LiLhn', 'v3GOu0FJme', 'Jvnm4QLLeg', 'TjCmb5Uy4p', 'gaPOVOXXX6', 'DKpOGUwdQP', 'qfGOs237wJ', 'EHwOdrbEMb', 'jHNOrXaLWp', 'u0iOMuCuyI'
            Source: 0.2.SPA-198-2024.exe.44c1f48.1.raw.unpack, AhqsMis2eqf6v1KUZp.csHigh entropy of concatenated method names: 'Etgo0F4o8C', 'lOQoJd8NLD', 'RCmowmE1lL', 'FjQoURm7dT', 'K56oBxgioB', 'o9NoKSCuLG', 'bvXoehAq2y', 'VP4o8nAjtG', 'enyoE2s91Q', 'lU9oVnQ7xY'
            Source: 0.2.SPA-198-2024.exe.44c1f48.1.raw.unpack, nk7v2hwfmx0qv2PaRH.csHigh entropy of concatenated method names: 'G9RHIBT9QJ', 'T3FH6weUL5', 'q4dHf3gxie', 'jBmH5EhCdr', 'WIlHq6Hqt5', 'VNBfRVVCur', 'FMxfZNqIFv', 'L5BfpBABsd', 'F1Df7yIcbN', 'jKYfN7Y2ja'
            Source: 0.2.SPA-198-2024.exe.44c1f48.1.raw.unpack, mGaZqb0uhBVCNQDgWe.csHigh entropy of concatenated method names: 'v856djA5XX', 'Cph6rd429i', 'afa6MCiAhh', 'dFi6cTdeeR', 'htd6R1AARq', 'yh86ZB91DR', 'DYh6pS1olK', 'YGr67MYhCA', 'V7x6NMmFb9', 'q6t6ufNNxT'
            Source: 0.2.SPA-198-2024.exe.44c1f48.1.raw.unpack, cpYI863Frku2NWsY9W.csHigh entropy of concatenated method names: 'kxAb5GaZqb', 'YhBbqVCNQD', 'wOub15ud8W', 'qyJbAbPTck', 's88bXbkok7', 'A2hbhfmx0q', 'XaVnv1t55qIhwt3yin', 'Ot71uIBr6IH1n93od3', 'IQabbLXZEc', 'hGxbPpd9Ck'
            Source: 0.2.SPA-198-2024.exe.44c1f48.1.raw.unpack, kCPwtgNTcSPGQmokwL.csHigh entropy of concatenated method names: 'DgMmwNpmbv', 'ymvmUuiyuH', 'LixmjZaba6', 'io0mBdWoFD', 'BoHmdO94eC', 'PVomKZVVKD', 'Next', 'Next', 'Next', 'NextBytes'
            Source: 0.2.SPA-198-2024.exe.44c1f48.1.raw.unpack, faTxQkJOu5ud8WOyJb.csHigh entropy of concatenated method names: 'TmSFvtcSty', 'xXsFiEoO9u', 'j9LF0qZQvj', 'BPXFJR0j2k', 'Eh9FXypLha', 'bfYFhJqVht', 'LDFFOkPyo5', 'y3gFma7FaU', 'sMFFaU52HR', 'fF6FW9MIiG'
            Source: 0.2.SPA-198-2024.exe.44c1f48.1.raw.unpack, cJsmM1bbh41fVe4qCxs.csHigh entropy of concatenated method names: 'ToString', 'MHuWPD7JSC', 'R0AW3yv9SL', 'eowWIdZfmj', 'RNpWDMIBfQ', 'N8uW6Ev219', 'aqdWFfSrBY', 'M5GWfV7tHb', 'qYPRPZcDAm4wHYZpfth', 'SYrKxwcH7Vs0WSAX8it'
            Source: 0.2.SPA-198-2024.exe.44c1f48.1.raw.unpack, n1AbHOb4AASn9qP5Zkv.csHigh entropy of concatenated method names: 'ENZalDLhIq', 'ynoaQbS0ym', 'KeMaLBiTmW', 'l5LavYfg9c', 'txGaCc79Ow', 'slBaiR5veS', 'VjmaTFdPTs', 'b2Xa0LMhBK', 'RSMaJCBgea', 'gq6ayOMFf1'
            Source: 0.2.SPA-198-2024.exe.44c1f48.1.raw.unpack, G70LPtnkfwrBUWNJQC.csHigh entropy of concatenated method names: 'ivvLODTq0', 'UXDv04SAa', 'qX8iLS0Pk', 'kIVTUhqur', 'dGkJVLE2v', 'pGiyOM85c', 'gsibitOleIfFm4VVfa', 'o4SpU9DhCktk9D9Wge', 'dFSJ6DHdFnHtIg3KwI', 'Tmbm9iLG4'
            Source: C:\Users\user\Desktop\SPA-198-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SPA-198-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SPA-198-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SPA-198-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SPA-198-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SPA-198-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SPA-198-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SPA-198-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SPA-198-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SPA-198-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SPA-198-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SPA-198-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SPA-198-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SPA-198-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SPA-198-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SPA-198-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SPA-198-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SPA-198-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SPA-198-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SPA-198-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SPA-198-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SPA-198-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SPA-198-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SPA-198-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SPA-198-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SPA-198-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SPA-198-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SPA-198-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SPA-198-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SPA-198-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SPA-198-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SPA-198-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SPA-198-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SPA-198-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SPA-198-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SPA-198-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SPA-198-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SPA-198-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SPA-198-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SPA-198-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SPA-198-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SPA-198-2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

            Malware Analysis System Evasion

            barindex
            Yara detected AntiVM3
            Source: Yara matchFile source: Process Memory Space: SPA-198-2024.exe PID: 6228, type: MEMORYSTR
            Source: C:\Users\user\Desktop\SPA-198-2024.exeMemory allocated: EA0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\SPA-198-2024.exeMemory allocated: 2970000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\SPA-198-2024.exeMemory allocated: 27A0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\SPA-198-2024.exeMemory allocated: 88F0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\SPA-198-2024.exeMemory allocated: 6DF0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\SPA-198-2024.exeMemory allocated: 98F0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\SPA-198-2024.exeMemory allocated: A8F0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\SPA-198-2024.exeMemory allocated: B350000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\SPA-198-2024.exeMemory allocated: C350000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AED1C0 rdtsc 3_2_01AED1C0
            Source: C:\Users\user\Desktop\SPA-198-2024.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\Desktop\SPA-198-2024.exeAPI coverage: 0.7 %
            Source: C:\Users\user\Desktop\SPA-198-2024.exe TID: 5768Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\SPA-198-2024.exe TID: 5140Thread sleep time: -30000s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\SPA-198-2024.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\Desktop\SPA-198-2024.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Users\user\Desktop\SPA-198-2024.exeProcess queried: DebugPortJump to behavior
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AED1C0 rdtsc 3_2_01AED1C0
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_00417563 LdrLoadDll,3_2_00417563
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B211A4 mov eax, dword ptr fs:[00000030h]3_2_01B211A4
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B211A4 mov eax, dword ptr fs:[00000030h]3_2_01B211A4
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B211A4 mov eax, dword ptr fs:[00000030h]3_2_01B211A4
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B211A4 mov eax, dword ptr fs:[00000030h]3_2_01B211A4
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A8B1B0 mov eax, dword ptr fs:[00000030h]3_2_01A8B1B0
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AB0185 mov eax, dword ptr fs:[00000030h]3_2_01AB0185
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AF019F mov eax, dword ptr fs:[00000030h]3_2_01AF019F
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AF019F mov eax, dword ptr fs:[00000030h]3_2_01AF019F
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AF019F mov eax, dword ptr fs:[00000030h]3_2_01AF019F
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AF019F mov eax, dword ptr fs:[00000030h]3_2_01AF019F
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A6A197 mov eax, dword ptr fs:[00000030h]3_2_01A6A197
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A6A197 mov eax, dword ptr fs:[00000030h]3_2_01A6A197
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A6A197 mov eax, dword ptr fs:[00000030h]3_2_01A6A197
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B2C188 mov eax, dword ptr fs:[00000030h]3_2_01B2C188
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B2C188 mov eax, dword ptr fs:[00000030h]3_2_01B2C188
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AC7190 mov eax, dword ptr fs:[00000030h]3_2_01AC7190
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A951EF mov eax, dword ptr fs:[00000030h]3_2_01A951EF
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A951EF mov eax, dword ptr fs:[00000030h]3_2_01A951EF
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A951EF mov eax, dword ptr fs:[00000030h]3_2_01A951EF
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A951EF mov eax, dword ptr fs:[00000030h]3_2_01A951EF
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A951EF mov eax, dword ptr fs:[00000030h]3_2_01A951EF
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A951EF mov eax, dword ptr fs:[00000030h]3_2_01A951EF
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A951EF mov eax, dword ptr fs:[00000030h]3_2_01A951EF
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A951EF mov eax, dword ptr fs:[00000030h]3_2_01A951EF
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A951EF mov eax, dword ptr fs:[00000030h]3_2_01A951EF
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A951EF mov eax, dword ptr fs:[00000030h]3_2_01A951EF
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A951EF mov eax, dword ptr fs:[00000030h]3_2_01A951EF
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A951EF mov eax, dword ptr fs:[00000030h]3_2_01A951EF
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A951EF mov eax, dword ptr fs:[00000030h]3_2_01A951EF
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B171F9 mov esi, dword ptr fs:[00000030h]3_2_01B171F9
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A751ED mov eax, dword ptr fs:[00000030h]3_2_01A751ED
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B461E5 mov eax, dword ptr fs:[00000030h]3_2_01B461E5
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AA01F8 mov eax, dword ptr fs:[00000030h]3_2_01AA01F8
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B361C3 mov eax, dword ptr fs:[00000030h]3_2_01B361C3
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B361C3 mov eax, dword ptr fs:[00000030h]3_2_01B361C3
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AAD1D0 mov eax, dword ptr fs:[00000030h]3_2_01AAD1D0
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AAD1D0 mov ecx, dword ptr fs:[00000030h]3_2_01AAD1D0
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AEE1D0 mov eax, dword ptr fs:[00000030h]3_2_01AEE1D0
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AEE1D0 mov eax, dword ptr fs:[00000030h]3_2_01AEE1D0
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AEE1D0 mov ecx, dword ptr fs:[00000030h]3_2_01AEE1D0
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AEE1D0 mov eax, dword ptr fs:[00000030h]3_2_01AEE1D0
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AEE1D0 mov eax, dword ptr fs:[00000030h]3_2_01AEE1D0
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B451CB mov eax, dword ptr fs:[00000030h]3_2_01B451CB
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AA0124 mov eax, dword ptr fs:[00000030h]3_2_01AA0124
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A6B136 mov eax, dword ptr fs:[00000030h]3_2_01A6B136
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A6B136 mov eax, dword ptr fs:[00000030h]3_2_01A6B136
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A6B136 mov eax, dword ptr fs:[00000030h]3_2_01A6B136
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A6B136 mov eax, dword ptr fs:[00000030h]3_2_01A6B136
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A71131 mov eax, dword ptr fs:[00000030h]3_2_01A71131
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A71131 mov eax, dword ptr fs:[00000030h]3_2_01A71131
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B30115 mov eax, dword ptr fs:[00000030h]3_2_01B30115
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B1A118 mov ecx, dword ptr fs:[00000030h]3_2_01B1A118
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B1A118 mov eax, dword ptr fs:[00000030h]3_2_01B1A118
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B1A118 mov eax, dword ptr fs:[00000030h]3_2_01B1A118
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B1A118 mov eax, dword ptr fs:[00000030h]3_2_01B1A118
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B09179 mov eax, dword ptr fs:[00000030h]3_2_01B09179
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A6F172 mov eax, dword ptr fs:[00000030h]3_2_01A6F172
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A6F172 mov eax, dword ptr fs:[00000030h]3_2_01A6F172
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A6F172 mov eax, dword ptr fs:[00000030h]3_2_01A6F172
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A6F172 mov eax, dword ptr fs:[00000030h]3_2_01A6F172
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A6F172 mov eax, dword ptr fs:[00000030h]3_2_01A6F172
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A6F172 mov eax, dword ptr fs:[00000030h]3_2_01A6F172
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A6F172 mov eax, dword ptr fs:[00000030h]3_2_01A6F172
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A6F172 mov eax, dword ptr fs:[00000030h]3_2_01A6F172
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A6F172 mov eax, dword ptr fs:[00000030h]3_2_01A6F172
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A6F172 mov eax, dword ptr fs:[00000030h]3_2_01A6F172
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A6F172 mov eax, dword ptr fs:[00000030h]3_2_01A6F172
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A6F172 mov eax, dword ptr fs:[00000030h]3_2_01A6F172
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A6F172 mov eax, dword ptr fs:[00000030h]3_2_01A6F172
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A6F172 mov eax, dword ptr fs:[00000030h]3_2_01A6F172
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A6F172 mov eax, dword ptr fs:[00000030h]3_2_01A6F172
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A6F172 mov eax, dword ptr fs:[00000030h]3_2_01A6F172
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A6F172 mov eax, dword ptr fs:[00000030h]3_2_01A6F172
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A6F172 mov eax, dword ptr fs:[00000030h]3_2_01A6F172
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A6F172 mov eax, dword ptr fs:[00000030h]3_2_01A6F172
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A6F172 mov eax, dword ptr fs:[00000030h]3_2_01A6F172
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A6F172 mov eax, dword ptr fs:[00000030h]3_2_01A6F172
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B45152 mov eax, dword ptr fs:[00000030h]3_2_01B45152
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B08158 mov eax, dword ptr fs:[00000030h]3_2_01B08158
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A69148 mov eax, dword ptr fs:[00000030h]3_2_01A69148
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A69148 mov eax, dword ptr fs:[00000030h]3_2_01A69148
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A69148 mov eax, dword ptr fs:[00000030h]3_2_01A69148
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A69148 mov eax, dword ptr fs:[00000030h]3_2_01A69148
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A6C156 mov eax, dword ptr fs:[00000030h]3_2_01A6C156
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B03140 mov eax, dword ptr fs:[00000030h]3_2_01B03140
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B03140 mov eax, dword ptr fs:[00000030h]3_2_01B03140
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B03140 mov eax, dword ptr fs:[00000030h]3_2_01B03140
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A76154 mov eax, dword ptr fs:[00000030h]3_2_01A76154
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A76154 mov eax, dword ptr fs:[00000030h]3_2_01A76154
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B04144 mov eax, dword ptr fs:[00000030h]3_2_01B04144
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B04144 mov eax, dword ptr fs:[00000030h]3_2_01B04144
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B04144 mov ecx, dword ptr fs:[00000030h]3_2_01B04144
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B04144 mov eax, dword ptr fs:[00000030h]3_2_01B04144
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B04144 mov eax, dword ptr fs:[00000030h]3_2_01B04144
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A77152 mov eax, dword ptr fs:[00000030h]3_2_01A77152
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B360B8 mov eax, dword ptr fs:[00000030h]3_2_01B360B8
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B360B8 mov ecx, dword ptr fs:[00000030h]3_2_01B360B8
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B080A8 mov eax, dword ptr fs:[00000030h]3_2_01B080A8
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A6D08D mov eax, dword ptr fs:[00000030h]3_2_01A6D08D
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A7208A mov eax, dword ptr fs:[00000030h]3_2_01A7208A
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AFD080 mov eax, dword ptr fs:[00000030h]3_2_01AFD080
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AFD080 mov eax, dword ptr fs:[00000030h]3_2_01AFD080
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A75096 mov eax, dword ptr fs:[00000030h]3_2_01A75096
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AA909C mov eax, dword ptr fs:[00000030h]3_2_01AA909C
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A9D090 mov eax, dword ptr fs:[00000030h]3_2_01A9D090
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A9D090 mov eax, dword ptr fs:[00000030h]3_2_01A9D090
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A6A0E3 mov ecx, dword ptr fs:[00000030h]3_2_01A6A0E3
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A950E4 mov eax, dword ptr fs:[00000030h]3_2_01A950E4
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A950E4 mov ecx, dword ptr fs:[00000030h]3_2_01A950E4
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A780E9 mov eax, dword ptr fs:[00000030h]3_2_01A780E9
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AF60E0 mov eax, dword ptr fs:[00000030h]3_2_01AF60E0
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A6C0F0 mov eax, dword ptr fs:[00000030h]3_2_01A6C0F0
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AB20F0 mov ecx, dword ptr fs:[00000030h]3_2_01AB20F0
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A870C0 mov eax, dword ptr fs:[00000030h]3_2_01A870C0
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A870C0 mov ecx, dword ptr fs:[00000030h]3_2_01A870C0
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A870C0 mov ecx, dword ptr fs:[00000030h]3_2_01A870C0
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A870C0 mov eax, dword ptr fs:[00000030h]3_2_01A870C0
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A870C0 mov ecx, dword ptr fs:[00000030h]3_2_01A870C0
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A870C0 mov ecx, dword ptr fs:[00000030h]3_2_01A870C0
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A870C0 mov eax, dword ptr fs:[00000030h]3_2_01A870C0
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A870C0 mov eax, dword ptr fs:[00000030h]3_2_01A870C0
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A870C0 mov eax, dword ptr fs:[00000030h]3_2_01A870C0
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A870C0 mov eax, dword ptr fs:[00000030h]3_2_01A870C0
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A870C0 mov eax, dword ptr fs:[00000030h]3_2_01A870C0
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A870C0 mov eax, dword ptr fs:[00000030h]3_2_01A870C0
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A870C0 mov eax, dword ptr fs:[00000030h]3_2_01A870C0
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A870C0 mov eax, dword ptr fs:[00000030h]3_2_01A870C0
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A870C0 mov eax, dword ptr fs:[00000030h]3_2_01A870C0
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A870C0 mov eax, dword ptr fs:[00000030h]3_2_01A870C0
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A870C0 mov eax, dword ptr fs:[00000030h]3_2_01A870C0
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A870C0 mov eax, dword ptr fs:[00000030h]3_2_01A870C0
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B450D9 mov eax, dword ptr fs:[00000030h]3_2_01B450D9
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AED0C0 mov eax, dword ptr fs:[00000030h]3_2_01AED0C0
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AED0C0 mov eax, dword ptr fs:[00000030h]3_2_01AED0C0
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AF20DE mov eax, dword ptr fs:[00000030h]3_2_01AF20DE
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A990DB mov eax, dword ptr fs:[00000030h]3_2_01A990DB
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A6A020 mov eax, dword ptr fs:[00000030h]3_2_01A6A020
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A6C020 mov eax, dword ptr fs:[00000030h]3_2_01A6C020
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B3903E mov eax, dword ptr fs:[00000030h]3_2_01B3903E
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B3903E mov eax, dword ptr fs:[00000030h]3_2_01B3903E
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B3903E mov eax, dword ptr fs:[00000030h]3_2_01B3903E
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B3903E mov eax, dword ptr fs:[00000030h]3_2_01B3903E
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AF4000 mov ecx, dword ptr fs:[00000030h]3_2_01AF4000
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A8E016 mov eax, dword ptr fs:[00000030h]3_2_01A8E016
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A8E016 mov eax, dword ptr fs:[00000030h]3_2_01A8E016
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A8E016 mov eax, dword ptr fs:[00000030h]3_2_01A8E016
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A8E016 mov eax, dword ptr fs:[00000030h]3_2_01A8E016
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AF106E mov eax, dword ptr fs:[00000030h]3_2_01AF106E
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B45060 mov eax, dword ptr fs:[00000030h]3_2_01B45060
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A81070 mov eax, dword ptr fs:[00000030h]3_2_01A81070
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A81070 mov ecx, dword ptr fs:[00000030h]3_2_01A81070
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A81070 mov eax, dword ptr fs:[00000030h]3_2_01A81070
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A81070 mov eax, dword ptr fs:[00000030h]3_2_01A81070
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A81070 mov eax, dword ptr fs:[00000030h]3_2_01A81070
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A81070 mov eax, dword ptr fs:[00000030h]3_2_01A81070
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A81070 mov eax, dword ptr fs:[00000030h]3_2_01A81070
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A81070 mov eax, dword ptr fs:[00000030h]3_2_01A81070
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A81070 mov eax, dword ptr fs:[00000030h]3_2_01A81070
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A81070 mov eax, dword ptr fs:[00000030h]3_2_01A81070
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A81070 mov eax, dword ptr fs:[00000030h]3_2_01A81070
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A81070 mov eax, dword ptr fs:[00000030h]3_2_01A81070
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A81070 mov eax, dword ptr fs:[00000030h]3_2_01A81070
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A9C073 mov eax, dword ptr fs:[00000030h]3_2_01A9C073
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AED070 mov ecx, dword ptr fs:[00000030h]3_2_01AED070
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B1705E mov ebx, dword ptr fs:[00000030h]3_2_01B1705E
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B1705E mov eax, dword ptr fs:[00000030h]3_2_01B1705E
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A72050 mov eax, dword ptr fs:[00000030h]3_2_01A72050
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A9B052 mov eax, dword ptr fs:[00000030h]3_2_01A9B052
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AF6050 mov eax, dword ptr fs:[00000030h]3_2_01AF6050
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AA33A0 mov eax, dword ptr fs:[00000030h]3_2_01AA33A0
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AA33A0 mov eax, dword ptr fs:[00000030h]3_2_01AA33A0
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A933A5 mov eax, dword ptr fs:[00000030h]3_2_01A933A5
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A9438F mov eax, dword ptr fs:[00000030h]3_2_01A9438F
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A9438F mov eax, dword ptr fs:[00000030h]3_2_01A9438F
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B4539D mov eax, dword ptr fs:[00000030h]3_2_01B4539D
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A6E388 mov eax, dword ptr fs:[00000030h]3_2_01A6E388
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A6E388 mov eax, dword ptr fs:[00000030h]3_2_01A6E388
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A6E388 mov eax, dword ptr fs:[00000030h]3_2_01A6E388
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A68397 mov eax, dword ptr fs:[00000030h]3_2_01A68397
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A68397 mov eax, dword ptr fs:[00000030h]3_2_01A68397
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A68397 mov eax, dword ptr fs:[00000030h]3_2_01A68397
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AC739A mov eax, dword ptr fs:[00000030h]3_2_01AC739A
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AC739A mov eax, dword ptr fs:[00000030h]3_2_01AC739A
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A803E9 mov eax, dword ptr fs:[00000030h]3_2_01A803E9
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A803E9 mov eax, dword ptr fs:[00000030h]3_2_01A803E9
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A803E9 mov eax, dword ptr fs:[00000030h]3_2_01A803E9
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A803E9 mov eax, dword ptr fs:[00000030h]3_2_01A803E9
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A803E9 mov eax, dword ptr fs:[00000030h]3_2_01A803E9
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A803E9 mov eax, dword ptr fs:[00000030h]3_2_01A803E9
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A803E9 mov eax, dword ptr fs:[00000030h]3_2_01A803E9
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A803E9 mov eax, dword ptr fs:[00000030h]3_2_01A803E9
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B453FC mov eax, dword ptr fs:[00000030h]3_2_01B453FC
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B2F3E6 mov eax, dword ptr fs:[00000030h]3_2_01B2F3E6
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AA63FF mov eax, dword ptr fs:[00000030h]3_2_01AA63FF
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A8E3F0 mov eax, dword ptr fs:[00000030h]3_2_01A8E3F0
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A8E3F0 mov eax, dword ptr fs:[00000030h]3_2_01A8E3F0
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A8E3F0 mov eax, dword ptr fs:[00000030h]3_2_01A8E3F0
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B2B3D0 mov ecx, dword ptr fs:[00000030h]3_2_01B2B3D0
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A7A3C0 mov eax, dword ptr fs:[00000030h]3_2_01A7A3C0
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A7A3C0 mov eax, dword ptr fs:[00000030h]3_2_01A7A3C0
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A7A3C0 mov eax, dword ptr fs:[00000030h]3_2_01A7A3C0
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A7A3C0 mov eax, dword ptr fs:[00000030h]3_2_01A7A3C0
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A7A3C0 mov eax, dword ptr fs:[00000030h]3_2_01A7A3C0
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A7A3C0 mov eax, dword ptr fs:[00000030h]3_2_01A7A3C0
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A783C0 mov eax, dword ptr fs:[00000030h]3_2_01A783C0
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A783C0 mov eax, dword ptr fs:[00000030h]3_2_01A783C0
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A783C0 mov eax, dword ptr fs:[00000030h]3_2_01A783C0
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A783C0 mov eax, dword ptr fs:[00000030h]3_2_01A783C0
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AF63C0 mov eax, dword ptr fs:[00000030h]3_2_01AF63C0
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B2C3CD mov eax, dword ptr fs:[00000030h]3_2_01B2C3CD
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A9F32A mov eax, dword ptr fs:[00000030h]3_2_01A9F32A
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A67330 mov eax, dword ptr fs:[00000030h]3_2_01A67330
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B3132D mov eax, dword ptr fs:[00000030h]3_2_01B3132D
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B3132D mov eax, dword ptr fs:[00000030h]3_2_01B3132D
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AAA30B mov eax, dword ptr fs:[00000030h]3_2_01AAA30B
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AAA30B mov eax, dword ptr fs:[00000030h]3_2_01AAA30B
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AAA30B mov eax, dword ptr fs:[00000030h]3_2_01AAA30B
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AF930B mov eax, dword ptr fs:[00000030h]3_2_01AF930B
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AF930B mov eax, dword ptr fs:[00000030h]3_2_01AF930B
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AF930B mov eax, dword ptr fs:[00000030h]3_2_01AF930B
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A6C310 mov ecx, dword ptr fs:[00000030h]3_2_01A6C310
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A90310 mov ecx, dword ptr fs:[00000030h]3_2_01A90310
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B1437C mov eax, dword ptr fs:[00000030h]3_2_01B1437C
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B2F367 mov eax, dword ptr fs:[00000030h]3_2_01B2F367
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A77370 mov eax, dword ptr fs:[00000030h]3_2_01A77370
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A77370 mov eax, dword ptr fs:[00000030h]3_2_01A77370
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A77370 mov eax, dword ptr fs:[00000030h]3_2_01A77370
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B3A352 mov eax, dword ptr fs:[00000030h]3_2_01B3A352
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AF2349 mov eax, dword ptr fs:[00000030h]3_2_01AF2349
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AF2349 mov eax, dword ptr fs:[00000030h]3_2_01AF2349
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AF2349 mov eax, dword ptr fs:[00000030h]3_2_01AF2349
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AF2349 mov eax, dword ptr fs:[00000030h]3_2_01AF2349
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AF2349 mov eax, dword ptr fs:[00000030h]3_2_01AF2349
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AF2349 mov eax, dword ptr fs:[00000030h]3_2_01AF2349
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AF2349 mov eax, dword ptr fs:[00000030h]3_2_01AF2349
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AF2349 mov eax, dword ptr fs:[00000030h]3_2_01AF2349
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AF2349 mov eax, dword ptr fs:[00000030h]3_2_01AF2349
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AF2349 mov eax, dword ptr fs:[00000030h]3_2_01AF2349
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AF2349 mov eax, dword ptr fs:[00000030h]3_2_01AF2349
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AF2349 mov eax, dword ptr fs:[00000030h]3_2_01AF2349
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AF2349 mov eax, dword ptr fs:[00000030h]3_2_01AF2349
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AF2349 mov eax, dword ptr fs:[00000030h]3_2_01AF2349
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AF2349 mov eax, dword ptr fs:[00000030h]3_2_01AF2349
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A6D34C mov eax, dword ptr fs:[00000030h]3_2_01A6D34C
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A6D34C mov eax, dword ptr fs:[00000030h]3_2_01A6D34C
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AF035C mov eax, dword ptr fs:[00000030h]3_2_01AF035C
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AF035C mov eax, dword ptr fs:[00000030h]3_2_01AF035C
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AF035C mov eax, dword ptr fs:[00000030h]3_2_01AF035C
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AF035C mov ecx, dword ptr fs:[00000030h]3_2_01AF035C
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AF035C mov eax, dword ptr fs:[00000030h]3_2_01AF035C
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AF035C mov eax, dword ptr fs:[00000030h]3_2_01AF035C
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B45341 mov eax, dword ptr fs:[00000030h]3_2_01B45341
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A69353 mov eax, dword ptr fs:[00000030h]3_2_01A69353
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A69353 mov eax, dword ptr fs:[00000030h]3_2_01A69353
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A852A0 mov eax, dword ptr fs:[00000030h]3_2_01A852A0
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A852A0 mov eax, dword ptr fs:[00000030h]3_2_01A852A0
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A852A0 mov eax, dword ptr fs:[00000030h]3_2_01A852A0
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A852A0 mov eax, dword ptr fs:[00000030h]3_2_01A852A0
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B072A0 mov eax, dword ptr fs:[00000030h]3_2_01B072A0
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B072A0 mov eax, dword ptr fs:[00000030h]3_2_01B072A0
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B062A0 mov eax, dword ptr fs:[00000030h]3_2_01B062A0
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B062A0 mov ecx, dword ptr fs:[00000030h]3_2_01B062A0
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B062A0 mov eax, dword ptr fs:[00000030h]3_2_01B062A0
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B062A0 mov eax, dword ptr fs:[00000030h]3_2_01B062A0
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B062A0 mov eax, dword ptr fs:[00000030h]3_2_01B062A0
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B062A0 mov eax, dword ptr fs:[00000030h]3_2_01B062A0
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AF92BC mov eax, dword ptr fs:[00000030h]3_2_01AF92BC
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AF92BC mov eax, dword ptr fs:[00000030h]3_2_01AF92BC
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AF92BC mov ecx, dword ptr fs:[00000030h]3_2_01AF92BC
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AF92BC mov ecx, dword ptr fs:[00000030h]3_2_01AF92BC
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B392A6 mov eax, dword ptr fs:[00000030h]3_2_01B392A6
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B392A6 mov eax, dword ptr fs:[00000030h]3_2_01B392A6
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B392A6 mov eax, dword ptr fs:[00000030h]3_2_01B392A6
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B392A6 mov eax, dword ptr fs:[00000030h]3_2_01B392A6
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AF0283 mov eax, dword ptr fs:[00000030h]3_2_01AF0283
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AF0283 mov eax, dword ptr fs:[00000030h]3_2_01AF0283
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AF0283 mov eax, dword ptr fs:[00000030h]3_2_01AF0283
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AAE284 mov eax, dword ptr fs:[00000030h]3_2_01AAE284
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AAE284 mov eax, dword ptr fs:[00000030h]3_2_01AAE284
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AA329E mov eax, dword ptr fs:[00000030h]3_2_01AA329E
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AA329E mov eax, dword ptr fs:[00000030h]3_2_01AA329E
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B45283 mov eax, dword ptr fs:[00000030h]3_2_01B45283
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A802E1 mov eax, dword ptr fs:[00000030h]3_2_01A802E1
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A802E1 mov eax, dword ptr fs:[00000030h]3_2_01A802E1
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A802E1 mov eax, dword ptr fs:[00000030h]3_2_01A802E1
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B2F2F8 mov eax, dword ptr fs:[00000030h]3_2_01B2F2F8
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B452E2 mov eax, dword ptr fs:[00000030h]3_2_01B452E2
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A692FF mov eax, dword ptr fs:[00000030h]3_2_01A692FF
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B212ED mov eax, dword ptr fs:[00000030h]3_2_01B212ED
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B212ED mov eax, dword ptr fs:[00000030h]3_2_01B212ED
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B212ED mov eax, dword ptr fs:[00000030h]3_2_01B212ED
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B212ED mov eax, dword ptr fs:[00000030h]3_2_01B212ED
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B212ED mov eax, dword ptr fs:[00000030h]3_2_01B212ED
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B212ED mov eax, dword ptr fs:[00000030h]3_2_01B212ED
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B212ED mov eax, dword ptr fs:[00000030h]3_2_01B212ED
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B212ED mov eax, dword ptr fs:[00000030h]3_2_01B212ED
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B212ED mov eax, dword ptr fs:[00000030h]3_2_01B212ED
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B212ED mov eax, dword ptr fs:[00000030h]3_2_01B212ED
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B212ED mov eax, dword ptr fs:[00000030h]3_2_01B212ED
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B212ED mov eax, dword ptr fs:[00000030h]3_2_01B212ED
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B212ED mov eax, dword ptr fs:[00000030h]3_2_01B212ED
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B212ED mov eax, dword ptr fs:[00000030h]3_2_01B212ED
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A792C5 mov eax, dword ptr fs:[00000030h]3_2_01A792C5
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A792C5 mov eax, dword ptr fs:[00000030h]3_2_01A792C5
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A7A2C3 mov eax, dword ptr fs:[00000030h]3_2_01A7A2C3
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A7A2C3 mov eax, dword ptr fs:[00000030h]3_2_01A7A2C3
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A7A2C3 mov eax, dword ptr fs:[00000030h]3_2_01A7A2C3
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A7A2C3 mov eax, dword ptr fs:[00000030h]3_2_01A7A2C3
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A7A2C3 mov eax, dword ptr fs:[00000030h]3_2_01A7A2C3
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A9B2C0 mov eax, dword ptr fs:[00000030h]3_2_01A9B2C0
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A9B2C0 mov eax, dword ptr fs:[00000030h]3_2_01A9B2C0
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A9B2C0 mov eax, dword ptr fs:[00000030h]3_2_01A9B2C0
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A9B2C0 mov eax, dword ptr fs:[00000030h]3_2_01A9B2C0
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A9B2C0 mov eax, dword ptr fs:[00000030h]3_2_01A9B2C0
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A9B2C0 mov eax, dword ptr fs:[00000030h]3_2_01A9B2C0
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A9B2C0 mov eax, dword ptr fs:[00000030h]3_2_01A9B2C0
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A6B2D3 mov eax, dword ptr fs:[00000030h]3_2_01A6B2D3
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A6B2D3 mov eax, dword ptr fs:[00000030h]3_2_01A6B2D3
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A6B2D3 mov eax, dword ptr fs:[00000030h]3_2_01A6B2D3
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A9F2D0 mov eax, dword ptr fs:[00000030h]3_2_01A9F2D0
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A9F2D0 mov eax, dword ptr fs:[00000030h]3_2_01A9F2D0
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B45227 mov eax, dword ptr fs:[00000030h]3_2_01B45227
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A6823B mov eax, dword ptr fs:[00000030h]3_2_01A6823B
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AA7208 mov eax, dword ptr fs:[00000030h]3_2_01AA7208
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AA7208 mov eax, dword ptr fs:[00000030h]3_2_01AA7208
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B20274 mov eax, dword ptr fs:[00000030h]3_2_01B20274
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B20274 mov eax, dword ptr fs:[00000030h]3_2_01B20274
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B20274 mov eax, dword ptr fs:[00000030h]3_2_01B20274
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B20274 mov eax, dword ptr fs:[00000030h]3_2_01B20274
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B20274 mov eax, dword ptr fs:[00000030h]3_2_01B20274
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B20274 mov eax, dword ptr fs:[00000030h]3_2_01B20274
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B20274 mov eax, dword ptr fs:[00000030h]3_2_01B20274
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B20274 mov eax, dword ptr fs:[00000030h]3_2_01B20274
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B20274 mov eax, dword ptr fs:[00000030h]3_2_01B20274
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B20274 mov eax, dword ptr fs:[00000030h]3_2_01B20274
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B20274 mov eax, dword ptr fs:[00000030h]3_2_01B20274
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B20274 mov eax, dword ptr fs:[00000030h]3_2_01B20274
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A74260 mov eax, dword ptr fs:[00000030h]3_2_01A74260
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A74260 mov eax, dword ptr fs:[00000030h]3_2_01A74260
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A74260 mov eax, dword ptr fs:[00000030h]3_2_01A74260
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A6826B mov eax, dword ptr fs:[00000030h]3_2_01A6826B
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B3D26B mov eax, dword ptr fs:[00000030h]3_2_01B3D26B
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B3D26B mov eax, dword ptr fs:[00000030h]3_2_01B3D26B
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AB1270 mov eax, dword ptr fs:[00000030h]3_2_01AB1270
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AB1270 mov eax, dword ptr fs:[00000030h]3_2_01AB1270
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A99274 mov eax, dword ptr fs:[00000030h]3_2_01A99274
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B2B256 mov eax, dword ptr fs:[00000030h]3_2_01B2B256
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B2B256 mov eax, dword ptr fs:[00000030h]3_2_01B2B256
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A69240 mov eax, dword ptr fs:[00000030h]3_2_01A69240
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A69240 mov eax, dword ptr fs:[00000030h]3_2_01A69240
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AA724D mov eax, dword ptr fs:[00000030h]3_2_01AA724D
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AF8243 mov eax, dword ptr fs:[00000030h]3_2_01AF8243
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AF8243 mov ecx, dword ptr fs:[00000030h]3_2_01AF8243
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A6A250 mov eax, dword ptr fs:[00000030h]3_2_01A6A250
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A76259 mov eax, dword ptr fs:[00000030h]3_2_01A76259
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AFD250 mov ecx, dword ptr fs:[00000030h]3_2_01AFD250
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A915A9 mov eax, dword ptr fs:[00000030h]3_2_01A915A9
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A915A9 mov eax, dword ptr fs:[00000030h]3_2_01A915A9
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A915A9 mov eax, dword ptr fs:[00000030h]3_2_01A915A9
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A915A9 mov eax, dword ptr fs:[00000030h]3_2_01A915A9
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A915A9 mov eax, dword ptr fs:[00000030h]3_2_01A915A9
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AF05A7 mov eax, dword ptr fs:[00000030h]3_2_01AF05A7
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AF05A7 mov eax, dword ptr fs:[00000030h]3_2_01AF05A7
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AF05A7 mov eax, dword ptr fs:[00000030h]3_2_01AF05A7
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B035BA mov eax, dword ptr fs:[00000030h]3_2_01B035BA
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B035BA mov eax, dword ptr fs:[00000030h]3_2_01B035BA
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B035BA mov eax, dword ptr fs:[00000030h]3_2_01B035BA
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B035BA mov eax, dword ptr fs:[00000030h]3_2_01B035BA
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B2F5BE mov eax, dword ptr fs:[00000030h]3_2_01B2F5BE
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A945B1 mov eax, dword ptr fs:[00000030h]3_2_01A945B1
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A945B1 mov eax, dword ptr fs:[00000030h]3_2_01A945B1
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A9F5B0 mov eax, dword ptr fs:[00000030h]3_2_01A9F5B0
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A9F5B0 mov eax, dword ptr fs:[00000030h]3_2_01A9F5B0
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A9F5B0 mov eax, dword ptr fs:[00000030h]3_2_01A9F5B0
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A9F5B0 mov eax, dword ptr fs:[00000030h]3_2_01A9F5B0
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A9F5B0 mov eax, dword ptr fs:[00000030h]3_2_01A9F5B0
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A9F5B0 mov eax, dword ptr fs:[00000030h]3_2_01A9F5B0
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A9F5B0 mov eax, dword ptr fs:[00000030h]3_2_01A9F5B0
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A9F5B0 mov eax, dword ptr fs:[00000030h]3_2_01A9F5B0
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A9F5B0 mov eax, dword ptr fs:[00000030h]3_2_01A9F5B0
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AA4588 mov eax, dword ptr fs:[00000030h]3_2_01AA4588
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A72582 mov eax, dword ptr fs:[00000030h]3_2_01A72582
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A72582 mov ecx, dword ptr fs:[00000030h]3_2_01A72582
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A6758F mov eax, dword ptr fs:[00000030h]3_2_01A6758F
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A6758F mov eax, dword ptr fs:[00000030h]3_2_01A6758F
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A6758F mov eax, dword ptr fs:[00000030h]3_2_01A6758F
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AAE59C mov eax, dword ptr fs:[00000030h]3_2_01AAE59C
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AFB594 mov eax, dword ptr fs:[00000030h]3_2_01AFB594
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AFB594 mov eax, dword ptr fs:[00000030h]3_2_01AFB594
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AAC5ED mov eax, dword ptr fs:[00000030h]3_2_01AAC5ED
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AAC5ED mov eax, dword ptr fs:[00000030h]3_2_01AAC5ED
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A725E0 mov eax, dword ptr fs:[00000030h]3_2_01A725E0
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A9E5E7 mov eax, dword ptr fs:[00000030h]3_2_01A9E5E7
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A9E5E7 mov eax, dword ptr fs:[00000030h]3_2_01A9E5E7
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A9E5E7 mov eax, dword ptr fs:[00000030h]3_2_01A9E5E7
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A9E5E7 mov eax, dword ptr fs:[00000030h]3_2_01A9E5E7
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A9E5E7 mov eax, dword ptr fs:[00000030h]3_2_01A9E5E7
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A9E5E7 mov eax, dword ptr fs:[00000030h]3_2_01A9E5E7
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A9E5E7 mov eax, dword ptr fs:[00000030h]3_2_01A9E5E7
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A9E5E7 mov eax, dword ptr fs:[00000030h]3_2_01A9E5E7
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A915F4 mov eax, dword ptr fs:[00000030h]3_2_01A915F4
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A915F4 mov eax, dword ptr fs:[00000030h]3_2_01A915F4
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A915F4 mov eax, dword ptr fs:[00000030h]3_2_01A915F4
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A915F4 mov eax, dword ptr fs:[00000030h]3_2_01A915F4
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A915F4 mov eax, dword ptr fs:[00000030h]3_2_01A915F4
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A915F4 mov eax, dword ptr fs:[00000030h]3_2_01A915F4
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B435D7 mov eax, dword ptr fs:[00000030h]3_2_01B435D7
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B435D7 mov eax, dword ptr fs:[00000030h]3_2_01B435D7
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B435D7 mov eax, dword ptr fs:[00000030h]3_2_01B435D7
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AAE5CF mov eax, dword ptr fs:[00000030h]3_2_01AAE5CF
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AAE5CF mov eax, dword ptr fs:[00000030h]3_2_01AAE5CF
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AA55C0 mov eax, dword ptr fs:[00000030h]3_2_01AA55C0
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A995DA mov eax, dword ptr fs:[00000030h]3_2_01A995DA
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A765D0 mov eax, dword ptr fs:[00000030h]3_2_01A765D0
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AAA5D0 mov eax, dword ptr fs:[00000030h]3_2_01AAA5D0
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AAA5D0 mov eax, dword ptr fs:[00000030h]3_2_01AAA5D0
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B455C9 mov eax, dword ptr fs:[00000030h]3_2_01B455C9
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AED5D0 mov eax, dword ptr fs:[00000030h]3_2_01AED5D0
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AED5D0 mov ecx, dword ptr fs:[00000030h]3_2_01AED5D0
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B45537 mov eax, dword ptr fs:[00000030h]3_2_01B45537
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A7D534 mov eax, dword ptr fs:[00000030h]3_2_01A7D534
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A7D534 mov eax, dword ptr fs:[00000030h]3_2_01A7D534
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A7D534 mov eax, dword ptr fs:[00000030h]3_2_01A7D534
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A7D534 mov eax, dword ptr fs:[00000030h]3_2_01A7D534
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A7D534 mov eax, dword ptr fs:[00000030h]3_2_01A7D534
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A7D534 mov eax, dword ptr fs:[00000030h]3_2_01A7D534
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B1F525 mov eax, dword ptr fs:[00000030h]3_2_01B1F525
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B1F525 mov eax, dword ptr fs:[00000030h]3_2_01B1F525
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B1F525 mov eax, dword ptr fs:[00000030h]3_2_01B1F525
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B1F525 mov eax, dword ptr fs:[00000030h]3_2_01B1F525
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B1F525 mov eax, dword ptr fs:[00000030h]3_2_01B1F525
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B1F525 mov eax, dword ptr fs:[00000030h]3_2_01B1F525
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B1F525 mov eax, dword ptr fs:[00000030h]3_2_01B1F525
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A9E53E mov eax, dword ptr fs:[00000030h]3_2_01A9E53E
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A9E53E mov eax, dword ptr fs:[00000030h]3_2_01A9E53E
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A9E53E mov eax, dword ptr fs:[00000030h]3_2_01A9E53E
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A9E53E mov eax, dword ptr fs:[00000030h]3_2_01A9E53E
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A9E53E mov eax, dword ptr fs:[00000030h]3_2_01A9E53E
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AAD530 mov eax, dword ptr fs:[00000030h]3_2_01AAD530
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AAD530 mov eax, dword ptr fs:[00000030h]3_2_01AAD530
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B2B52F mov eax, dword ptr fs:[00000030h]3_2_01B2B52F
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A80535 mov eax, dword ptr fs:[00000030h]3_2_01A80535
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A80535 mov eax, dword ptr fs:[00000030h]3_2_01A80535
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A80535 mov eax, dword ptr fs:[00000030h]3_2_01A80535
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A80535 mov eax, dword ptr fs:[00000030h]3_2_01A80535
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A80535 mov eax, dword ptr fs:[00000030h]3_2_01A80535
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A80535 mov eax, dword ptr fs:[00000030h]3_2_01A80535
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AA7505 mov eax, dword ptr fs:[00000030h]3_2_01AA7505
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AA7505 mov ecx, dword ptr fs:[00000030h]3_2_01AA7505
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B44500 mov eax, dword ptr fs:[00000030h]3_2_01B44500
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B44500 mov eax, dword ptr fs:[00000030h]3_2_01B44500
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B44500 mov eax, dword ptr fs:[00000030h]3_2_01B44500
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B44500 mov eax, dword ptr fs:[00000030h]3_2_01B44500
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B44500 mov eax, dword ptr fs:[00000030h]3_2_01B44500
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B44500 mov eax, dword ptr fs:[00000030h]3_2_01B44500
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B44500 mov eax, dword ptr fs:[00000030h]3_2_01B44500
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AA656A mov eax, dword ptr fs:[00000030h]3_2_01AA656A
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AA656A mov eax, dword ptr fs:[00000030h]3_2_01AA656A
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AA656A mov eax, dword ptr fs:[00000030h]3_2_01AA656A
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A6B562 mov eax, dword ptr fs:[00000030h]3_2_01A6B562
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AAB570 mov eax, dword ptr fs:[00000030h]3_2_01AAB570
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AAB570 mov eax, dword ptr fs:[00000030h]3_2_01AAB570
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A78550 mov eax, dword ptr fs:[00000030h]3_2_01A78550
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A78550 mov eax, dword ptr fs:[00000030h]3_2_01A78550
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A764AB mov eax, dword ptr fs:[00000030h]3_2_01A764AB
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AA34B0 mov eax, dword ptr fs:[00000030h]3_2_01AA34B0
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AA44B0 mov ecx, dword ptr fs:[00000030h]3_2_01AA44B0
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AFA4B0 mov eax, dword ptr fs:[00000030h]3_2_01AFA4B0
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A79486 mov eax, dword ptr fs:[00000030h]3_2_01A79486
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A79486 mov eax, dword ptr fs:[00000030h]3_2_01A79486
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A6B480 mov eax, dword ptr fs:[00000030h]3_2_01A6B480
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A704E5 mov ecx, dword ptr fs:[00000030h]3_2_01A704E5
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B194E0 mov eax, dword ptr fs:[00000030h]3_2_01B194E0
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01B454DB mov eax, dword ptr fs:[00000030h]3_2_01B454DB
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A6C427 mov eax, dword ptr fs:[00000030h]3_2_01A6C427
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A6E420 mov eax, dword ptr fs:[00000030h]3_2_01A6E420
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A6E420 mov eax, dword ptr fs:[00000030h]3_2_01A6E420
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A6E420 mov eax, dword ptr fs:[00000030h]3_2_01A6E420
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AF6420 mov eax, dword ptr fs:[00000030h]3_2_01AF6420
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AF6420 mov eax, dword ptr fs:[00000030h]3_2_01AF6420
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AF6420 mov eax, dword ptr fs:[00000030h]3_2_01AF6420
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AF6420 mov eax, dword ptr fs:[00000030h]3_2_01AF6420
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AF6420 mov eax, dword ptr fs:[00000030h]3_2_01AF6420
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AF6420 mov eax, dword ptr fs:[00000030h]3_2_01AF6420
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AF6420 mov eax, dword ptr fs:[00000030h]3_2_01AF6420
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AAA430 mov eax, dword ptr fs:[00000030h]3_2_01AAA430
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A9340D mov eax, dword ptr fs:[00000030h]3_2_01A9340D
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AA8402 mov eax, dword ptr fs:[00000030h]3_2_01AA8402
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AA8402 mov eax, dword ptr fs:[00000030h]3_2_01AA8402
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AA8402 mov eax, dword ptr fs:[00000030h]3_2_01AA8402
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01AF7410 mov eax, dword ptr fs:[00000030h]3_2_01AF7410
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A71460 mov eax, dword ptr fs:[00000030h]3_2_01A71460
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A71460 mov eax, dword ptr fs:[00000030h]3_2_01A71460
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A71460 mov eax, dword ptr fs:[00000030h]3_2_01A71460
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A71460 mov eax, dword ptr fs:[00000030h]3_2_01A71460
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A71460 mov eax, dword ptr fs:[00000030h]3_2_01A71460
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A8F460 mov eax, dword ptr fs:[00000030h]3_2_01A8F460
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A8F460 mov eax, dword ptr fs:[00000030h]3_2_01A8F460
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A8F460 mov eax, dword ptr fs:[00000030h]3_2_01A8F460
            Source: C:\Users\user\Desktop\SPA-198-2024.exeCode function: 3_2_01A8F460 mov eax, dword ptr fs:[00000030h]3_2_01A8F460
            Source: C:\Users\user\Desktop\SPA-198-2024.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Users\user\Desktop\SPA-198-2024.exeMemory allocated: page read and write | page guardJump to behavior

            HIPS / PFW / Operating System Protection Evasion

            barindex
            Injects a PE file into a foreign processes
            Source: C:\Users\user\Desktop\SPA-198-2024.exeMemory written: C:\Users\user\Desktop\SPA-198-2024.exe base: 400000 value starts with: 4D5AJump to behavior
            Source: C:\Users\user\Desktop\SPA-198-2024.exeProcess created: C:\Users\user\Desktop\SPA-198-2024.exe "C:\Users\user\Desktop\SPA-198-2024.exe"Jump to behavior
            Source: C:\Users\user\Desktop\SPA-198-2024.exeQueries volume information: C:\Users\user\Desktop\SPA-198-2024.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SPA-198-2024.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SPA-198-2024.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SPA-198-2024.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SPA-198-2024.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SPA-198-2024.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SPA-198-2024.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

            Stealing of Sensitive Information

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 3.2.SPA-198-2024.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 3.2.SPA-198-2024.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000003.00000002.2283198015.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.2284492644.0000000001D90000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

            Remote Access Functionality

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 3.2.SPA-198-2024.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 3.2.SPA-198-2024.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000003.00000002.2283198015.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.2284492644.0000000001D90000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
            DLL Side-Loading            		111
            Process Injection            		1
            Masquerading            		OS Credential Dumping2
            Security Software Discovery            		Remote Services1
            Archive Collected Data            		1
            Encrypted Channel            		Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
            DLL Side-Loading            		1
            Disable or Modify Tools            		LSASS Memory1
            Process Discovery            		Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)41
            Virtualization/Sandbox Evasion            		Security Account Manager41
            Virtualization/Sandbox Evasion            		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook111
            Process Injection            		NTDS12
            System Information Discovery            		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
            Deobfuscate/Decode Files or Information            		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts4
            Obfuscated Files or Information            		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items12
            Software Packing            		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
            Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
            DLL Side-Loading            		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            SPA-198-2024.exe58%ReversingLabsByteCode-MSIL.Trojan.SnakeLogger
            SPA-198-2024.exe100%Joe Sandbox ML

            Dropped Files

            No Antivirus matches

            Unpacked PE Files

            No Antivirus matches

            Domains

            No Antivirus matches

            URLs

            No Antivirus matches

            Domains and IPs

            Contacted Domains

            No contacted domains info

            World Map of Contacted IPs

            No contacted IP infos

            General Information

            Joe Sandbox version:41.0.0 Charoite
            Analysis ID:1544859
            Start date and time:2024-10-29 20:34:35 +01:00
            Joe Sandbox product:CloudBasic
            Overall analysis duration:0h 6m 32s
            Hypervisor based Inspection enabled:false
            Report type:full
            Cookbook file name:default.jbs
            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
            Number of analysed new started processes analysed:9
            Number of new started drivers analysed:0
            Number of existing processes analysed:0
            Number of existing drivers analysed:0
            Number of injected processes analysed:0
            Technologies:
            • HCA enabled
            • EGA enabled
            • AMSI enabled
            Analysis Mode:default
            Analysis stop reason:Timeout
            Sample name:SPA-198-2024.exe
            Detection:MAL
            Classification:mal80.troj.evad.winEXE@3/1@0/0
            EGA Information:
            • Successful, ratio: 100%
            HCA Information:
            • Successful, ratio: 98%
            • Number of executed functions: 41
            • Number of non-executed functions: 239
            Cookbook Comments:
            • Found application associated with file extension: .exe

            Warnings

            • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
            • Excluded domains from analysis (whitelisted): client.wns.windows.com, fs.microsoft.com, ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
            • VT rate limit hit for: SPA-198-2024.exe

            Simulations

            Behavior and APIs

            TimeTypeDescription
            15:35:28API Interceptor4x Sleep call for process: SPA-198-2024.exe modified

            Joe Sandbox View / Context

            IPs

            No context

            Domains

            No context

            ASNs

            No context

            JA3 Fingerprints

            No context

            Dropped Files

            No context

            Created / dropped Files

            C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SPA-198-2024.exe.log

            Download File
            Process:C:\Users\user\Desktop\SPA-198-2024.exe
            File Type:ASCII text, with CRLF line terminators
            Category:dropped
            Size (bytes):1216
            Entropy (8bit):5.34331486778365
            Encrypted:false
            SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
            MD5:1330C80CAAC9A0FB172F202485E9B1E8
            SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
            SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
            SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
            Malicious:true
            Reputation:high, very likely benign file
            Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

            Static File Info

            General

            File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
            Entropy (8bit):7.909868707606551
            TrID:
            • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
            • Win32 Executable (generic) a (10002005/4) 49.75%
            • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
            • Windows Screen Saver (13104/52) 0.07%
            • Generic Win/DOS Executable (2004/3) 0.01%
            File name:SPA-198-2024.exe
            File size:893'952 bytes
            MD5:018636d5cf9775c57e733e0f8f8de8a1
            SHA1:ea30ceaf5fd685557e735c704953e367c11914cc
            SHA256:04dab42e8f694a3fac6b3ea2532462e89e9118c928545710a872d34874376a49
            SHA512:be9cb78934e1c25599ca37eab3c6e28b9412fecfe550ddb7b2c793c5311f1dbe21060ebb24ae3d59368c6f8e4d44de507bcd6c6e87715e300793b395b32d1a73
            SSDEEP:12288:nqmgMfzuwYwBZ7yZGxi2Zn9nwQc1xQI8rjF2sUp083rBhxwnLoNq/B:qzszBpExghEBfNy
            TLSH:E21512A8335DDF42E03D0BFE0492204547B21B267131D79E9ECA60C79EA1F85475EEAB
            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......g..............0.................. ........@.. ....................................@................................

            File Icon

            Icon Hash:36366464e4f39537

            Static PE Info

            General

            Entrypoint:0x4dae92
            Entrypoint Section:.text
            Digitally signed:false
            Imagebase:0x400000
            Subsystem:windows gui
            Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
            DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Time Stamp:0x671EF0F6 [Mon Oct 28 02:03:34 2024 UTC]
            TLS Callbacks:
            CLR (.Net) Version:
            OS Version Major:4
            OS Version Minor:0
            File Version Major:4
            File Version Minor:0
            Subsystem Version Major:4
            Subsystem Version Minor:0
            Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

            Entrypoint Preview

            Instruction
            jmp dword ptr [00402000h]
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al

            Data Directories

            NameVirtual AddressVirtual Size Is in Section
            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
            IMAGE_DIRECTORY_ENTRY_IMPORT0xdae400x4f.text
            IMAGE_DIRECTORY_ENTRY_RESOURCE0xdc0000xf90.rsrc
            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
            IMAGE_DIRECTORY_ENTRY_BASERELOC0xde0000xc.reloc
            IMAGE_DIRECTORY_ENTRY_DEBUG0xd780c0x54.text
            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
            IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

            Sections

            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
            .text0x20000xd8e980xd90007857f9127fcce53a4f000d4d598b96b9False0.8944974978398618data7.916051940850805IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            .rsrc0xdc0000xf900x100028111aa05bf10c36ee249d81f8c7d773False0.607421875data6.501518057994487IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
            .reloc0xde0000xc0x200c6007e14bf213a777efd3dde0498c77aFalse0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

            Resources

            NameRVASizeTypeLanguageCountryZLIB Complexity
            RT_ICON0xdc1000x928PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.7495733788395904
            RT_GROUP_ICON0xdca380x14data1.05
            RT_VERSION0xdca5c0x334data0.4292682926829268
            RT_MANIFEST0xdcda00x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

            Imports

            DLLImport
            mscoree.dll_CorExeMain

            Network Behavior

            No network behavior found

            Statistics

            CPU Usage

            Click to jump to process

            Memory Usage

            Click to jump to process

            High Level Behavior Distribution

            Click to dive into process behavior distribution

            Behavior

            Click to jump to process

            System Behavior

            General

            Target ID:0
            Start time:15:35:28
            Start date:29/10/2024
            Path:C:\Users\user\Desktop\SPA-198-2024.exe
            Wow64 process (32bit):true
            Commandline:"C:\Users\user\Desktop\SPA-198-2024.exe"
            Imagebase:0x440000
            File size:893'952 bytes
            MD5 hash:018636D5CF9775C57E733E0F8F8DE8A1
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:low
            Has exited:true

            General

            Target ID:3
            Start time:15:35:30
            Start date:29/10/2024
            Path:C:\Users\user\Desktop\SPA-198-2024.exe
            Wow64 process (32bit):true
            Commandline:"C:\Users\user\Desktop\SPA-198-2024.exe"
            Imagebase:0xfb0000
            File size:893'952 bytes
            MD5 hash:018636D5CF9775C57E733E0F8F8DE8A1
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Yara matches:
            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.2283198015.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.2284492644.0000000001D90000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
            Reputation:low
            Has exited:true

            Disassembly

            Reset < >

              Execution Graph

              Execution Coverage:9.7%
              Dynamic/Decrypted Code Coverage:100%
              Signature Coverage:7.5%
              Total number of Nodes:212
              Total number of Limit Nodes:8
              execution_graph 32244 27b2e4a 32248 27b3620 32244->32248 32265 27b3610 32244->32265 32245 27b2e40 32249 27b363a 32248->32249 32282 27b3f54 32249->32282 32286 27b39f5 32249->32286 32290 27b3e52 32249->32290 32295 27b3ebf 32249->32295 32303 27b3db9 32249->32303 32312 27b3ada 32249->32312 32317 27b3c45 32249->32317 32322 27b42e5 32249->32322 32330 27b3f00 32249->32330 32338 27b3c63 32249->32338 32346 27b3a63 32249->32346 32351 27b3e2c 32249->32351 32356 27b3a6c 32249->32356 32361 27b3b4f 32249->32361 32250 27b3642 32250->32245 32266 27b3620 32265->32266 32268 27b3ada 2 API calls 32266->32268 32269 27b3db9 4 API calls 32266->32269 32270 27b3ebf 4 API calls 32266->32270 32271 27b3e52 2 API calls 32266->32271 32272 27b39f5 2 API calls 32266->32272 32273 27b3f54 2 API calls 32266->32273 32274 27b3b4f 2 API calls 32266->32274 32275 27b3a6c 2 API calls 32266->32275 32276 27b3e2c 2 API calls 32266->32276 32277 27b3a63 2 API calls 32266->32277 32278 27b3c63 4 API calls 32266->32278 32279 27b3f00 2 API calls 32266->32279 32280 27b42e5 4 API calls 32266->32280 32281 27b3c45 2 API calls 32266->32281 32267 27b3642 32267->32245 32268->32267 32269->32267 32270->32267 32271->32267 32272->32267 32273->32267 32274->32267 32275->32267 32276->32267 32277->32267 32278->32267 32279->32267 32280->32267 32281->32267 32369 27b24ca 32282->32369 32373 27b24d0 32282->32373 32283 27b3f72 32283->32250 32377 27b2818 32286->32377 32381 27b280e 32286->32381 32291 27b3de7 32290->32291 32385 27b2678 32291->32385 32389 27b2680 32291->32389 32292 27b40e0 32297 27b3ed6 32295->32297 32296 27b4311 32401 27b1fb8 32296->32401 32405 27b1fc0 32296->32405 32393 27b1f08 32297->32393 32397 27b1f10 32297->32397 32298 27b4385 32304 27b3de7 32303->32304 32305 27b3dc2 32303->32305 32307 27b41fc 32304->32307 32310 27b2678 ReadProcessMemory 32304->32310 32311 27b2680 ReadProcessMemory 32304->32311 32305->32304 32308 27b1fb8 Wow64SetThreadContext 32305->32308 32309 27b1fc0 Wow64SetThreadContext 32305->32309 32306 27b40e0 32308->32304 32309->32304 32310->32306 32311->32306 32313 27b3aea 32312->32313 32409 27b258a 32313->32409 32413 27b2590 32313->32413 32314 27b4266 32318 27b3c4b 32317->32318 32320 27b2678 ReadProcessMemory 32318->32320 32321 27b2680 ReadProcessMemory 32318->32321 32319 27b40e0 32319->32319 32320->32319 32321->32319 32323 27b42eb 32322->32323 32328 27b1f08 ResumeThread 32323->32328 32329 27b1f10 ResumeThread 32323->32329 32324 27b4311 32326 27b1fb8 Wow64SetThreadContext 32324->32326 32327 27b1fc0 Wow64SetThreadContext 32324->32327 32325 27b4385 32326->32325 32327->32325 32328->32324 32329->32324 32331 27b3b6a 32330->32331 32333 27b3d23 32331->32333 32334 27b258a WriteProcessMemory 32331->32334 32335 27b2590 WriteProcessMemory 32331->32335 32332 27b3a54 32332->32250 32332->32333 32336 27b258a WriteProcessMemory 32332->32336 32337 27b2590 WriteProcessMemory 32332->32337 32333->32250 32334->32332 32335->32332 32336->32333 32337->32333 32340 27b3c68 32338->32340 32339 27b3fd7 32342 27b1fb8 Wow64SetThreadContext 32339->32342 32343 27b1fc0 Wow64SetThreadContext 32339->32343 32340->32339 32344 27b1f08 ResumeThread 32340->32344 32345 27b1f10 ResumeThread 32340->32345 32341 27b4385 32342->32341 32343->32341 32344->32339 32345->32339 32347 27b3a66 32346->32347 32347->32250 32348 27b3fab 32347->32348 32349 27b258a WriteProcessMemory 32347->32349 32350 27b2590 WriteProcessMemory 32347->32350 32348->32250 32349->32348 32350->32348 32352 27b3c5c 32351->32352 32354 27b2678 ReadProcessMemory 32352->32354 32355 27b2680 ReadProcessMemory 32352->32355 32353 27b40e0 32354->32353 32355->32353 32357 27b3a75 32356->32357 32359 27b258a WriteProcessMemory 32357->32359 32360 27b2590 WriteProcessMemory 32357->32360 32358 27b3fab 32358->32250 32359->32358 32360->32358 32362 27b3b59 32361->32362 32365 27b258a WriteProcessMemory 32362->32365 32366 27b2590 WriteProcessMemory 32362->32366 32363 27b3a54 32363->32250 32364 27b3d23 32363->32364 32367 27b258a WriteProcessMemory 32363->32367 32368 27b2590 WriteProcessMemory 32363->32368 32364->32250 32365->32363 32366->32363 32367->32364 32368->32364 32370 27b24d0 VirtualAllocEx 32369->32370 32372 27b254d 32370->32372 32372->32283 32374 27b2510 VirtualAllocEx 32373->32374 32376 27b254d 32374->32376 32376->32283 32378 27b28a1 32377->32378 32378->32378 32379 27b2a06 CreateProcessA 32378->32379 32380 27b2a63 32379->32380 32382 27b28a1 CreateProcessA 32381->32382 32384 27b2a63 32382->32384 32386 27b2680 ReadProcessMemory 32385->32386 32388 27b270f 32386->32388 32388->32292 32390 27b26cb ReadProcessMemory 32389->32390 32392 27b270f 32390->32392 32392->32292 32394 27b1f10 ResumeThread 32393->32394 32396 27b1f81 32394->32396 32396->32296 32398 27b1f50 ResumeThread 32397->32398 32400 27b1f81 32398->32400 32400->32296 32402 27b1fc0 Wow64SetThreadContext 32401->32402 32404 27b204d 32402->32404 32404->32298 32406 27b2005 Wow64SetThreadContext 32405->32406 32408 27b204d 32406->32408 32408->32298 32410 27b2590 WriteProcessMemory 32409->32410 32412 27b262f 32410->32412 32412->32314 32414 27b25d8 WriteProcessMemory 32413->32414 32416 27b262f 32414->32416 32416->32314 32165 ea4668 32166 ea4685 32165->32166 32167 ea4691 32166->32167 32169 ea47b8 32166->32169 32170 ea47dd 32169->32170 32171 ea47e7 32170->32171 32174 ea48c8 32170->32174 32178 ea48b9 32170->32178 32171->32167 32175 ea48ef 32174->32175 32177 ea49cc 32175->32177 32182 ea4510 32175->32182 32180 ea48c8 32178->32180 32179 ea49cc 32179->32179 32180->32179 32181 ea4510 CreateActCtxA 32180->32181 32181->32179 32183 ea5958 CreateActCtxA 32182->32183 32185 ea5a1b 32183->32185 32417 27b47c8 32418 27b4953 32417->32418 32419 27b47ee 32417->32419 32419->32418 32421 27b0c58 32419->32421 32422 27b4a48 PostMessageW 32421->32422 32423 27b4ab4 32422->32423 32423->32419 32186 ead420 32187 ead466 32186->32187 32191 ead5ef 32187->32191 32194 ead600 32187->32194 32188 ead553 32197 eacfbc 32191->32197 32195 ead62e 32194->32195 32196 eacfbc DuplicateHandle 32194->32196 32195->32188 32196->32195 32198 ead668 DuplicateHandle 32197->32198 32199 ead62e 32198->32199 32199->32188 32424 eaac90 32428 eaad88 32424->32428 32433 eaad78 32424->32433 32425 eaac9f 32429 eaad99 32428->32429 32430 eaadbc 32428->32430 32429->32430 32431 eaafc0 GetModuleHandleW 32429->32431 32430->32425 32432 eaafed 32431->32432 32432->32425 32435 eaad88 32433->32435 32434 eaadbc 32434->32425 32435->32434 32436 eaafc0 GetModuleHandleW 32435->32436 32437 eaafed 32436->32437 32437->32425 32200 c0d01c 32201 c0d034 32200->32201 32202 c0d08e 32201->32202 32205 2952809 32201->32205 32210 2952818 32201->32210 32206 2952818 32205->32206 32207 2952877 32206->32207 32215 2952d98 32206->32215 32220 2952da8 32206->32220 32207->32207 32211 2952845 32210->32211 32212 2952877 32211->32212 32213 2952d98 2 API calls 32211->32213 32214 2952da8 2 API calls 32211->32214 32212->32212 32213->32212 32214->32212 32217 2952dbc 32215->32217 32216 2952e48 32216->32207 32225 2952e50 32217->32225 32229 2952e60 32217->32229 32222 2952dbc 32220->32222 32221 2952e48 32221->32207 32223 2952e50 2 API calls 32222->32223 32224 2952e60 2 API calls 32222->32224 32223->32221 32224->32221 32226 2952e62 32225->32226 32227 2952e71 32226->32227 32232 2954022 32226->32232 32227->32216 32230 2952e71 32229->32230 32231 2954022 2 API calls 32229->32231 32230->32216 32231->32230 32236 2954050 32232->32236 32240 2954040 32232->32240 32233 295403a 32233->32227 32237 2954092 32236->32237 32238 2954099 32236->32238 32237->32238 32239 29540ea CallWindowProcW 32237->32239 32238->32233 32239->32238 32241 2954050 32240->32241 32242 29540ea CallWindowProcW 32241->32242 32243 2954099 32241->32243 32242->32243 32243->32233

              Executed Functions

              Function 027B53C8 Relevance: .3, Instructions: 338COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2176388971.00000000027B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027B0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_27b0000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7cb1cf2e076ae1e7080b7f69ad9fa6d0ee67dce2add9f7d0aaafc9f590738a5d
              • Instruction ID: 7128c49e713743e0138b172d6a9965c30bb395f83744add8a25a78ed4d45973f
              • Opcode Fuzzy Hash: 7cb1cf2e076ae1e7080b7f69ad9fa6d0ee67dce2add9f7d0aaafc9f590738a5d
              • Instruction Fuzzy Hash: F2C198317007008FDB2ADB75C464BAEB7F7AF8A705F98846EE1469B291CB34E901CB51
              Function 027B3B4F Relevance: .1, Instructions: 60COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2176388971.00000000027B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027B0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_27b0000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ef02be45870c362c5e5272b7cb7e5fc94839d36ec6a3364b5f0a97ea948f8aeb
              • Instruction ID: 338319fb716f40cb3869142027d24a9e2645450f4b555ce760bb3a3d213671ec
              • Opcode Fuzzy Hash: ef02be45870c362c5e5272b7cb7e5fc94839d36ec6a3364b5f0a97ea948f8aeb
              • Instruction Fuzzy Hash: 4B21D375D59228DFCB26DF64E8A87E8BBB5BF4A301F1051E6E40DB2292D7314A85CF04
              Function 027B3F00 Relevance: .1, Instructions: 58COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2176388971.00000000027B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027B0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_27b0000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: cc00da601680f4384238e4b1a5a23f17e6b0603f0737d9444c33c9fd4799a3f4
              • Instruction ID: 772f5cb811fc35a1a5bbb0424529e072f487762e0b641fd628cf9020b98b1155
              • Opcode Fuzzy Hash: cc00da601680f4384238e4b1a5a23f17e6b0603f0737d9444c33c9fd4799a3f4
              • Instruction Fuzzy Hash: 2E111271945228DFCB22DF94D8A87E8BBB5BF4A305F1450E6E40DA2252D7304B89CF00
              Function 027B280E Relevance: 1.7, APIs: 1, Instructions: 245processCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 528 27b280e-27b28ad 530 27b28af-27b28b9 528->530 531 27b28e6-27b2906 528->531 530->531 532 27b28bb-27b28bd 530->532 538 27b2908-27b2912 531->538 539 27b293f-27b296e 531->539 533 27b28bf-27b28c9 532->533 534 27b28e0-27b28e3 532->534 536 27b28cb 533->536 537 27b28cd-27b28dc 533->537 534->531 536->537 537->537 540 27b28de 537->540 538->539 541 27b2914-27b2916 538->541 545 27b2970-27b297a 539->545 546 27b29a7-27b2a61 CreateProcessA 539->546 540->534 543 27b2939-27b293c 541->543 544 27b2918-27b2922 541->544 543->539 547 27b2926-27b2935 544->547 548 27b2924 544->548 545->546 549 27b297c-27b297e 545->549 559 27b2a6a-27b2af0 546->559 560 27b2a63-27b2a69 546->560 547->547 550 27b2937 547->550 548->547 551 27b29a1-27b29a4 549->551 552 27b2980-27b298a 549->552 550->543 551->546 554 27b298e-27b299d 552->554 555 27b298c 552->555 554->554 556 27b299f 554->556 555->554 556->551 570 27b2af2-27b2af6 559->570 571 27b2b00-27b2b04 559->571 560->559 570->571 572 27b2af8 570->572 573 27b2b06-27b2b0a 571->573 574 27b2b14-27b2b18 571->574 572->571 573->574 575 27b2b0c 573->575 576 27b2b1a-27b2b1e 574->576 577 27b2b28-27b2b2c 574->577 575->574 576->577 580 27b2b20 576->580 578 27b2b3e-27b2b45 577->578 579 27b2b2e-27b2b34 577->579 581 27b2b5c 578->581 582 27b2b47-27b2b56 578->582 579->578 580->577 584 27b2b5d 581->584 582->581 584->584
              APIs
              • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 027B2A4E
              Memory Dump Source
              • Source File: 00000000.00000002.2176388971.00000000027B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027B0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_27b0000_SPA-198-2024.jbxd
              Similarity
              • API ID: CreateProcess
              • String ID:
              • API String ID: 963392458-0
              • Opcode ID: 7b33d7a867654770d81962bb4f3543187d5674c2af3a73a63ef534dc8dd70ca9
              • Instruction ID: f64f8717945b61110e6de137e4d670ccdff82f7b73a9db4d9a667df0a27280a9
              • Opcode Fuzzy Hash: 7b33d7a867654770d81962bb4f3543187d5674c2af3a73a63ef534dc8dd70ca9
              • Instruction Fuzzy Hash: FC917B71D01219CFEB11DFA8C8517EEBBB2BF48314F14856AD848B7241DB749985CF91
              Function 027B2818 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 585 27b2818-27b28ad 587 27b28af-27b28b9 585->587 588 27b28e6-27b2906 585->588 587->588 589 27b28bb-27b28bd 587->589 595 27b2908-27b2912 588->595 596 27b293f-27b296e 588->596 590 27b28bf-27b28c9 589->590 591 27b28e0-27b28e3 589->591 593 27b28cb 590->593 594 27b28cd-27b28dc 590->594 591->588 593->594 594->594 597 27b28de 594->597 595->596 598 27b2914-27b2916 595->598 602 27b2970-27b297a 596->602 603 27b29a7-27b2a61 CreateProcessA 596->603 597->591 600 27b2939-27b293c 598->600 601 27b2918-27b2922 598->601 600->596 604 27b2926-27b2935 601->604 605 27b2924 601->605 602->603 606 27b297c-27b297e 602->606 616 27b2a6a-27b2af0 603->616 617 27b2a63-27b2a69 603->617 604->604 607 27b2937 604->607 605->604 608 27b29a1-27b29a4 606->608 609 27b2980-27b298a 606->609 607->600 608->603 611 27b298e-27b299d 609->611 612 27b298c 609->612 611->611 613 27b299f 611->613 612->611 613->608 627 27b2af2-27b2af6 616->627 628 27b2b00-27b2b04 616->628 617->616 627->628 629 27b2af8 627->629 630 27b2b06-27b2b0a 628->630 631 27b2b14-27b2b18 628->631 629->628 630->631 632 27b2b0c 630->632 633 27b2b1a-27b2b1e 631->633 634 27b2b28-27b2b2c 631->634 632->631 633->634 637 27b2b20 633->637 635 27b2b3e-27b2b45 634->635 636 27b2b2e-27b2b34 634->636 638 27b2b5c 635->638 639 27b2b47-27b2b56 635->639 636->635 637->634 641 27b2b5d 638->641 639->638 641->641
              APIs
              • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 027B2A4E
              Memory Dump Source
              • Source File: 00000000.00000002.2176388971.00000000027B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027B0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_27b0000_SPA-198-2024.jbxd
              Similarity
              • API ID: CreateProcess
              • String ID:
              • API String ID: 963392458-0
              • Opcode ID: 19ed8f907c71e3153710aba87bab9fdb09aaa1e1e6c3411390e24f249de9b65d
              • Instruction ID: 4164004e082e7642bba2c3552fc68cb1b004967c0b5ef0fa7610f5f18a1a40e0
              • Opcode Fuzzy Hash: 19ed8f907c71e3153710aba87bab9fdb09aaa1e1e6c3411390e24f249de9b65d
              • Instruction Fuzzy Hash: C5917A71D01219CFEB21DF68C8417EEBBB2BF48314F1485AAE848A7281DB759981CF91
              Function 00EAAD88 Relevance: 1.7, APIs: 1, Instructions: 197COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 642 eaad88-eaad97 643 eaad99-eaada6 call eaa100 642->643 644 eaadc3-eaadc7 642->644 651 eaada8 643->651 652 eaadbc 643->652 645 eaaddb-eaae1c 644->645 646 eaadc9-eaadd3 644->646 653 eaae29-eaae37 645->653 654 eaae1e-eaae26 645->654 646->645 698 eaadae call eab020 651->698 699 eaadae call eab010 651->699 652->644 655 eaae5b-eaae5d 653->655 656 eaae39-eaae3e 653->656 654->653 658 eaae60-eaae67 655->658 659 eaae49 656->659 660 eaae40-eaae47 call eaa10c 656->660 657 eaadb4-eaadb6 657->652 661 eaaef8-eaafb8 657->661 662 eaae69-eaae71 658->662 663 eaae74-eaae7b 658->663 665 eaae4b-eaae59 659->665 660->665 693 eaafba-eaafbd 661->693 694 eaafc0-eaafeb GetModuleHandleW 661->694 662->663 666 eaae88-eaae91 call eaa11c 663->666 667 eaae7d-eaae85 663->667 665->658 673 eaae9e-eaaea3 666->673 674 eaae93-eaae9b 666->674 667->666 675 eaaec1-eaaece 673->675 676 eaaea5-eaaeac 673->676 674->673 682 eaaed0-eaaeee 675->682 683 eaaef1-eaaef7 675->683 676->675 678 eaaeae-eaaebe call eaa12c call eaa13c 676->678 678->675 682->683 693->694 695 eaafed-eaaff3 694->695 696 eaaff4-eab008 694->696 695->696 698->657 699->657
              APIs
              • GetModuleHandleW.KERNELBASE(00000000), ref: 00EAAFDE
              Memory Dump Source
              • Source File: 00000000.00000002.2176067913.0000000000EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_ea0000_SPA-198-2024.jbxd
              Similarity
              • API ID: HandleModule
              • String ID:
              • API String ID: 4139908857-0
              • Opcode ID: 0633caa73d6f80724fe2b0ecfd06f5dbc0854bad9cce22ffae338d6c1e93a761
              • Instruction ID: c05d2ec15095521637d80178963d1ab5372e92371f7c4dc2058a570be5d38e89
              • Opcode Fuzzy Hash: 0633caa73d6f80724fe2b0ecfd06f5dbc0854bad9cce22ffae338d6c1e93a761
              • Instruction Fuzzy Hash: F77123B0A00B058FDB24DF29D04575ABBF1FF89304F148A29E586EBA40DB35F849CB91
              Function 00EA594D Relevance: 1.6, APIs: 1, Instructions: 98COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 700 ea594d-ea5956 701 ea5958-ea5a19 CreateActCtxA 700->701 703 ea5a1b-ea5a21 701->703 704 ea5a22-ea5a7c 701->704 703->704 711 ea5a8b-ea5a8f 704->711 712 ea5a7e-ea5a81 704->712 713 ea5aa0 711->713 714 ea5a91-ea5a9d 711->714 712->711 715 ea5aa1 713->715 714->713 715->715
              APIs
              • CreateActCtxA.KERNEL32(?), ref: 00EA5A09
              Memory Dump Source
              • Source File: 00000000.00000002.2176067913.0000000000EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_ea0000_SPA-198-2024.jbxd
              Similarity
              • API ID: Create
              • String ID:
              • API String ID: 2289755597-0
              • Opcode ID: c46351af42a25f557e1b1532338143806054d3828490f0186032fd136de896b8
              • Instruction ID: 903a12c4cf3d7b278dc47d61e55dee1430064b44f200a29d5a9216812c72a99e
              • Opcode Fuzzy Hash: c46351af42a25f557e1b1532338143806054d3828490f0186032fd136de896b8
              • Instruction Fuzzy Hash: 5741E1B1D0071DCBDB24DFA9C884B8EFBB5BF89304F20816AD409AB255E775694ACF50
              Function 00EA4510 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 717 ea4510-ea5a19 CreateActCtxA 720 ea5a1b-ea5a21 717->720 721 ea5a22-ea5a7c 717->721 720->721 728 ea5a8b-ea5a8f 721->728 729 ea5a7e-ea5a81 721->729 730 ea5aa0 728->730 731 ea5a91-ea5a9d 728->731 729->728 732 ea5aa1 730->732 731->730 732->732
              APIs
              • CreateActCtxA.KERNEL32(?), ref: 00EA5A09
              Memory Dump Source
              • Source File: 00000000.00000002.2176067913.0000000000EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_ea0000_SPA-198-2024.jbxd
              Similarity
              • API ID: Create
              • String ID:
              • API String ID: 2289755597-0
              • Opcode ID: e5b911594b4e020f1774d9dd3bb224e062fcc276515a9d3c01137ac269ceb1c5
              • Instruction ID: 5adce05e1bfab39d20215e8155989ed7e1552e31fe7af87f93a4d3f710ce7455
              • Opcode Fuzzy Hash: e5b911594b4e020f1774d9dd3bb224e062fcc276515a9d3c01137ac269ceb1c5
              • Instruction Fuzzy Hash: D641F2B1D00B1DCBDB24CFA9C884B8EBBB5BF89304F20816AD509AB255D7756949CF90
              Function 02954050 Relevance: 1.6, APIs: 1, Instructions: 93COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 734 2954050-295408c 735 2954092-2954097 734->735 736 295413c-295415c 734->736 737 2954099-29540d0 735->737 738 29540ea-2954122 CallWindowProcW 735->738 742 295415f-295416c 736->742 744 29540d2-29540d8 737->744 745 29540d9-29540e8 737->745 740 2954124-295412a 738->740 741 295412b-295413a 738->741 740->741 741->742 744->745 745->742
              APIs
              • CallWindowProcW.USER32(?,?,?,?,?), ref: 02954111
              Memory Dump Source
              • Source File: 00000000.00000002.2176986506.0000000002950000.00000040.00000800.00020000.00000000.sdmp, Offset: 02950000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2950000_SPA-198-2024.jbxd
              Similarity
              • API ID: CallProcWindow
              • String ID:
              • API String ID: 2714655100-0
              • Opcode ID: 75cd0fa21cdca612cef1ba5dead190d1a34b897babebad678373c67a94737b1a
              • Instruction ID: 044d1f0900d494bed0665cd951a6392280310b93d8d01a286ced300861342f3b
              • Opcode Fuzzy Hash: 75cd0fa21cdca612cef1ba5dead190d1a34b897babebad678373c67a94737b1a
              • Instruction Fuzzy Hash: 9B414BB8A00319CFCB54CF99C448AAABBF5FF88314F24C499D519AB321D374A845CFA0
              Function 027B258A Relevance: 1.6, APIs: 1, Instructions: 71injectionCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 748 27b258a-27b25de 751 27b25ee-27b262d WriteProcessMemory 748->751 752 27b25e0-27b25ec 748->752 754 27b262f-27b2635 751->754 755 27b2636-27b2666 751->755 752->751 754->755
              APIs
              • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 027B2620
              Memory Dump Source
              • Source File: 00000000.00000002.2176388971.00000000027B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027B0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_27b0000_SPA-198-2024.jbxd
              Similarity
              • API ID: MemoryProcessWrite
              • String ID:
              • API String ID: 3559483778-0
              • Opcode ID: 5646f40a18e214f1e4a8507c11e3e298828c6aadb63af3f789db64a8ace02027
              • Instruction ID: 97079753a64386863c325f7383f7efeaf54471b0ee1f5825ca65c2f907eb541c
              • Opcode Fuzzy Hash: 5646f40a18e214f1e4a8507c11e3e298828c6aadb63af3f789db64a8ace02027
              • Instruction Fuzzy Hash: F42144B19003099FDB10DFA9C885BEEBBF5FF48310F10882AE919A7240C7789944CBA4
              Function 027B2590 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 759 27b2590-27b25de 761 27b25ee-27b262d WriteProcessMemory 759->761 762 27b25e0-27b25ec 759->762 764 27b262f-27b2635 761->764 765 27b2636-27b2666 761->765 762->761 764->765
              APIs
              • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 027B2620
              Memory Dump Source
              • Source File: 00000000.00000002.2176388971.00000000027B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027B0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_27b0000_SPA-198-2024.jbxd
              Similarity
              • API ID: MemoryProcessWrite
              • String ID:
              • API String ID: 3559483778-0
              • Opcode ID: 094d173eec1b5220deb0ff0393506451fdf2cfc679453830ccd342ed642a145a
              • Instruction ID: daab6685477845ff03cf730dff5c899dfe94aa495198bac540a080abe84925af
              • Opcode Fuzzy Hash: 094d173eec1b5220deb0ff0393506451fdf2cfc679453830ccd342ed642a145a
              • Instruction Fuzzy Hash: 712144B19003099FDB10DFA9C884BDEBBF5FF48310F10842AE919A7240C7789940CBA0
              Function 027B2678 Relevance: 1.6, APIs: 1, Instructions: 66COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 780 27b2678-27b270d ReadProcessMemory 784 27b270f-27b2715 780->784 785 27b2716-27b2746 780->785 784->785
              APIs
              • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 027B2700
              Memory Dump Source
              • Source File: 00000000.00000002.2176388971.00000000027B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027B0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_27b0000_SPA-198-2024.jbxd
              Similarity
              • API ID: MemoryProcessRead
              • String ID:
              • API String ID: 1726664587-0
              • Opcode ID: fcfb6d4ae1d619d0c83d3cdfe8258b8f83b2db05807af09f8e27ceecd5840a96
              • Instruction ID: 556f6a1b428dddb352305e83848e88dc7f8cab2d2f3f86608aacf4dec966ac67
              • Opcode Fuzzy Hash: fcfb6d4ae1d619d0c83d3cdfe8258b8f83b2db05807af09f8e27ceecd5840a96
              • Instruction Fuzzy Hash: 8C214AB1D003099FDB10DFA9D8857DEBBF5FF48310F50842AE919A7240C7399905DBA4
              Function 027B1FB8 Relevance: 1.6, APIs: 1, Instructions: 66threadCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 769 27b1fb8-27b200b 772 27b201b-27b204b Wow64SetThreadContext 769->772 773 27b200d-27b2019 769->773 775 27b204d-27b2053 772->775 776 27b2054-27b2084 772->776 773->772 775->776
              APIs
              • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 027B203E
              Memory Dump Source
              • Source File: 00000000.00000002.2176388971.00000000027B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027B0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_27b0000_SPA-198-2024.jbxd
              Similarity
              • API ID: ContextThreadWow64
              • String ID:
              • API String ID: 983334009-0
              • Opcode ID: 94e00924234b5d3e0f2c650a5c50f96ac8b556872b7179a22377180032b41eb5
              • Instruction ID: b792cb88c453c60abea53f87fd924e754d79a09e4a7f08a3998d372db8d67130
              • Opcode Fuzzy Hash: 94e00924234b5d3e0f2c650a5c50f96ac8b556872b7179a22377180032b41eb5
              • Instruction Fuzzy Hash: E6218471D003098FDB10DFAAC8857EEBBF4EF88324F54842AD919A7240C778A945CFA0
              Function 00EACFBC Relevance: 1.6, APIs: 1, Instructions: 65COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 790 eacfbc-ead6fc DuplicateHandle 792 ead6fe-ead704 790->792 793 ead705-ead722 790->793 792->793
              APIs
              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,00EAD62E,?,?,?,?,?), ref: 00EAD6EF
              Memory Dump Source
              • Source File: 00000000.00000002.2176067913.0000000000EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_ea0000_SPA-198-2024.jbxd
              Similarity
              • API ID: DuplicateHandle
              • String ID:
              • API String ID: 3793708945-0
              • Opcode ID: d6e5db86175853c24d593fe89361862506e90359545f767d5dd3f325e6c43aad
              • Instruction ID: 7aeddd97fe6c029b5d08b7f404f52aafd5df01efecfd641eb4dce7f11d5c3cdf
              • Opcode Fuzzy Hash: d6e5db86175853c24d593fe89361862506e90359545f767d5dd3f325e6c43aad
              • Instruction Fuzzy Hash: D72103B5900208EFDB10CFAAD884ADEBBF4EB48310F14845AE919B7350D378A954CFA0
              Function 00EAD661 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 796 ead661-ead666 797 ead668-ead6fc DuplicateHandle 796->797 798 ead6fe-ead704 797->798 799 ead705-ead722 797->799 798->799
              APIs
              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,00EAD62E,?,?,?,?,?), ref: 00EAD6EF
              Memory Dump Source
              • Source File: 00000000.00000002.2176067913.0000000000EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_ea0000_SPA-198-2024.jbxd
              Similarity
              • API ID: DuplicateHandle
              • String ID:
              • API String ID: 3793708945-0
              • Opcode ID: 74e30bb9326f7b7595a5e63070750131970c25cd1c5990def34e2eeba4050c80
              • Instruction ID: 915d70c2767620e8e948992062672a80d31ac56982df8e2e5a98bc42047acd38
              • Opcode Fuzzy Hash: 74e30bb9326f7b7595a5e63070750131970c25cd1c5990def34e2eeba4050c80
              • Instruction Fuzzy Hash: 2321E3B5901249EFDB10CFAAD984ADEFBF4FB48310F14841AE919A7250D378A954CFA0
              Function 027B2680 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
              Download Yara Rule
              APIs
              • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 027B2700
              Memory Dump Source
              • Source File: 00000000.00000002.2176388971.00000000027B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027B0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_27b0000_SPA-198-2024.jbxd
              Similarity
              • API ID: MemoryProcessRead
              • String ID:
              • API String ID: 1726664587-0
              • Opcode ID: db7b8917bced4d47d5950ee87a67a4941c13230ff4c9dfcd415adfe9952f8b34
              • Instruction ID: cb2a187427095e27a6c0faa699fa119973f93ae2fa0b92616e9f55872492fc63
              • Opcode Fuzzy Hash: db7b8917bced4d47d5950ee87a67a4941c13230ff4c9dfcd415adfe9952f8b34
              • Instruction Fuzzy Hash: C52145B1C003099FDB10DFAAC880BEEBBF5FF48310F50842AE919A7240C7399900CBA0
              Function 027B1FC0 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
              Download Yara Rule
              APIs
              • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 027B203E
              Memory Dump Source
              • Source File: 00000000.00000002.2176388971.00000000027B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027B0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_27b0000_SPA-198-2024.jbxd
              Similarity
              • API ID: ContextThreadWow64
              • String ID:
              • API String ID: 983334009-0
              • Opcode ID: 6e721f42edeae2ff0a67c3ac770e3577625ae9bc8142e76b9925c21e8400200d
              • Instruction ID: 7afeea79ff4b4ba85c0f19bfa7bd45cf2b6414231d9943a3edaef951487652c1
              • Opcode Fuzzy Hash: 6e721f42edeae2ff0a67c3ac770e3577625ae9bc8142e76b9925c21e8400200d
              • Instruction Fuzzy Hash: 85214771D003098FDB14DFAAC4857EEBBF4EF88314F14842AD959A7241D7799945CFA0
              Function 027B24CA Relevance: 1.6, APIs: 1, Instructions: 55memoryCOMMON
              Download Yara Rule
              APIs
              • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 027B253E
              Memory Dump Source
              • Source File: 00000000.00000002.2176388971.00000000027B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027B0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_27b0000_SPA-198-2024.jbxd
              Similarity
              • API ID: AllocVirtual
              • String ID:
              • API String ID: 4275171209-0
              • Opcode ID: e70f8e5a8c77d541ca2b1ad8ed41c32ff63e434956704690d286c0ebfc114ae4
              • Instruction ID: 4bb667155f41d480c26e73fe9ccd87d6179abe63b4b5177c7ec1ac2670f815f3
              • Opcode Fuzzy Hash: e70f8e5a8c77d541ca2b1ad8ed41c32ff63e434956704690d286c0ebfc114ae4
              • Instruction Fuzzy Hash: 191126719003499FDB14DFAAD845BEFBBF5EF88310F24881AE919A7250C775A944CFA0
              Function 027B24D0 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
              Download Yara Rule
              APIs
              • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 027B253E
              Memory Dump Source
              • Source File: 00000000.00000002.2176388971.00000000027B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027B0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_27b0000_SPA-198-2024.jbxd
              Similarity
              • API ID: AllocVirtual
              • String ID:
              • API String ID: 4275171209-0
              • Opcode ID: d0fc80dafb0fff389069671f64ac85a0b423c37b1205871ca285192e6b947610
              • Instruction ID: dc5ea7ae93c76ceb5bea1b228b2651d6475149ef7300919be96e5f3f627202b3
              • Opcode Fuzzy Hash: d0fc80dafb0fff389069671f64ac85a0b423c37b1205871ca285192e6b947610
              • Instruction Fuzzy Hash: 021126719002499FDB14DFAAD845BDFBBF5AF88310F24881AE519A7250C775A944CFA0
              Function 027B1F08 Relevance: 1.6, APIs: 1, Instructions: 52threadCOMMON
              Download Yara Rule
              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2176388971.00000000027B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027B0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_27b0000_SPA-198-2024.jbxd
              Similarity
              • API ID: ResumeThread
              • String ID:
              • API String ID: 947044025-0
              • Opcode ID: 24ce4d876aae4014106f2149ce7a63c7b885f972dac5493ea7fb31a68209a9db
              • Instruction ID: 857a30239c28620fc57b9f5e0472148d3dbf4c4d83f43982c310f147e2e53ab0
              • Opcode Fuzzy Hash: 24ce4d876aae4014106f2149ce7a63c7b885f972dac5493ea7fb31a68209a9db
              • Instruction Fuzzy Hash: 6C1146B1D003488FDB10DFAAD8897DEBBF4EF88610F24881AD519A7240C775A904CBA4
              Function 027B1F10 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
              Download Yara Rule
              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2176388971.00000000027B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027B0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_27b0000_SPA-198-2024.jbxd
              Similarity
              • API ID: ResumeThread
              • String ID:
              • API String ID: 947044025-0
              • Opcode ID: f973abc45c7d0867b79825f8b1959bfbd13849654d4064afd31417516e3bef33
              • Instruction ID: 1e5bb3308f175b68e212406bbe4dbb0ad46c691012a97d546923fc2b04c769a1
              • Opcode Fuzzy Hash: f973abc45c7d0867b79825f8b1959bfbd13849654d4064afd31417516e3bef33
              • Instruction Fuzzy Hash: B81128B1D003498FDB10DFAAD4497DEFBF5AF88614F24841AD519A7240C7756944CBA0
              Function 00EAAF78 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
              Download Yara Rule
              APIs
              • GetModuleHandleW.KERNELBASE(00000000), ref: 00EAAFDE
              Memory Dump Source
              • Source File: 00000000.00000002.2176067913.0000000000EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_ea0000_SPA-198-2024.jbxd
              Similarity
              • API ID: HandleModule
              • String ID:
              • API String ID: 4139908857-0
              • Opcode ID: 5e59e56e9cd766af6e8de2f2b4a9deaab0686f75fd8c25443fb944ea75386255
              • Instruction ID: aa95d7c26a9419a8ef7c4c13131b3319410032f0ce14f090d3573eb86dbb2db5
              • Opcode Fuzzy Hash: 5e59e56e9cd766af6e8de2f2b4a9deaab0686f75fd8c25443fb944ea75386255
              • Instruction Fuzzy Hash: 5A1110B5D007498FCB24CF9AD444ADEFBF4AB88314F14842AD429B7600C379A545CFA1
              Function 027B0C58 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
              Download Yara Rule
              APIs
              • PostMessageW.USER32(?,00000010,00000000,?), ref: 027B4AA5
              Memory Dump Source
              • Source File: 00000000.00000002.2176388971.00000000027B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027B0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_27b0000_SPA-198-2024.jbxd
              Similarity
              • API ID: MessagePost
              • String ID:
              • API String ID: 410705778-0
              • Opcode ID: ad03de865acf84cd19e422458e183061dbce94837a6dad4e554afa45681b60d7
              • Instruction ID: fee980826bd0065a319e50eaba14006d1664bf7832a15d363a03128793aba7ee
              • Opcode Fuzzy Hash: ad03de865acf84cd19e422458e183061dbce94837a6dad4e554afa45681b60d7
              • Instruction Fuzzy Hash: 671122B5800348DFCB10DF9AD598BDFBBF8EB48320F108459E958A7200D375A944CFA4
              Function 027B4A40 Relevance: 1.5, APIs: 1, Instructions: 44windowCOMMON
              Download Yara Rule
              APIs
              • PostMessageW.USER32(?,00000010,00000000,?), ref: 027B4AA5
              Memory Dump Source
              • Source File: 00000000.00000002.2176388971.00000000027B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027B0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_27b0000_SPA-198-2024.jbxd
              Similarity
              • API ID: MessagePost
              • String ID:
              • API String ID: 410705778-0
              • Opcode ID: 303a25edc9a64c7bf12b09c4b1cda38b0e6c687491fc30a563df4c2620bf98c3
              • Instruction ID: 103167327de99d335cfdad1806df4c115c1ec9846cee6f8a81b16181f53a0815
              • Opcode Fuzzy Hash: 303a25edc9a64c7bf12b09c4b1cda38b0e6c687491fc30a563df4c2620bf98c3
              • Instruction Fuzzy Hash: 7A112EB5800308DFCB10CF99C588BDEBBF8EB48310F20884AE558A7640C379A984CFA4
              Function 00BFD3D8 Relevance: .1, Instructions: 75COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2174150050.0000000000BFD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BFD000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_bfd000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f2ec64c425f26e4141c650c009ad7ac2b1d9bd8a926869b8662dbabcd000dbf3
              • Instruction ID: 93f88a2f386b3840c06ea90dea9cc352338b414e900611e0b01eda9a7d4a54b8
              • Opcode Fuzzy Hash: f2ec64c425f26e4141c650c009ad7ac2b1d9bd8a926869b8662dbabcd000dbf3
              • Instruction Fuzzy Hash: 1821F875504208DFDB05DF14D9C0B26BFA6FB98314F24C5ADEA090B356C336E85ACAA2
              Function 00BFD4C4 Relevance: .1, Instructions: 75COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2174150050.0000000000BFD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BFD000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_bfd000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7b611401a74ee33bbec3eab6173b1829f41785a865659e71b516fe1e6c22b3f4
              • Instruction ID: 52622bb8761802c394d88e0c883180996f77e36ce5865954c750f369b7a5ca22
              • Opcode Fuzzy Hash: 7b611401a74ee33bbec3eab6173b1829f41785a865659e71b516fe1e6c22b3f4
              • Instruction Fuzzy Hash: 3221F871504248DFDB05DF14D9C0F36BFA6FB98318F24C5A9EA050B256C336D85ADAA1
              Function 00C0D1D4 Relevance: .1, Instructions: 72COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2174229299.0000000000C0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C0D000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_c0d000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7c50c05b55e3f3222e869e8c1b9ffb83273e63e0f95d88ae68b2981452011220
              • Instruction ID: e40914a6561a2247876e272075eba4f9e5d6a2513dc0983507b6042b35284dca
              • Opcode Fuzzy Hash: 7c50c05b55e3f3222e869e8c1b9ffb83273e63e0f95d88ae68b2981452011220
              • Instruction Fuzzy Hash: EF210171604304EFDB05DF94D9C0B26BBA5FB88314F24C6ADE90A4B292C37ADC46CA61
              Function 00C0D01C Relevance: .1, Instructions: 72COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2174229299.0000000000C0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C0D000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_c0d000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: fffd1f166114751e362831f3edc8b2484e8c5c35a35c0a490d6b2392d576ffba
              • Instruction ID: 098f0b54e2470baa5c1c590672bb16f5f057565bec24c55e3b2868128701297b
              • Opcode Fuzzy Hash: fffd1f166114751e362831f3edc8b2484e8c5c35a35c0a490d6b2392d576ffba
              • Instruction Fuzzy Hash: 8621F275604204EFDB14DF54D9C0B16BB65FB88318F24C5ADE90E4B286C37AD847CA62
              Function 00C0D005 Relevance: .1, Instructions: 62COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2174229299.0000000000C0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C0D000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_c0d000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2366c2a2014fc5ba49a299a207f58bd3ed4349fcc923ac42dfc6e4728315b23d
              • Instruction ID: b5cdcc3f2bf73104976320e21fe56d4ad72757fd1573947bfcd56af99ac3d7d6
              • Opcode Fuzzy Hash: 2366c2a2014fc5ba49a299a207f58bd3ed4349fcc923ac42dfc6e4728315b23d
              • Instruction Fuzzy Hash: B22192755093C08FCB02CF24D990715BF71EB46314F29C5EAD8498F6A7C33A980ACB62
              Function 00BFD4BF Relevance: .1, Instructions: 56COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2174150050.0000000000BFD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BFD000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_bfd000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a9b31bad3e5d6eb0f96c4d965fb2c37b7b820b0d943b1868179f970c6fb30aa6
              • Instruction ID: b5aa00ceb8055c459d8851e79c36722fd30ebf5c85287b008317752bceab70bb
              • Opcode Fuzzy Hash: a9b31bad3e5d6eb0f96c4d965fb2c37b7b820b0d943b1868179f970c6fb30aa6
              • Instruction Fuzzy Hash: 0511D376504284CFCF15CF14D5C4B26BFB2FB94314F24C6A9D9490B656C33AD85ACBA2
              Function 00BFD3D3 Relevance: .1, Instructions: 56COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2174150050.0000000000BFD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BFD000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_bfd000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a9b31bad3e5d6eb0f96c4d965fb2c37b7b820b0d943b1868179f970c6fb30aa6
              • Instruction ID: 8e5fcde9151efe19237eed48f38e4670945abaccaf177e46e03d3d9b6424f160
              • Opcode Fuzzy Hash: a9b31bad3e5d6eb0f96c4d965fb2c37b7b820b0d943b1868179f970c6fb30aa6
              • Instruction Fuzzy Hash: 8D11D376504244DFCB15CF14D5C4B26BFB2FB94324F24C6A9D9090B756C33AE85ACBA2
              Function 00C0D1CF Relevance: .1, Instructions: 53COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2174229299.0000000000C0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C0D000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_c0d000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c21f20f9b933fcfff6280cc061701e95e78f5f46405777b46ba0931fd6c09a03
              • Instruction ID: c17fd555206731d0e3da36cafe4678c101fa28e2a4db96df52df4d31d6805a49
              • Opcode Fuzzy Hash: c21f20f9b933fcfff6280cc061701e95e78f5f46405777b46ba0931fd6c09a03
              • Instruction Fuzzy Hash: 6D11DD75504284DFCB01CF54C5C0B15FBB1FB84314F24C6ADD84A4B696C33AD94ACB61

              Non-executed Functions

              Function 02950040 Relevance: .3, Instructions: 315COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2176986506.0000000002950000.00000040.00000800.00020000.00000000.sdmp, Offset: 02950000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2950000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 88db905a09c4ed09f6cd3e1090222f440cfa20760cc318cca7af853f35433841
              • Instruction ID: f64792828561888723fc7426980b8aa1d8199119007a91d9c26ff86d8adbb999
              • Opcode Fuzzy Hash: 88db905a09c4ed09f6cd3e1090222f440cfa20760cc318cca7af853f35433841
              • Instruction Fuzzy Hash: A21276B0D82746CAE310CF66E98C2897BB1B745318FD0CA19DA615F2E1DBB4156ECF44
              Function 027B16E8 Relevance: .3, Instructions: 312COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2176388971.00000000027B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027B0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_27b0000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f4e309c88aec1a7fa2f6b90f6cd203990bd527aae18dc064b274541bd110cff8
              • Instruction ID: 653cdf8a5100663b46ace84a420dfd00ef009211f04ef8e6b040f18c4d5aea5a
              • Opcode Fuzzy Hash: f4e309c88aec1a7fa2f6b90f6cd203990bd527aae18dc064b274541bd110cff8
              • Instruction Fuzzy Hash: 59E1F974E042598FDB14DFA9C590AEEFBF2BF89305F248169D418AB35AD730A941CF60
              Function 027B0040 Relevance: .3, Instructions: 312COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2176388971.00000000027B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027B0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_27b0000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 223d16fdbf5457e0e48beaa066633c021dd4bfa96ad4d2526f8dcb8635c0d910
              • Instruction ID: 65b3bc4c4fc5550b7f2ef76a7746da046ceb60e84fe6a59f468138e72a43948e
              • Opcode Fuzzy Hash: 223d16fdbf5457e0e48beaa066633c021dd4bfa96ad4d2526f8dcb8635c0d910
              • Instruction Fuzzy Hash: F8E1FA74E042198FDB14DFA9C580AEEFBF2BF89305F248169D414AB356D731A942CF60
              Function 027B2098 Relevance: .3, Instructions: 312COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2176388971.00000000027B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027B0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_27b0000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d0121cd9555e2a52fcaa757e2f96279e73e3967952a150cda336c7de629d320a
              • Instruction ID: a3b88bcaaba800e857ed5e8a1e385f639237566a2fe545f51e0c3064f33cc40e
              • Opcode Fuzzy Hash: d0121cd9555e2a52fcaa757e2f96279e73e3967952a150cda336c7de629d320a
              • Instruction Fuzzy Hash: E8E1EB74E042198FDB15DFA9C580AEEFBF2BF89305F248169D814AB35AD731A941CF60
              Function 00EAEF04 Relevance: .3, Instructions: 264COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2176067913.0000000000EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EA0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_ea0000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5106d6c29bb9c76f8ea7504fd4e0113b210d0c8075949ebe50293822f8181520
              • Instruction ID: 41bbcab5364e7bede554d9b660877f6813f402a258dd75dbc84635e57c1a6b2a
              • Opcode Fuzzy Hash: 5106d6c29bb9c76f8ea7504fd4e0113b210d0c8075949ebe50293822f8181520
              • Instruction Fuzzy Hash: 07A14B36E002098FCF05DFA4C84459EBBB2FF89304B15956AE906BF265DB71ED56CB80
              Function 02950006 Relevance: .2, Instructions: 244COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2176986506.0000000002950000.00000040.00000800.00020000.00000000.sdmp, Offset: 02950000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2950000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3b580c28d8be0b7114535a2105ccbf2555aaef1b79f5c7f192721fb179a7d3fa
              • Instruction ID: 3b5e5f512d55e1fe46bd407d6015cf500a11f2ae4fed74a93a8f22420bb9a96e
              • Opcode Fuzzy Hash: 3b580c28d8be0b7114535a2105ccbf2555aaef1b79f5c7f192721fb179a7d3fa
              • Instruction Fuzzy Hash: 13D119B0C817468FE711CF66E8982897BB1BB85314F908B1AD9616F2E1DBB4146ECF44
              Function 027B0007 Relevance: .2, Instructions: 153COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2176388971.00000000027B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027B0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_27b0000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 46ad35283e62ba8698cf115576e050cece404ebe1c471edfc6ee08e430380991
              • Instruction ID: 4677942f4c5bdbfbe23f25d576c9a4a8d7e67758bb71a03f255a6149bfc70863
              • Opcode Fuzzy Hash: 46ad35283e62ba8698cf115576e050cece404ebe1c471edfc6ee08e430380991
              • Instruction Fuzzy Hash: 47614474D053598FCB19CFA9C9806EEFBF2AF85304F14C1AAD458AB256D7309942CF61
              Function 027B2088 Relevance: .1, Instructions: 136COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2176388971.00000000027B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027B0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_27b0000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 80485656d570dcbbd0184f072dc06af6a761265dc497f211d53e627b46dcbea8
              • Instruction ID: a7eccb48ed16346f3f9b2ae3d321e54c7bb23aaa78f6162215adcb9a937f49ee
              • Opcode Fuzzy Hash: 80485656d570dcbbd0184f072dc06af6a761265dc497f211d53e627b46dcbea8
              • Instruction Fuzzy Hash: A0510C70E012198BDB15CFA9C9846EEFBF2EF89304F248169D418AB356D7319942CFA1

              Execution Graph

              Execution Coverage:0.9%
              Dynamic/Decrypted Code Coverage:4.8%
              Signature Coverage:8.7%
              Total number of Nodes:104
              Total number of Limit Nodes:11
              execution_graph 82133 42ba43 82134 42ba5d 82133->82134 82137 1ab2df0 LdrInitializeThunk 82134->82137 82135 42ba85 82137->82135 82138 424b63 82143 424b7c 82138->82143 82139 424c0c 82140 424bc4 82146 42e573 82140->82146 82143->82139 82143->82140 82144 424c07 82143->82144 82145 42e573 RtlFreeHeap 82144->82145 82145->82139 82149 42c7b3 82146->82149 82148 424bd4 82150 42c7cd 82149->82150 82151 42c7de RtlFreeHeap 82150->82151 82151->82148 82223 4247d3 82224 4247ef 82223->82224 82225 424817 82224->82225 82226 42482b 82224->82226 82228 42c433 NtClose 82225->82228 82227 42c433 NtClose 82226->82227 82230 424834 82227->82230 82229 424820 82228->82229 82233 42e693 RtlAllocateHeap 82230->82233 82232 42483f 82233->82232 82234 42f613 82235 42f623 82234->82235 82236 42f629 82234->82236 82239 42e653 82236->82239 82238 42f64f 82242 42c763 82239->82242 82241 42e66e 82241->82238 82243 42c780 82242->82243 82244 42c791 RtlAllocateHeap 82243->82244 82244->82241 82152 417563 82153 417587 82152->82153 82154 4175c3 LdrLoadDll 82153->82154 82155 41758e 82153->82155 82154->82155 82245 413a93 82249 413ab3 82245->82249 82247 413b1c 82248 413b12 82249->82247 82250 41b1a3 RtlFreeHeap LdrInitializeThunk 82249->82250 82250->82248 82251 41e293 82252 41e2b9 82251->82252 82256 41e3b6 82252->82256 82257 42f743 82252->82257 82254 41e354 82255 42ba93 LdrInitializeThunk 82254->82255 82254->82256 82255->82256 82258 42f6b3 82257->82258 82259 42e653 RtlAllocateHeap 82258->82259 82260 42f710 82258->82260 82261 42f6ed 82259->82261 82260->82254 82262 42e573 RtlFreeHeap 82261->82262 82262->82260 82156 401b07 82157 401aa2 82156->82157 82158 401a48 82157->82158 82161 42fae3 82157->82161 82159 401bff 82159->82159 82164 42e0f3 82161->82164 82165 42e117 82164->82165 82174 4072d3 82165->82174 82167 42e140 82168 42e19c 82167->82168 82177 41ae93 82167->82177 82168->82159 82170 42e15f 82171 42e174 82170->82171 82172 42c803 ExitProcess 82170->82172 82188 42c803 82171->82188 82172->82171 82176 4072e0 82174->82176 82191 416283 82174->82191 82176->82167 82178 41aebf 82177->82178 82209 41ad83 82178->82209 82181 41af04 82183 41af20 82181->82183 82186 42c433 NtClose 82181->82186 82182 41aeec 82184 41aef7 82182->82184 82215 42c433 82182->82215 82183->82170 82184->82170 82187 41af16 82186->82187 82187->82170 82189 42c81d 82188->82189 82190 42c82e ExitProcess 82189->82190 82190->82168 82192 4162a0 82191->82192 82194 4162b9 82192->82194 82195 42cec3 82192->82195 82194->82176 82197 42cedd 82195->82197 82196 42cf0c 82196->82194 82197->82196 82202 42ba93 82197->82202 82200 42e573 RtlFreeHeap 82201 42cf85 82200->82201 82201->82194 82203 42bab0 82202->82203 82206 1ab2c0a 82203->82206 82204 42badc 82204->82200 82207 1ab2c1f LdrInitializeThunk 82206->82207 82208 1ab2c11 82206->82208 82207->82204 82208->82204 82210 41ad9d 82209->82210 82214 41ae79 82209->82214 82218 42bb33 82210->82218 82213 42c433 NtClose 82213->82214 82214->82181 82214->82182 82216 42c44d 82215->82216 82217 42c45e NtClose 82216->82217 82217->82184 82219 42bb4d 82218->82219 82222 1ab35c0 LdrInitializeThunk 82219->82222 82220 41ae6d 82220->82213 82222->82220

              Executed Functions

              Function 00417563 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 110 417563-41757f 111 417587-41758c 110->111 112 417582 call 42f153 110->112 113 417592-4175a0 call 42f753 111->113 114 41758e-417591 111->114 112->111 117 4175b0-4175c1 call 42dbc3 113->117 118 4175a2-4175ad call 42f9f3 113->118 123 4175c3-4175d7 LdrLoadDll 117->123 124 4175da-4175dd 117->124 118->117 123->124
              APIs
              • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 004175D5
              Memory Dump Source
              • Source File: 00000003.00000002.2283198015.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_400000_SPA-198-2024.jbxd
              Yara matches
              Similarity
              • API ID: Load
              • String ID:
              • API String ID: 2234796835-0
              • Opcode ID: cabadc429ca9bf0ea4f6f112ad196f5047ef34b7e91932448bc3641e5bf786ad
              • Instruction ID: bdce513adcdf66a5ddf40d0a2ecde4d7099c94072a20f6ffb4ae009ad51faa44
              • Opcode Fuzzy Hash: cabadc429ca9bf0ea4f6f112ad196f5047ef34b7e91932448bc3641e5bf786ad
              • Instruction Fuzzy Hash: B00171B1E0020DBBDF10DBE1DC42FDEB379AB54308F4081AAE90897241F634EB588B95
              Function 0042C433 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 135 42c433-42c46c call 404713 call 42d6b3 NtClose
              APIs
              • NtClose.NTDLL(?,?,00000000,00000000,0000001F,?,FA0A1F00), ref: 0042C467
              Memory Dump Source
              • Source File: 00000003.00000002.2283198015.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_400000_SPA-198-2024.jbxd
              Yara matches
              Similarity
              • API ID: Close
              • String ID:
              • API String ID: 3535843008-0
              • Opcode ID: f104d03abdedf1f8787786e7aaafcefc6a5242dd07684567bd9e54fffbad41ec
              • Instruction ID: 37a102a096cf0697ac499042812ebe3be0a6e3a94df1b2a833282852239f11ec
              • Opcode Fuzzy Hash: f104d03abdedf1f8787786e7aaafcefc6a5242dd07684567bd9e54fffbad41ec
              • Instruction Fuzzy Hash: 7DE04F766002147BD620BA5AEC41F97775CDFC5714F00801AFA0867282C675791087F5
              Function 01AB35C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 151 1ab35c0-1ab35cc LdrInitializeThunk
              APIs
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID: InitializeThunk
              • String ID:
              • API String ID: 2994545307-0
              • Opcode ID: 3d3a6996cd08fc2c23b4cf88d4adf83e75f87fa1524584cb291ab0dca3aa63ce
              • Instruction ID: 5809e4ae67bc3cd04fe9351bf30e0f34bffffd8df3977115b2caebf53d915177
              • Opcode Fuzzy Hash: 3d3a6996cd08fc2c23b4cf88d4adf83e75f87fa1524584cb291ab0dca3aa63ce
              • Instruction Fuzzy Hash: 1690023160550402D100715D45147061005A7D0601F66C415A0424568DC79A8A5166A2
              Function 01AB2DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 150 1ab2df0-1ab2dfc LdrInitializeThunk
              APIs
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID: InitializeThunk
              • String ID:
              • API String ID: 2994545307-0
              • Opcode ID: 5463cae868329518c80124517204869e29bb67461ef66a456aa01d00a25bdc01
              • Instruction ID: 277b338c0739545493ec9298c19518c5afe0534cc6eeb4d61586075b8fc93b94
              • Opcode Fuzzy Hash: 5463cae868329518c80124517204869e29bb67461ef66a456aa01d00a25bdc01
              • Instruction Fuzzy Hash: C790023120140413D111715D45047070009A7D0641F96C416A0424558DD65B8A52A221
              Function 01AB2C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 149 1ab2c70-1ab2c7c LdrInitializeThunk
              APIs
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID: InitializeThunk
              • String ID:
              • API String ID: 2994545307-0
              • Opcode ID: 8ad5c0032532081bc145c11f4a78b2ddde6824e870cb14c38854a0a802cea94f
              • Instruction ID: 8f8db41a1fb7503690cd63a5aeec39eb980d9ccc05a46b36c6368546e0550ebb
              • Opcode Fuzzy Hash: 8ad5c0032532081bc145c11f4a78b2ddde6824e870cb14c38854a0a802cea94f
              • Instruction Fuzzy Hash: 8090023120148802D110715D840474A0005A7D0701F5AC415A4424658DC69A89917221
              Function 0042C763 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 125 42c763-42c7a7 call 404713 call 42d6b3 RtlAllocateHeap
              APIs
              • RtlAllocateHeap.NTDLL(?,0041E354,?,?,00000000,?,0041E354,?,?,?), ref: 0042C7A2
              Memory Dump Source
              • Source File: 00000003.00000002.2283198015.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_400000_SPA-198-2024.jbxd
              Yara matches
              Similarity
              • API ID: AllocateHeap
              • String ID:
              • API String ID: 1279760036-0
              • Opcode ID: 8e8f804e6e2566f97d4133197ec8a822201c655ac3a2fa4d2fbee59e578fcff7
              • Instruction ID: 8478ad7e8697ef7acc63e2c8c0b0e70c508952faf178b19bb78cdc86ac20e0b7
              • Opcode Fuzzy Hash: 8e8f804e6e2566f97d4133197ec8a822201c655ac3a2fa4d2fbee59e578fcff7
              • Instruction Fuzzy Hash: 18E06DB27042047FD610EE59EC45F9B73ACEFC5714F004019F908A7282D770B9108AB5
              Function 0042C7B3 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 130 42c7b3-42c7f4 call 404713 call 42d6b3 RtlFreeHeap
              APIs
              • RtlFreeHeap.NTDLL(00000000,00000004,00000000,9403D333,00000007,00000000,00000004,00000000,00416E48,000000F4), ref: 0042C7EF
              Memory Dump Source
              • Source File: 00000003.00000002.2283198015.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_400000_SPA-198-2024.jbxd
              Yara matches
              Similarity
              • API ID: FreeHeap
              • String ID:
              • API String ID: 3298025750-0
              • Opcode ID: 27bbdd54da5c965e61241d10b6020c612638fb223b0637cadf89fda0c63e04a5
              • Instruction ID: 0103aceadb78e79b7ecc8faacede7f1e09fa23b9d57152ecbc1c1368217fcbeb
              • Opcode Fuzzy Hash: 27bbdd54da5c965e61241d10b6020c612638fb223b0637cadf89fda0c63e04a5
              • Instruction Fuzzy Hash: 6DE06DB17002047BD610EE59EC81F9B33ADDFC5710F004019FE08A7241D671B9108AB9
              Function 0042C803 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 140 42c803-42c83c call 404713 call 42d6b3 ExitProcess
              APIs
              Memory Dump Source
              • Source File: 00000003.00000002.2283198015.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_400000_SPA-198-2024.jbxd
              Yara matches
              Similarity
              • API ID: ExitProcess
              • String ID:
              • API String ID: 621844428-0
              • Opcode ID: cef4f983fc9ebd551220bca8743f3b8b02da57f9f425297ef17eed880e4366f5
              • Instruction ID: f8c1995de4c57a0dc7d95be7e0574ee260bed641c46f1d5501e4473e89b5d8ab
              • Opcode Fuzzy Hash: cef4f983fc9ebd551220bca8743f3b8b02da57f9f425297ef17eed880e4366f5
              • Instruction Fuzzy Hash: F9E04F756442147FD120BA9ADC41F97776CDFC5714F40401AFA1C67241C674790487F4
              Function 01AB2C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 145 1ab2c0a-1ab2c0f 146 1ab2c1f-1ab2c26 LdrInitializeThunk 145->146 147 1ab2c11-1ab2c18 145->147
              APIs
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID: InitializeThunk
              • String ID:
              • API String ID: 2994545307-0
              • Opcode ID: 18a394972cb83de4fbbfea12d06d445737d710ebe54f1b2b6e478d68a9fbc4ba
              • Instruction ID: fa2039420d37fde2758571e86af4b8004645c00b26c2c0a0e5977c5291e6ce5c
              • Opcode Fuzzy Hash: 18a394972cb83de4fbbfea12d06d445737d710ebe54f1b2b6e478d68a9fbc4ba
              • Instruction Fuzzy Hash: 04B09B719015C5C5DA11E76446087177A0477D1701F16C077D2030641F473DD5D1F275

              Non-executed Functions

              Function 01AF2349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
              • API String ID: 0-2160512332
              • Opcode ID: b31660db631d30821db2d32f1feec1f1db5e4bce0baee2d11aba271373a6a607
              • Instruction ID: 24fe24ca781862cc3c9aa876f7682a0040a569d639c9bf69c100010dd555f651
              • Opcode Fuzzy Hash: b31660db631d30821db2d32f1feec1f1db5e4bce0baee2d11aba271373a6a607
              • Instruction Fuzzy Hash: 34928E71604742ABE721DF68C880B6BBBE8BF84754F04492EFB94D7291D774E844CB92
              Function 01B212ED Relevance: 11.8, Strings: 9, Instructions: 515COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID: Free Heap block %p modified at %p after it was freed$HEAP: $HEAP[%wZ]: $Heap Segment at %p contains invalid NumberOfUnCommittedPages (%x != %x)$Heap Segment at %p contains invalid NumberOfUnCommittedRanges (%x != %x)$Heap block at %p has corrupted PreviousSize (%lx)$Heap block at %p has incorrect segment offset (%x)$Heap block at %p is not last block in segment (%p)$Heap entry %p has incorrect PreviousSize field (%04x instead of %04x)
              • API String ID: 0-3591852110
              • Opcode ID: 5394ee9a00226b5219fa9eb4c5689873a707e62bced721c90e4a653f86f740aa
              • Instruction ID: d3b489453600795ef021af3926be32a377acc8d8a78d55059dec4639c4c2b6bd
              • Opcode Fuzzy Hash: 5394ee9a00226b5219fa9eb4c5689873a707e62bced721c90e4a653f86f740aa
              • Instruction Fuzzy Hash: 6F12D230600652EFD72ACF2DC481BBABBF5FF09714F188599E49A8B651D734E889CB50
              Function 01A6D34C Relevance: 11.6, Strings: 9, Instructions: 312COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID: @$@$@$Control Panel\Desktop$Control Panel\Desktop\MuiCached$MachinePreferredUILanguages$PreferredUILanguages$PreferredUILanguagesPending$\Registry\Machine\Software\Policies\Microsoft\MUI\Settings
              • API String ID: 0-3532704233
              • Opcode ID: 0415f02172fb250dacaec90d0022e092be90e2e3431449b313f475ffd12298c9
              • Instruction ID: e93e73ccea8fcfc431f657512f5e4b931251af904bb2029d7c005419132421c4
              • Opcode Fuzzy Hash: 0415f02172fb250dacaec90d0022e092be90e2e3431449b313f475ffd12298c9
              • Instruction Fuzzy Hash: 0BB19D716083569BD712DF68C980A6BBBE8BF88784F05492EF989D7240D730DD488B92
              Function 01B09179 Relevance: 10.4, Strings: 8, Instructions: 401COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID: %s\%ld\%s$%s\%u-%u-%u-%u$AppContainerNamedObjects$BaseNamedObjects$Global\Session\%ld%s$\AppContainerNamedObjects$\BaseNamedObjects$\Sessions
              • API String ID: 0-3063724069
              • Opcode ID: 5f426d77e5cd9246699c438a0e0f408ef67909d3afa880a0c171955b29bdace6
              • Instruction ID: 2b275b7a644422bab2d30c19a81a901a3ff4a97030ccfafc7ce091fab5c729b5
              • Opcode Fuzzy Hash: 5f426d77e5cd9246699c438a0e0f408ef67909d3afa880a0c171955b29bdace6
              • Instruction Fuzzy Hash: 88D108B2804352AFDB26DE54C880B6FBFE8EF94718F01496DFA8897192D770D944C792
              Function 01B20274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
              • API String ID: 0-1700792311
              • Opcode ID: 30b30f9c1e1bfc212f754cf793ea8b0b7374a05cbb779eddad5534b0b1dc3ee2
              • Instruction ID: 49f6b613bcee8621fd56dd7f767849ad4b801e91006cf5ba1d12c9ba81bedd73
              • Opcode Fuzzy Hash: 30b30f9c1e1bfc212f754cf793ea8b0b7374a05cbb779eddad5534b0b1dc3ee2
              • Instruction Fuzzy Hash: 03D10731600695EFDB2AEF68C440AADBFF1FF5A710F188099F4499B662C739D949CB10
              Function 01A6D08D Relevance: 10.2, Strings: 8, Instructions: 249COMMON
              Download Yara Rule
              Strings
              • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings\LanguageConfiguration, xrefs: 01A6D2C3
              • Software\Policies\Microsoft\Control Panel\Desktop, xrefs: 01A6D146
              • \Registry\Machine\Software\Policies\Microsoft\MUI\Settings, xrefs: 01A6D0CF
              • Control Panel\Desktop\MuiCached\MachineLanguageConfiguration, xrefs: 01A6D262
              • @, xrefs: 01A6D313
              • @, xrefs: 01A6D2AF
              • @, xrefs: 01A6D0FD
              • Control Panel\Desktop\LanguageConfiguration, xrefs: 01A6D196
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID: @$@$@$Control Panel\Desktop\LanguageConfiguration$Control Panel\Desktop\MuiCached\MachineLanguageConfiguration$Software\Policies\Microsoft\Control Panel\Desktop$\Registry\Machine\Software\Policies\Microsoft\MUI\Settings$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings\LanguageConfiguration
              • API String ID: 0-1356375266
              • Opcode ID: 1130a1afd3a84737224b3714b0c842159af8080d7fbcc0a68825fc373ccdd0fa
              • Instruction ID: bbfa438fefa264eb0551054e0a12216a1e185e86a9c07827ac0213811de9ae15
              • Opcode Fuzzy Hash: 1130a1afd3a84737224b3714b0c842159af8080d7fbcc0a68825fc373ccdd0fa
              • Instruction Fuzzy Hash: A7A19E71A083469FD721DF64C580BABBBE8BB88755F00492EF6D897241E774D908CF92
              Function 01A6F172 Relevance: 8.2, Strings: 6, Instructions: 684COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID: (!TrailingUCR)$((LONG)FreeEntry->Size > 1)$(LONG)FreeEntry->Size > 1$(UCRBlock != NULL)$HEAP: $HEAP[%wZ]:
              • API String ID: 0-523794902
              • Opcode ID: 8faa5e82c5505fb75bad3f3cd37f5849c4db235cb097a9a65ea92057583a72d2
              • Instruction ID: bead0b08b005c884f942d8b78c62dcdfa46f688aad832bc443d1d632a39826a4
              • Opcode Fuzzy Hash: 8faa5e82c5505fb75bad3f3cd37f5849c4db235cb097a9a65ea92057583a72d2
              • Instruction Fuzzy Hash: F4421E712083829FC715DF38D994B2ABBE9FF98A04F08496DE895CB352D734E845CB52
              Function 01A8B1B0 Relevance: 7.8, Strings: 6, Instructions: 350COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID: API set$DLL %wZ was redirected to %wZ by %s$LdrpPreprocessDllName$LdrpPreprocessDllName for DLL %wZ failed with status 0x%08lx$SxS$minkernel\ntdll\ldrutil.c
              • API String ID: 0-122214566
              • Opcode ID: 38f2a7d89e86698b1a7f9246fb53ef37679e4ed6d613679262e6ef7faa9dff8f
              • Instruction ID: d228b2c6fc09d23e30f8a097f118685a5cd881f04880e61bb8970a7ca8d5c663
              • Opcode Fuzzy Hash: 38f2a7d89e86698b1a7f9246fb53ef37679e4ed6d613679262e6ef7faa9dff8f
              • Instruction Fuzzy Hash: 2DC16871A00256ABDB25AB6CC881BBEBBB5FF45310F18406DED069B692E774C944C3B1
              Function 01AA63FF Relevance: 7.8, Strings: 6, Instructions: 261COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
              • API String ID: 0-792281065
              • Opcode ID: 770defb800964f8be97d414696178fa9cb11747d8f732a293a4684d98e6532c5
              • Instruction ID: e1e82aeaa5d0156940ab2d0ac80902528baab8e7d883e2ec2d504f9c32712b35
              • Opcode Fuzzy Hash: 770defb800964f8be97d414696178fa9cb11747d8f732a293a4684d98e6532c5
              • Instruction Fuzzy Hash: AB914D71B00315DBEB35DF58DA48BA97BE5BF64B54F48012DE908AB2D2D7789801CB90
              Function 01B1F525 Relevance: 7.7, Strings: 6, Instructions: 231COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID: HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just allocated block at %p for %Ix bytes$Just allocated block at %p for 0x%Ix bytes with tag %ws$RtlAllocateHeap
              • API String ID: 0-1745908468
              • Opcode ID: 570bd1932282b1159b83cdae3dca1f5f279b84b4afc144f074d1150ef2397151
              • Instruction ID: ac471118a8cc52a0d5c708f08cf356b97d689aca27776f5b5627b1f52600514c
              • Opcode Fuzzy Hash: 570bd1932282b1159b83cdae3dca1f5f279b84b4afc144f074d1150ef2397151
              • Instruction Fuzzy Hash: 77912231A00641DFDB1ADFA8C440ABDBBF2FF5A714F59809DE845EB2A5CB359948CB10
              Function 01A9F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
              Download Yara Rule
              Strings
              • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 01AE02E7
              • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 01AE02BD
              • RTL: Re-Waiting, xrefs: 01AE031E
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
              • API String ID: 0-2474120054
              • Opcode ID: 3f794e97bbf49e21c07ac4237dd91b02183af1db5ae90d9d5b49cd23dd93626b
              • Instruction ID: e7af05146e6c7d1778a7c7637e7bd62374b8c66a41cae84cc07e18ec5b88d55d
              • Opcode Fuzzy Hash: 3f794e97bbf49e21c07ac4237dd91b02183af1db5ae90d9d5b49cd23dd93626b
              • Instruction Fuzzy Hash: 18E1AF316047429FDB25CF28C984B6ABBE0BF84314F144A6DF6A5CB2E1D774D985CB82
              Function 01A951EF Relevance: 6.7, Strings: 5, Instructions: 434COMMON
              Download Yara Rule
              Strings
              • Kernel-MUI-Language-Allowed, xrefs: 01A9527B
              • Kernel-MUI-Language-Disallowed, xrefs: 01A95352
              • WindowsExcludedProcs, xrefs: 01A9522A
              • Kernel-MUI-Number-Allowed, xrefs: 01A95247
              • Kernel-MUI-Language-SKU, xrefs: 01A9542B
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
              • API String ID: 0-258546922
              • Opcode ID: baaafce6621a050277971a87f0893cbfa9f35d41e81147e27d85fe1ca3cbe5bd
              • Instruction ID: afa2fd099f7ea81207437744569c0b5ee61e2d85ef8959950921ce09003c7744
              • Opcode Fuzzy Hash: baaafce6621a050277971a87f0893cbfa9f35d41e81147e27d85fe1ca3cbe5bd
              • Instruction Fuzzy Hash: 4FF148B2D00619EBDF12DFA8C981AEEBBF9FF48610F15406AE501E7211D7749A40CBA0
              Function 01A870C0 Relevance: 6.0, Strings: 3, Instructions: 2248COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
              • API String ID: 0-3178619729
              • Opcode ID: fa447011c7378a2de99a7590996f55a38c22755112411a303ec6769e9775cd21
              • Instruction ID: ba4e54e4933f69c5fc9a45d6b3b757ffdc9c57ab9f69974f2e653b9b63bbd8da
              • Opcode Fuzzy Hash: fa447011c7378a2de99a7590996f55a38c22755112411a303ec6769e9775cd21
              • Instruction Fuzzy Hash: EC13D270A00255DFDB29DF68C4807A9FBF1FF49304F6881A9D949AB382DB34A945CF90
              Function 01A81070 Relevance: 5.9, Strings: 4, Instructions: 940COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID: !(CheckedFlags & ~HEAP_CREATE_VALID_MASK)$@$HEAP: $HEAP[%wZ]:
              • API String ID: 0-3570731704
              • Opcode ID: e03a183fa2bc5ccf8d02fd6cb0859c342f07a83c6ce2b0f50da6b3318f5ccb64
              • Instruction ID: b262e501e83fd877b7e3c89f710410c066dc680a85105c74368bd39b45901b5a
              • Opcode Fuzzy Hash: e03a183fa2bc5ccf8d02fd6cb0859c342f07a83c6ce2b0f50da6b3318f5ccb64
              • Instruction Fuzzy Hash: A9926971E00669CFEB25DF28CC80BA9B7B5BF45314F0581EAE94AA7291D7309E81CF51
              Function 01A7A3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
              • API String ID: 0-379654539
              • Opcode ID: b8a4f27c318a1d4676408bc149c8cd10fc3f2c0d281489224dc56281e66f3d77
              • Instruction ID: 07146b4c5b94fdbeddff646b0d8143305e56029f3211a121c25c3388e3d4b401
              • Opcode Fuzzy Hash: b8a4f27c318a1d4676408bc149c8cd10fc3f2c0d281489224dc56281e66f3d77
              • Instruction Fuzzy Hash: 3FC1A971208782EFD711CF68C944B6EB7F4BF84704F08886AF9968B251E735CA49CB52
              Function 01AA8402 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
              Download Yara Rule
              Strings
              • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 01AA855E
              • LdrpInitializeProcess, xrefs: 01AA8422
              • minkernel\ntdll\ldrinit.c, xrefs: 01AA8421
              • @, xrefs: 01AA8591
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
              • API String ID: 0-1918872054
              • Opcode ID: 048b0c77430ef5b71e256e1c4535240f28f10a5cc6d44848f9cda78403e46a7b
              • Instruction ID: 4508bba69f8afcf1c19571a8f4e28df7bf26a1543d808ad84b5fbfbfd8c55142
              • Opcode Fuzzy Hash: 048b0c77430ef5b71e256e1c4535240f28f10a5cc6d44848f9cda78403e46a7b
              • Instruction Fuzzy Hash: 8B917F71548345AFDB21EF25CD84FABBAECFF94644F40092EFA8493151E734E9448B62
              Function 01A764AB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
              Download Yara Rule
              Strings
              • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 01AD0FE5
              • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 01AD1028
              • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 01AD10AE
              • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 01AD106B
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
              • API String ID: 0-1468400865
              • Opcode ID: f9c9a4243aa1d0b6f5e2465316d11eebe7126cdd5cac378ecf06df042a64ecc2
              • Instruction ID: 062f5c10609cbc360de41e67f5f5f631aeab60add462e1c513468964bf603ba4
              • Opcode Fuzzy Hash: f9c9a4243aa1d0b6f5e2465316d11eebe7126cdd5cac378ecf06df042a64ecc2
              • Instruction Fuzzy Hash: D87110B1904745AFDB21EF28CD84B9B7FA8AF54B60F000469F9498B247D334D688DBD2
              Function 01A915F4 Relevance: 5.2, Strings: 4, Instructions: 166COMMON
              Download Yara Rule
              Strings
              • MZER, xrefs: 01A916E8
              • LdrpCompleteMapModule, xrefs: 01ADA590
              • Could not validate the crypto signature for DLL %wZ, xrefs: 01ADA589
              • minkernel\ntdll\ldrmap.c, xrefs: 01ADA59A
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID: Could not validate the crypto signature for DLL %wZ$LdrpCompleteMapModule$MZER$minkernel\ntdll\ldrmap.c
              • API String ID: 0-1409021520
              • Opcode ID: 65fa05233bdb9b013398c210b9f74c3be3946b65613d1f2d7cebaed9225c2c80
              • Instruction ID: 63d9dce206e85d741ee0927a6f3c0cc344a8f5f5564d6cedf0697af9e5a711ec
              • Opcode Fuzzy Hash: 65fa05233bdb9b013398c210b9f74c3be3946b65613d1f2d7cebaed9225c2c80
              • Instruction Fuzzy Hash: 4D51E475A00B469BEF22DB6CCA44B267BF4BF40724F180558EB529B6E2D774E980C780
              Function 01B211A4 Relevance: 5.1, Strings: 4, Instructions: 113COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID: This is located in the %s field of the heap header.$HEAP: $HEAP[%wZ]: $Heap %p - headers modified (%p is %lx instead of %lx)
              • API String ID: 0-336120773
              • Opcode ID: 3ebd19de3a10c4b5879c715e42960da6ffa710cda64eb9a27764321090a2c274
              • Instruction ID: cfa7d9d895d6fc15d5dbcc85d8dd8a0a5b7e550ae433d4ef491f6474fd088530
              • Opcode Fuzzy Hash: 3ebd19de3a10c4b5879c715e42960da6ffa710cda64eb9a27764321090a2c274
              • Instruction Fuzzy Hash: 54312472200120EFE719DB9CC885F6677E8FF46620F14019AF509CB291E731EC89CA64
              Function 01A69148 Relevance: 5.1, Strings: 4, Instructions: 100COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID: HEAP: $HEAP[%wZ]: $VirtualProtect Failed 0x%p %x$VirtualQuery Failed 0x%p %x
              • API String ID: 0-1391187441
              • Opcode ID: ea4ba57c7f5b1c8f056fc51cf8272201a49cde4bd63b8067940a876ef402222d
              • Instruction ID: ae8e2994d9eff09a151de2e798dbe766c87a6aa44b91bc1441fb62548627a3ff
              • Opcode Fuzzy Hash: ea4ba57c7f5b1c8f056fc51cf8272201a49cde4bd63b8067940a876ef402222d
              • Instruction Fuzzy Hash: E931A132A00205EFCB02DB59C885FABB7BCEF45A64F24406AE915EB291D771E940CA60
              Function 01B194E0 Relevance: 4.3, Strings: 3, Instructions: 558COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID: $ $0
              • API String ID: 0-3352262554
              • Opcode ID: 9543c1aad125479b0a9adb87cb1533123de3a6ffec2d90784b776415cac26bf2
              • Instruction ID: 2991bf1783a50d9e64c7e88f935f3b04b49d634a578e1feca0e77c2a7b119f6a
              • Opcode Fuzzy Hash: 9543c1aad125479b0a9adb87cb1533123de3a6ffec2d90784b776415cac26bf2
              • Instruction Fuzzy Hash: 353242B16083818FE328CF68C494B9BBBE5FF88348F45496EF59987254D774E908CB52
              Function 01A71460 Relevance: 4.1, Strings: 3, Instructions: 385COMMON
              Download Yara Rule
              Strings
              • HEAP: Free Heap block %p modified at %p after it was freed, xrefs: 01A71728
              • HEAP: , xrefs: 01A71596
              • HEAP[%wZ]: , xrefs: 01A71712
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
              • API String ID: 0-3178619729
              • Opcode ID: 25cd3b9751c87e7734c224ab9605db3aae3bdb7e15de0bb9923a1d35c184b2d3
              • Instruction ID: c2ae9ae5a4ccf83ab4f922b4eb793210cf0b25aa96fe81ed34c98faa3a80d946
              • Opcode Fuzzy Hash: 25cd3b9751c87e7734c224ab9605db3aae3bdb7e15de0bb9923a1d35c184b2d3
              • Instruction Fuzzy Hash: F1E1E170A046459FDB29CF2CC891B7ABBF6EF48700F18885DE996CB246D734EA44CB50
              Function 01A6A197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID: FilterFullPath$UseFilter$\??\
              • API String ID: 0-2779062949
              • Opcode ID: 03d86354ddd03aabfbbc62a3dfe8323879a10b40042329a2bc5ea323e44ada61
              • Instruction ID: 5acdf95d50b8fed3852587e8d4bcfee34de62e5829330a575bdf7cc18e59283d
              • Opcode Fuzzy Hash: 03d86354ddd03aabfbbc62a3dfe8323879a10b40042329a2bc5ea323e44ada61
              • Instruction Fuzzy Hash: CAA16A759112299BDF319F68CD88BEAB7B8EF44B10F0041EAE90DA7251D735AE84CF50
              Function 01AF7410 Relevance: 4.0, Strings: 3, Instructions: 233COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID: Objects=%4u$Objects>%4u$VirtualAlloc
              • API String ID: 0-3870751728
              • Opcode ID: b36b972317e2cf0c31d0067184b5fad0bd53e4d1e8657c052b4a5eb9a6a26064
              • Instruction ID: 569c59f0d4f6ada3bbc47683c3ca3582791cbb0db4541c6e45d001d89fd8aea1
              • Opcode Fuzzy Hash: b36b972317e2cf0c31d0067184b5fad0bd53e4d1e8657c052b4a5eb9a6a26064
              • Instruction Fuzzy Hash: CC911AB0E002159FEB58CFE9C580BADBBF1BF58314F14816EEA05AB291E7759842CF54
              Function 01AA909C Relevance: 3.9, Strings: 3, Instructions: 199COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID: %$&$@
              • API String ID: 0-1537733988
              • Opcode ID: 1e2ff62fff4835e3822a4606ff62d7f50951a5e871c6c90269c77c01676e0bce
              • Instruction ID: 511637d2b4babb9f6ff7bdb999b72ee50c48b867ae1083a20999b49f66f2d1f0
              • Opcode Fuzzy Hash: 1e2ff62fff4835e3822a4606ff62d7f50951a5e871c6c90269c77c01676e0bce
              • Instruction Fuzzy Hash: 8671CE706083029FD715DF28C584A2BBBF9FFD861CF548A1DE59A87291D731E809CB92
              Function 01A6758F Relevance: 3.9, Strings: 3, Instructions: 132COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID: HEAP: $HEAP[%wZ]: $Invalid address specified to %s( %p, %p )
              • API String ID: 0-1151232445
              • Opcode ID: d8cfdaf3997f18711a9ca583b474e2c67e5bd650952afa2f0a30cc8ae1ef3bf1
              • Instruction ID: 7ba50b14b67c6c7a426a7af63a35b216e9c78ff52b28875a5cf18f372debbf90
              • Opcode Fuzzy Hash: d8cfdaf3997f18711a9ca583b474e2c67e5bd650952afa2f0a30cc8ae1ef3bf1
              • Instruction Fuzzy Hash: 5A4127743102858FFF3ACB9DC0847B97BE9AF02708F18446DD5468B296E775D885C791
              Function 01B2C188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
              Download Yara Rule
              Strings
              • PreferredUILanguages, xrefs: 01B2C212
              • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 01B2C1C5
              • @, xrefs: 01B2C1F1
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
              • API String ID: 0-2968386058
              • Opcode ID: 0089fa7e46e2ffa6b81863b63e481a0a832ed190821a7e2d2b5579461d64a3d1
              • Instruction ID: 36f7ea981a605943f4e87a94984d70649df67df2257813b3823d90ee1efdcc4a
              • Opcode Fuzzy Hash: 0089fa7e46e2ffa6b81863b63e481a0a832ed190821a7e2d2b5579461d64a3d1
              • Instruction Fuzzy Hash: 2D416271E00219EBDF15DED8C981FEEBBBCEB15700F1441AAEA09B7240DB749A498B50
              Function 01B04144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
              • API String ID: 0-1373925480
              • Opcode ID: fe94138e56296fa55242b5ab8a79ec3ca25b53562e10bbe4d322141ef4a54b86
              • Instruction ID: 02d10db795af3d40ae40ac70af8c5d4d7231437fa16be812d2b00cbdd04ede8f
              • Opcode Fuzzy Hash: fe94138e56296fa55242b5ab8a79ec3ca25b53562e10bbe4d322141ef4a54b86
              • Instruction Fuzzy Hash: B2411172A042498BEB2BDBE9C940BADBFB8FF55740F14049ADA01EB7D1DB349901CB10
              Function 01AA33A0 Relevance: 3.9, Strings: 3, Instructions: 111COMMON
              Download Yara Rule
              Strings
              • RtlCreateActivationContext, xrefs: 01AE29F9
              • SXS: %s() passed the empty activation context data, xrefs: 01AE29FE
              • Actx , xrefs: 01AA33AC
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID: Actx $RtlCreateActivationContext$SXS: %s() passed the empty activation context data
              • API String ID: 0-859632880
              • Opcode ID: 26b96b2ef6db7d8d074d4fb9e2aae92dd002e9d65e59a78122b57bbe596f0a7a
              • Instruction ID: 32d4ef0922c508e9e42619dd15213ec00adbc827841ea956bd2049525de178b2
              • Opcode Fuzzy Hash: 26b96b2ef6db7d8d074d4fb9e2aae92dd002e9d65e59a78122b57bbe596f0a7a
              • Instruction Fuzzy Hash: 9A3112336003069FEF26DF58C884BA67BA8BF44711F45842AFE059F282CB71E845C790
              Function 01AFB594 Relevance: 3.9, Strings: 3, Instructions: 107COMMON
              Download Yara Rule
              Strings
              • @, xrefs: 01AFB670
              • GlobalFlag, xrefs: 01AFB68F
              • \Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\, xrefs: 01AFB632
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID: @$GlobalFlag$\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\
              • API String ID: 0-4192008846
              • Opcode ID: 53963fe999f0e4f3b80f31bcf2a5ec3f029a1bfdf96dfda9f8858098a8ecea0d
              • Instruction ID: 9fa0f3be809ab4ad226a7acbaafd24880c697aee8af519e641ed5c94f95e289e
              • Opcode Fuzzy Hash: 53963fe999f0e4f3b80f31bcf2a5ec3f029a1bfdf96dfda9f8858098a8ecea0d
              • Instruction Fuzzy Hash: 68313AB1A00209AFDB10EF95CD80BEEBBBCEF44744F14046AEA05A7151D7749A44CBA4
              Function 01AB1270 Relevance: 3.8, Strings: 3, Instructions: 97COMMON
              Download Yara Rule
              Strings
              • BuildLabEx, xrefs: 01AB130F
              • \Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion, xrefs: 01AB127B
              • @, xrefs: 01AB12A5
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID: @$BuildLabEx$\Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion
              • API String ID: 0-3051831665
              • Opcode ID: 4dd0507e6de23adeaafdd13239ae3a95ee5485203228978708ef77071a5cdf2e
              • Instruction ID: f10db9e8e7caad50e34bad65532245a749be4bf3a2fa74a710681e0e0f475d8f
              • Opcode Fuzzy Hash: 4dd0507e6de23adeaafdd13239ae3a95ee5485203228978708ef77071a5cdf2e
              • Instruction Fuzzy Hash: CC31B372A00259BFDF12EF95DD94EEFBBBDEB94710F004426E914A7261E730EA058B50
              Function 01AF20DE Relevance: 3.8, Strings: 3, Instructions: 41COMMON
              Download Yara Rule
              Strings
              • Process initialization failed with status 0x%08lx, xrefs: 01AF20F3
              • LdrpInitializationFailure, xrefs: 01AF20FA
              • minkernel\ntdll\ldrinit.c, xrefs: 01AF2104
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
              • API String ID: 0-2986994758
              • Opcode ID: 3dfe69e85f376dcf869f351b7fb54440321b62108840dcaccf9630dfe9131626
              • Instruction ID: ff73fe21084d284c0d17c8869232e5abf11b085da36d0efac4fd6b2f1f53da5d
              • Opcode Fuzzy Hash: 3dfe69e85f376dcf869f351b7fb54440321b62108840dcaccf9630dfe9131626
              • Instruction Fuzzy Hash: 07F0C2B5640308BBE724EB8CDD56FA93BACFB50B54F14006EFB04A7292D2F4A900C695
              Function 01A803E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON
              Download Yara Rule
              APIs
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID: ___swprintf_l
              • String ID: #%u
              • API String ID: 48624451-232158463
              • Opcode ID: fb4146cc28c33fd6b552103bd06d729235aa594f75dc5b90f720844f1312dcbd
              • Instruction ID: 93cdba8fee5c8ada29b924dc2711587d2a74878cc4092d19e8347745d9e35991
              • Opcode Fuzzy Hash: fb4146cc28c33fd6b552103bd06d729235aa594f75dc5b90f720844f1312dcbd
              • Instruction Fuzzy Hash: 2C713A71A0154A9FDB01DFA8CA90BAEB7F8FF18704F144065E905E7252EB34ED05CB60
              Function 01A852A0 Relevance: 3.2, Strings: 2, Instructions: 658COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID: @$@
              • API String ID: 0-149943524
              • Opcode ID: a1b9945d05861d3280acb4e9189557baf3224a4dd1e1adaed94d3e2c4477c41b
              • Instruction ID: 7e0959454808c0e993bbe4ee6e177582e54feca35514e8ee0085959029581304
              • Opcode Fuzzy Hash: a1b9945d05861d3280acb4e9189557baf3224a4dd1e1adaed94d3e2c4477c41b
              • Instruction Fuzzy Hash: E432AB709083118BDB24EF19C590B7EBBF1EF85744F18492EFA869B290E734D984CB52
              Function 01B3A352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID: `$`
              • API String ID: 0-197956300
              • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
              • Instruction ID: 660362ce759dc425aabeae970691f5a8ae157eb7dcf897c232baad32e599bc8b
              • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
              • Instruction Fuzzy Hash: A9C1BF312043429BEB29CE28C881B6BBBE5EFD4314F284A6DF6D6CB290D775D515CB81
              Function 01A704E5 Relevance: 2.7, Strings: 2, Instructions: 153COMMON
              Download Yara Rule
              Strings
              • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 01A7063D
              • kLsE, xrefs: 01A70540
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
              • API String ID: 0-2547482624
              • Opcode ID: 1bbda087afe6d2d57946aa3e6863d64947e8fa7bbe59dcff140b3570e4b7adbf
              • Instruction ID: b5ee67995d8a10aac4501aed32517e08025b59a7f14efcf30acf94087ba67cba
              • Opcode Fuzzy Hash: 1bbda087afe6d2d57946aa3e6863d64947e8fa7bbe59dcff140b3570e4b7adbf
              • Instruction Fuzzy Hash: E451C2716047429FD724DF78CA406A7BBE4AF86304F10883EF6D987241E774E645CB91
              Function 01A7A2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
              Download Yara Rule
              Strings
              • RtlpResUltimateFallbackInfo Exit, xrefs: 01A7A309
              • RtlpResUltimateFallbackInfo Enter, xrefs: 01A7A2FB
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
              • API String ID: 0-2876891731
              • Opcode ID: 10089623ccf77fe0bc1fcaf2ad0bb2075c1ad8977192ceec4602092579394ed3
              • Instruction ID: b4419c00e613f586e5333153f08698d619d51bed32a3f9642dd6c8d18023ba3c
              • Opcode Fuzzy Hash: 10089623ccf77fe0bc1fcaf2ad0bb2075c1ad8977192ceec4602092579394ed3
              • Instruction Fuzzy Hash: 8D41C239A04A49EFEB11DF59C840B6E7BB4FF84700F1880AAE915DB291E3B5DA40CB50
              Function 01B035BA Relevance: 2.6, Strings: 2, Instructions: 99COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID: LdrResGetRCConfig Enter$LdrResGetRCConfig Exit
              • API String ID: 0-118005554
              • Opcode ID: 40316cf241d71b0626263a1155d8e7acaef21612469eab222c9ec68eac715c5c
              • Instruction ID: 930e04acabeb14c29ea4f29b08bd79b0c637930253d6559cff844c6bc6a401ef
              • Opcode Fuzzy Hash: 40316cf241d71b0626263a1155d8e7acaef21612469eab222c9ec68eac715c5c
              • Instruction Fuzzy Hash: 4E31C0312087419FD316DF68D958B2ABBE4FF85710F0408A9F9408B3E1EB30D805CB52
              Function 01AA329E Relevance: 2.6, Strings: 2, Instructions: 93COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID: .Local\$@
              • API String ID: 0-380025441
              • Opcode ID: 44277ca48fc0bb19af65e4a7c0c2c099d320b6433c4ab95c34430a9e8fed51bc
              • Instruction ID: 80f369b8233c6c53d347632fde6b49bdd7125f5873e2c4f50d5ead9375f93207
              • Opcode Fuzzy Hash: 44277ca48fc0bb19af65e4a7c0c2c099d320b6433c4ab95c34430a9e8fed51bc
              • Instruction Fuzzy Hash: 8831AFB250D3059FCB11DF28C980A6BBBF8FF94654F84092EF99583211DB31DD048BA2
              Function 01AA34B0 Relevance: 2.6, Strings: 2, Instructions: 66COMMON
              Download Yara Rule
              Strings
              • SXS: %s() bad parameters:SXS: Map : 0x%pSXS: EntryCount : 0x%lx, xrefs: 01AE2A95
              • RtlpInitializeAssemblyStorageMap, xrefs: 01AE2A90
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID: RtlpInitializeAssemblyStorageMap$SXS: %s() bad parameters:SXS: Map : 0x%pSXS: EntryCount : 0x%lx
              • API String ID: 0-2653619699
              • Opcode ID: 35172e5d2e80af6d4c723590f69c04b8cf72c6a4e43a747fac69daafb9589d0f
              • Instruction ID: 1947e010121fbf822b8475ed61c8baf031eeb756bc5ef824ad45726a481488e6
              • Opcode Fuzzy Hash: 35172e5d2e80af6d4c723590f69c04b8cf72c6a4e43a747fac69daafb9589d0f
              • Instruction Fuzzy Hash: 3211C676B04305BBFB258B8DCD45F6A76ADAF94B54F58802EBA04EB281D774CD0086A0
              Function 01AAA5D0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID: InitializeThunk
              • String ID: Cleanup Group$Threadpool!
              • API String ID: 2994545307-4008356553
              • Opcode ID: bd938ca00f2be17794213d3465f701dc582909306e79462e8f1c4f1389e91138
              • Instruction ID: c585209ace61215bf615eaadc3506de40d9b52f2e3bd36257170cbd7d920f9ea
              • Opcode Fuzzy Hash: bd938ca00f2be17794213d3465f701dc582909306e79462e8f1c4f1389e91138
              • Instruction Fuzzy Hash: B401DCB2640740AFD321DF24CE45B26B7E8E794B25F04893AF648C7190E374E804CB46
              Function 01A77370 Relevance: 1.7, APIs: 1, Instructions: 247COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c7aa7c59567bfacd31ec882144a15938986bc07fb9809f8e3dd017af2b48e26f
              • Instruction ID: af18f4d4155d861cb208fa67546e91c55ca6924f0c5e5ad96daa49926fdb70c2
              • Opcode Fuzzy Hash: c7aa7c59567bfacd31ec882144a15938986bc07fb9809f8e3dd017af2b48e26f
              • Instruction Fuzzy Hash: 3CA19C71608742CFC721DF68C984A2ABBF5BF98704F14496EE58587352E730EA45CB92
              Function 01AF6420 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID: 0-3916222277
              • Opcode ID: e1d6979fe9fbacec5e525c0545fe25bd7660e00441c8c7e080bc66d59c395597
              • Instruction ID: 216418d6db5a23a78db11edf88883b06aa175d7f440a69c452f2e3c3deb515c9
              • Opcode Fuzzy Hash: e1d6979fe9fbacec5e525c0545fe25bd7660e00441c8c7e080bc66d59c395597
              • Instruction Fuzzy Hash: 7C9161B1A00219AFEF21DBA5CD85FAE7BB9EF15B50F100059F704BB191D775A904CBA0
              Function 01B2B256 Relevance: 1.4, Strings: 1, Instructions: 130COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID: PreferredUILanguages
              • API String ID: 0-1884656846
              • Opcode ID: 9846c7ef4ad6708dd804cc0a03de7117f47bbb7c827f75b91e52c2d54c31e529
              • Instruction ID: 92a44f35947055d38576b4735a3008bfe5f881c492fffee99ff78e93b3accafe
              • Opcode Fuzzy Hash: 9846c7ef4ad6708dd804cc0a03de7117f47bbb7c827f75b91e52c2d54c31e529
              • Instruction Fuzzy Hash: 6041C872D00629ABDF19DA98CA80BEEB7BDEF44750F0541A6EE15E7250DB30DE44C7A0
              Function 01B1705E Relevance: 1.4, Strings: 1, Instructions: 112COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID: kLsE
              • API String ID: 0-3058123920
              • Opcode ID: e6d1c50f6701a787f11e5875bbafc0ed18d639670ac2995a1efed05e119af96c
              • Instruction ID: c07d183101a5b14a9c3682d75abe02d7d0743c24866c8f7f86c803718d582060
              • Opcode Fuzzy Hash: e6d1c50f6701a787f11e5875bbafc0ed18d639670ac2995a1efed05e119af96c
              • Instruction Fuzzy Hash: 3D41693210134257E739EB69E988BA53F94FB70724F5502A9ED508B0EDCF784981C7A0
              Function 01AA7505 Relevance: 1.4, Strings: 1, Instructions: 111COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID: #
              • API String ID: 0-1885708031
              • Opcode ID: 4bc324cfbfa2083798c26090082f3552f5e90ae9522e24348f396a2005f93b47
              • Instruction ID: e62700c4b48baf3e806b7eb017ab3bb7f28142748784130363b63963243d6283
              • Opcode Fuzzy Hash: 4bc324cfbfa2083798c26090082f3552f5e90ae9522e24348f396a2005f93b47
              • Instruction Fuzzy Hash: 5E41AD75A00656EBDF22DF98C490BBFB7B9FF84701F44405AE982A7241DB31D941CBA1
              Function 01A75096 Relevance: 1.3, Strings: 1, Instructions: 71COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID: Actx
              • API String ID: 0-89312691
              • Opcode ID: 6e5b31291f3f2cd80f4ebaede3c92c5607de483016ff89781d9228bfaba93950
              • Instruction ID: 4552bdd36e4c3e88f08856ff9754dc6956f4fc85e50fc911afb598aba4581140
              • Opcode Fuzzy Hash: 6e5b31291f3f2cd80f4ebaede3c92c5607de483016ff89781d9228bfaba93950
              • Instruction Fuzzy Hash: 15119330F447068FEB265A1DEC5063676E5EB81234F38812AE562CB391D671DE428780
              Function 01AF106E Relevance: 1.3, Strings: 1, Instructions: 62COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID: LdrCreateEnclave
              • API String ID: 0-3262589265
              • Opcode ID: e775fc16b33b1881786d830749bd7f6837dbafcb4fbe4cfbb4836e1537ce14a3
              • Instruction ID: dc160af90f7fd43bb307e0225b31cc000f36d4a061254660ef8c2c3647af69ac
              • Opcode Fuzzy Hash: e775fc16b33b1881786d830749bd7f6837dbafcb4fbe4cfbb4836e1537ce14a3
              • Instruction Fuzzy Hash: 0F2134B16083449FC320DF5AC944A5BFBE8FBE5B50F000A1EFA9487260D7B1D805CB92
              Function 01AC739A Relevance: .7, Instructions: 705COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a0a6e556be1c33e2ead5bcbaf5fd5fab6913a36dac37940db2b0a538b7f93686
              • Instruction ID: 6047557fb2757d4c9ffba19324017f6f9c3bd565a909a82d907e235ef3407780
              • Opcode Fuzzy Hash: a0a6e556be1c33e2ead5bcbaf5fd5fab6913a36dac37940db2b0a538b7f93686
              • Instruction Fuzzy Hash: 1C428F71A006169FDB19CF9DC490ABEBBB2FF88B14B18855DD552AB341DB34E842CF90
              Function 01A9B2C0 Relevance: .6, Instructions: 629COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4b33dae395ce990caa62a70f93c62ad46720c5873077bc3318939e4c5685b370
              • Instruction ID: eec2ddea3a40b5670d59758bd78510af20301ba7280017baaa17012ccb1d7695
              • Opcode Fuzzy Hash: 4b33dae395ce990caa62a70f93c62ad46720c5873077bc3318939e4c5685b370
              • Instruction Fuzzy Hash: 81329E72E00259DBDF14CFA8D990BAEBBF5FF94714F180029E905AB391E7359941CBA0
              Function 01B08158 Relevance: .6, Instructions: 617COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: bfb63dc0579e02116653f16f3d87823d79ce4b6299ebb57e39ff0ce7219df843
              • Instruction ID: e089778a0ed8cc1a6dc8d517efd455ab64dc982a116087463de884c6ec0c9fa1
              • Opcode Fuzzy Hash: bfb63dc0579e02116653f16f3d87823d79ce4b6299ebb57e39ff0ce7219df843
              • Instruction Fuzzy Hash: 82424E75E002198FEB25CF69C881BADBBF5FF48310F158199E949EB282D7349A85CF50
              Function 01B1A118 Relevance: .6, Instructions: 591COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6fb1dbd15a22fe1b1e1418d47a008a2af16d35377b4b4721cf4b0c5745839e9a
              • Instruction ID: a3b2cb637b1ed21958b426ece926349d2ec105b0c6ac2fc644821fbac6aa48f5
              • Opcode Fuzzy Hash: 6fb1dbd15a22fe1b1e1418d47a008a2af16d35377b4b4721cf4b0c5745839e9a
              • Instruction Fuzzy Hash: A022A1702066D18AEB29CF39C094372BBF1EF45300F9A85D9E9968B28ED735F551CB60
              Function 01A765D0 Relevance: .4, Instructions: 383COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: daee6ffdac8aa775123ad2b7d1be6c76b0aa47e0fc94498e0ebe4c75f582a0af
              • Instruction ID: 8d611039badc6ebefb0a97582461c6ec4386718fac564c0d3668f4f8358cb634
              • Opcode Fuzzy Hash: daee6ffdac8aa775123ad2b7d1be6c76b0aa47e0fc94498e0ebe4c75f582a0af
              • Instruction Fuzzy Hash: 14E18E71608742CFD715DF28C990A6ABBF0FF89314F04896DE99987351EB31EA05CB92
              Function 01A68397 Relevance: .4, Instructions: 380COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d04bbe77125964b88299276a48fd1280c38af14795dfbc4402be3bd92ce62c73
              • Instruction ID: 73baf895c18b6a60cada764af3d0a92cd78b8041f39d00e4abcfa313d6406256
              • Opcode Fuzzy Hash: d04bbe77125964b88299276a48fd1280c38af14795dfbc4402be3bd92ce62c73
              • Instruction Fuzzy Hash: 02D10571A0030A9BDF14DF68C981ABA77BDFF64744F08462DE916DB281E738E950CB60
              Function 01AF8243 Relevance: .3, Instructions: 322COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
              • Instruction ID: 74068e889e8a3d42837ed2bd18d91ff48d5a484562970352e81b46e39f57d97f
              • Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
              • Instruction Fuzzy Hash: 68B16E75A00709AFDF24DBD9C940AABBBB9EF84304F14446DBB52A7794DB38E905CB10
              Function 01A8F460 Relevance: .3, Instructions: 321COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 78e7033cdc59e46c12162670676ab467de30817945adf95c1ad18368d152467a
              • Instruction ID: 4c8f5967032926c8f13c56c8b9db1b69967d78d9de7eabb32b0c7217b27e81f6
              • Opcode Fuzzy Hash: 78e7033cdc59e46c12162670676ab467de30817945adf95c1ad18368d152467a
              • Instruction Fuzzy Hash: 6BC12631A01256CFDB28EF2CC5907B97BB1FF58B18F194269ED429B3A6D7348940CB60
              Function 01A80535 Relevance: .3, Instructions: 300COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
              • Instruction ID: 0462f61d7ab8d87cb358e446fae9255f4ebdf4c672b946f79c410814c3e405f9
              • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
              • Instruction Fuzzy Hash: 17B14A31600A46AFDB25EB68C950BBEBBF6AF48300F1845A5E652D7391DB30ED45CB90
              Function 01A990DB Relevance: .3, Instructions: 287COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 70afe1757fafe31d74e0145de484e39f485947eafbb7c7f370adbaf79af87468
              • Instruction ID: 1a32bdc2fd85059a55501165a6d3070eafb1a9dba20e7f65db03de9b359a81c1
              • Opcode Fuzzy Hash: 70afe1757fafe31d74e0145de484e39f485947eafbb7c7f370adbaf79af87468
              • Instruction Fuzzy Hash: C7A13DB1900656AFEF229FA8CC81FBF7BB9AF55750F050055FA01AB2A0D7759C50CBA0
              Function 01A783C0 Relevance: .3, Instructions: 281COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 837b4c7f91a121ada5eb966b4c66206b700a4597aacb11441d5535f9193502c5
              • Instruction ID: fde200acd3ce280d7098a3179e6c2cf8e19bf73971af879ceed96face5eec152
              • Opcode Fuzzy Hash: 837b4c7f91a121ada5eb966b4c66206b700a4597aacb11441d5535f9193502c5
              • Instruction Fuzzy Hash: A8C13A74508341CFD764CF19C894BABB7E5BF98304F44496DE98A87291E778EA08CF92
              Function 01A6C427 Relevance: .3, Instructions: 280COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: feeb31d2905ba9a946207d9c78471dbd680b9de9b530234183a7b2294d228c3c
              • Instruction ID: aa0dfd81339e56b3274459881bc87c820450ae46d65387ff6e3ab8da756f0baa
              • Opcode Fuzzy Hash: feeb31d2905ba9a946207d9c78471dbd680b9de9b530234183a7b2294d228c3c
              • Instruction Fuzzy Hash: BEB18270A0026A8BDB25DF68C990BB9B3F5EF44750F0485EAD54AE7245EB30DDC5CB24
              Function 01A9E5E7 Relevance: .3, Instructions: 278COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 016491cfca77c792cf0e848c7932ade5f018292b9731c4483ed5a50a85e517ca
              • Instruction ID: 52c0fec4d02288cc581c61264aaa0d2f577f5e0c793f75370fea8dce541b5e86
              • Opcode Fuzzy Hash: 016491cfca77c792cf0e848c7932ade5f018292b9731c4483ed5a50a85e517ca
              • Instruction Fuzzy Hash: 8EA10631E00655AFEF21DB98C944BAEBBF4AF04754F090125EA12AB2D2D774AD81CBD1
              Function 01AB0185 Relevance: .3, Instructions: 276COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8cf552d54652468ca5b0da8138fcf722cd3486d6d05094c52ec9632f47fbe7b3
              • Instruction ID: efbf5afb6d57a742c806d76a3c143a3faea0274066d4512a6a95d3ff3347b8ea
              • Opcode Fuzzy Hash: 8cf552d54652468ca5b0da8138fcf722cd3486d6d05094c52ec9632f47fbe7b3
              • Instruction Fuzzy Hash: BAA1AD70A017569BDB25CF69C6D4BABBBF9FF54314F04402AEA4597283EB38E805CB50
              Function 01B44500 Relevance: .3, Instructions: 275COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 92e38ba8fec5ba956b83fc84bc15b8ac61b50302881c717291bb31e3d5ab805e
              • Instruction ID: c4e64540333a4d9b045a1ada04e0c97fb6cbe0e8ec1c27f8eb3280c6efee92f0
              • Opcode Fuzzy Hash: 92e38ba8fec5ba956b83fc84bc15b8ac61b50302881c717291bb31e3d5ab805e
              • Instruction Fuzzy Hash: 6EA10172A00202DFDB19DF28C980B6AB7E9FF58704F0085A9F585DB661D334ED11CB91
              Function 01AF60E0 Relevance: .3, Instructions: 264COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 49d585cf6f9eca6dd31ef8848f4310707dbdc06dbb83ed508b32ee67630b46e1
              • Instruction ID: 2339765543e0772923b3393e0cd0e478a1516aa1351e1d05f3b3b0e0318c0ec5
              • Opcode Fuzzy Hash: 49d585cf6f9eca6dd31ef8848f4310707dbdc06dbb83ed508b32ee67630b46e1
              • Instruction Fuzzy Hash: ED918E75E0021AAFDB15CFA8D884BAEBBB5EF48710F15416DF718EB241D734E9009BA4
              Function 01A8E3F0 Relevance: .3, Instructions: 261COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 724d2de0cf36bb79b338d86dfe40ca6fe90c3e48afb4364dc80b8982dd25b6a4
              • Instruction ID: 3bf8435d8e2af2ce81c2be7cba38ffc82bb8faf507520b718a861bb6065a11c5
              • Opcode Fuzzy Hash: 724d2de0cf36bb79b338d86dfe40ca6fe90c3e48afb4364dc80b8982dd25b6a4
              • Instruction Fuzzy Hash: BC911432A00616DBEB28EB6CC540BBE7BB1EF94714F098069ED06DB291E738DD41C761
              Function 01A71131 Relevance: .3, Instructions: 259COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9d820f64e4d2a3ce4dc243e5188b0f79d83549ffcb91f667a0f51e4157c21705
              • Instruction ID: 8d277368c24722c2692b24196e93d7000754eeab62913294f6d1419001663a85
              • Opcode Fuzzy Hash: 9d820f64e4d2a3ce4dc243e5188b0f79d83549ffcb91f667a0f51e4157c21705
              • Instruction Fuzzy Hash: E1B102B56093418FD354CF28C980A5AFBF1BB88704F18496EF999DB352D331E945CB92
              Function 01A79486 Relevance: .3, Instructions: 259COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 853372142600411598b17ffb05a0fd1801f30ec1449998d435298af6329cbc8f
              • Instruction ID: 2927a85124ab23e62c7b9f3353fa1feccba5b3d17003e553cfea5c6cfb977b4c
              • Opcode Fuzzy Hash: 853372142600411598b17ffb05a0fd1801f30ec1449998d435298af6329cbc8f
              • Instruction Fuzzy Hash: EEB1BE71A00612CFDF25DF2CC8807AABBB0BB1932CF14455BD8259B2A6D775DA46CB90
              Function 01B2B52F Relevance: .2, Instructions: 222COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 14aa7f2389c0c2f4a5e39dfbb016f189343e77270b8e137ddafeb974bf5cdc5c
              • Instruction ID: 3a252a53e4424727864a59c42045e0bb7adb4235c2d6955a5fbe88145f7b6a9e
              • Opcode Fuzzy Hash: 14aa7f2389c0c2f4a5e39dfbb016f189343e77270b8e137ddafeb974bf5cdc5c
              • Instruction Fuzzy Hash: F371D735A0023A9BDF29CF68C690ABEB7F5FF04740F18459AE9089B251EB34D949D790
              Function 01A9D090 Relevance: .2, Instructions: 217COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2f57846fa6853ce2eba42e0856427c3c37140fe7ac7bc1e87bfd5d4bd44f03bd
              • Instruction ID: 6e7eeeadc7e80fcd690951189bc3efc229df77e0b2403567ea9d7e2e7fa7dfa8
              • Opcode Fuzzy Hash: 2f57846fa6853ce2eba42e0856427c3c37140fe7ac7bc1e87bfd5d4bd44f03bd
              • Instruction Fuzzy Hash: 5C81B2B6E006159BDF14CF9CC9807EDBBB2FB84314F29816AC956BB344DA319984CB91
              Function 01AAE284 Relevance: .2, Instructions: 212COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b73ccd229ab7ba695509d4d004f3d7e6dc3541857c0855937f22fbb8398a65e5
              • Instruction ID: a0384ae409f9e68067cb22b7a6bf79fc43e66d1c888a168befbfba60cd6dec44
              • Opcode Fuzzy Hash: b73ccd229ab7ba695509d4d004f3d7e6dc3541857c0855937f22fbb8398a65e5
              • Instruction Fuzzy Hash: B5816E71A00609AFDB25CFA9C980BEEBBF9FF88354F54442AE556A7250D730AC45CB60
              Function 01AF035C Relevance: .2, Instructions: 198COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
              • Instruction ID: 0444db3bc61913b6c75377e4d495d79214352bdf06a1452c645d8394c4b624a5
              • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
              • Instruction Fuzzy Hash: DE716F71A00619EFDB10DFA9CA84EEEBBB9FF48710F104569E605E7251DB34EA05CB50
              Function 01B062A0 Relevance: .2, Instructions: 198COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 38ff101495e47b1b63b1492b86454298856aa163b21a022d33c1f7a4e606820d
              • Instruction ID: 4b18897e25a84007167eea0e2ff8cf567098d54fe44fc46b5d35d18b4e1f07af
              • Opcode Fuzzy Hash: 38ff101495e47b1b63b1492b86454298856aa163b21a022d33c1f7a4e606820d
              • Instruction Fuzzy Hash: 06710272200701AFEB3B9F18C984F6ABFA6EF40760F154598E2568B2E1DB74E954CB50
              Function 01B3132D Relevance: .2, Instructions: 188COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 16f5bd5fccdb6a4c1d5f0829c31fa0627dcb0a7dadff034230f22aba19563ad6
              • Instruction ID: 1524afd3597329e905c37563301d69f7d171aa02736bc5caf47791d8f9394a85
              • Opcode Fuzzy Hash: 16f5bd5fccdb6a4c1d5f0829c31fa0627dcb0a7dadff034230f22aba19563ad6
              • Instruction Fuzzy Hash: 6F816E75A00205DFCB09CF69C490AAEBBF1FF88300F1581A9D859EB355D734EA51CBA0
              Function 01B3903E Relevance: .2, Instructions: 186COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9e1d6b2803320dea5ab694010685ae37b1f2bccd3b02f2123f596953d9758cee
              • Instruction ID: b67f72d398d95454ac76b0ff2fac7779897e968e9015cbb74b02758311992a29
              • Opcode Fuzzy Hash: 9e1d6b2803320dea5ab694010685ae37b1f2bccd3b02f2123f596953d9758cee
              • Instruction Fuzzy Hash: 3461E171600B16AFD719DF69C884BABBBA8FFC8714F004699F859D7240DB70E924CB91
              Function 01B392A6 Relevance: .2, Instructions: 174COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0c1194520bee947dab253b2d201e09735b7d60061afb106b77a0db07525e5ad8
              • Instruction ID: ae7810dbd58d7f07bbbf7f66be3548c63641dbf559cf3d4c271952c474f8cca1
              • Opcode Fuzzy Hash: 0c1194520bee947dab253b2d201e09735b7d60061afb106b77a0db07525e5ad8
              • Instruction Fuzzy Hash: A46118712047828BE719DF6CC894B6BBBE0FFD0708F1845ACE9858B281DBB5E815C781
              Function 01A6B2D3 Relevance: .2, Instructions: 161COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ce679ae4eab4e843f215de319afe9843d76c040573f90bab67bbd7c14a286fcc
              • Instruction ID: 03b4dfa54601c2bffca6b9fe52bac3201c359337f087ff634069328b634b4af5
              • Opcode Fuzzy Hash: ce679ae4eab4e843f215de319afe9843d76c040573f90bab67bbd7c14a286fcc
              • Instruction Fuzzy Hash: 52411771340601DFDB269F29DA80B26BBA9FF54760F154429EA19DB691E734DC01CBA0
              Function 01AED5D0 Relevance: .2, Instructions: 161COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 421d61e5bc4c825cfb3b344d513b1230fd482de7481e25e13c6dc44851e8f620
              • Instruction ID: d660f7c74b7b6bd44b9a9f06cc53aabbd07b3bc106b81e932451531a9444ca7c
              • Opcode Fuzzy Hash: 421d61e5bc4c825cfb3b344d513b1230fd482de7481e25e13c6dc44851e8f620
              • Instruction Fuzzy Hash: 995127B62103539BDF11AFA8CC44A7B7BF6EF94654F080829FA44D7251E734C856CBA2
              Function 01AAB570 Relevance: .2, Instructions: 161COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 62efe5c72a9ff9268750dce4e08007b5c3d7554830c5775eda492526855d2ced
              • Instruction ID: 3918d0c861ab47d8fc009d8777af12ab0360172b00baa9127156ed899cd6b600
              • Opcode Fuzzy Hash: 62efe5c72a9ff9268750dce4e08007b5c3d7554830c5775eda492526855d2ced
              • Instruction Fuzzy Hash: 1A51D4712002429FE731EFA5CA85F6B7BE8EBA4764F14062EF911971D2D734E841CBA1
              Function 01A995DA Relevance: .2, Instructions: 160COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 840ced87ce147cd500aa1a097699a4aba609b1a61ab6900988d1edc60af65046
              • Instruction ID: 1a2e5a6dc1c1e2828e93727bb66f9d89f2e0ac7e8f2cd253425a1321184128d8
              • Opcode Fuzzy Hash: 840ced87ce147cd500aa1a097699a4aba609b1a61ab6900988d1edc60af65046
              • Instruction Fuzzy Hash: 13518070900649AFEF219FB5CD81BEEBBB8FF05304F20412AE695A7192DB719844DF50
              Function 01A77152 Relevance: .2, Instructions: 158COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 96759f18abed0a71cbd510d827802afa517beaf1bc65548802dd1f40aa8694d4
              • Instruction ID: e6221af2ef33d67da32784cbf08ddcb4d4cb678ddb580159510f8f342f31b64c
              • Opcode Fuzzy Hash: 96759f18abed0a71cbd510d827802afa517beaf1bc65548802dd1f40aa8694d4
              • Instruction Fuzzy Hash: 9C51F331A00A06EFEB16DFA8CD48BBDBBB5FF14315F154069E512932A0EB749A51CF90
              Function 01A945B1 Relevance: .2, Instructions: 156COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
              • Instruction ID: a15404d091de77468a75aee5cf45e4e196696836cf6f491fcc05b7540b338872
              • Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
              • Instruction Fuzzy Hash: 9F519175E0021EABDF15DF98C640BEEBBF5AF49754F05406AEA01AB240D734DE85CBA0
              Function 01B3D26B Relevance: .2, Instructions: 153COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e34a641792a2e79be6bf0067dfbea21fe876c0422c27924c31e583a14ba6783b
              • Instruction ID: 44dbb5bcaba8257984119e9d15ac72e299e3a54deb7c71d40828f644ea3661b3
              • Opcode Fuzzy Hash: e34a641792a2e79be6bf0067dfbea21fe876c0422c27924c31e583a14ba6783b
              • Instruction Fuzzy Hash: 00516D716083429FD718CFA8C880B9ABBE5FFC8354F448A6DF99497240D734E959CB52
              Function 01A751ED Relevance: .1, Instructions: 149COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 48654bef70ffadb2b31f7604193848b04f13b8d38a95b119b9542548f697b55c
              • Instruction ID: e961919d212249912a5ba0ac08ace99a005143e4487f695c62a962adb7abe405
              • Opcode Fuzzy Hash: 48654bef70ffadb2b31f7604193848b04f13b8d38a95b119b9542548f697b55c
              • Instruction Fuzzy Hash: 8551A071E01615DFEF22DBA8CD50BEDB7B4BF18714F180019E911EB261D7B49A40CBA5
              Function 01B03140 Relevance: .1, Instructions: 149COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f931950677681042ef41b661f929f270d1b613070e4ff272d8ffed129b34511a
              • Instruction ID: 5a8a5402672626d4aab2cdf0129f7c94125a6be805ed841ffb296a80e248de2c
              • Opcode Fuzzy Hash: f931950677681042ef41b661f929f270d1b613070e4ff272d8ffed129b34511a
              • Instruction Fuzzy Hash: 4E51C072604201DFD71ACF18C884B6ABBF4FF88714F0586AAF9559B2A0D334ED45CB82
              Function 01B435D7 Relevance: .1, Instructions: 139COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b2c300d7f86a03933703e09635872856e70952263eb4647515a482bdea46eec2
              • Instruction ID: fe8482be8a5218e7c443cd199fae53ef9346f8144e48d04886c9f225e143a4e3
              • Opcode Fuzzy Hash: b2c300d7f86a03933703e09635872856e70952263eb4647515a482bdea46eec2
              • Instruction Fuzzy Hash: B6516D71600606EFDB1ACF18C580A56FBF5FF45308F19C1AAE9089F262E371E945DB90
              Function 01AAA430 Relevance: .1, Instructions: 139COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a34cdc2452d99d454657af1f6cb4bb68f5f6d9ac351f03dae5b893587509c3f5
              • Instruction ID: ad05fd97c3090cc483124e6cd12b36f004b77559c2de26ff76e5a1bc6d06b7a1
              • Opcode Fuzzy Hash: a34cdc2452d99d454657af1f6cb4bb68f5f6d9ac351f03dae5b893587509c3f5
              • Instruction Fuzzy Hash: 39410872740212AFDF29EF69D980B7A77B5AB74B08F44042DEA069B292D7759800CB60
              Function 01AA01F8 Relevance: .1, Instructions: 138COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9347275611ec8f90df30bb6a3daeb0a1d9907851e4fa2795b65c214b89306790
              • Instruction ID: 4e5c074978e56566919dac3b5e40ac2941e23a2c457059c5d2fa5dede602c01d
              • Opcode Fuzzy Hash: 9347275611ec8f90df30bb6a3daeb0a1d9907851e4fa2795b65c214b89306790
              • Instruction Fuzzy Hash: 9741DF35A00219DBDB14DF98C680AEEBBB8BF48B10F58816AF915F7240D7359C45CBA4
              Function 01A7D534 Relevance: .1, Instructions: 138COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c6fc2d442db54bce60bdf04202ef6ca1cedfcbf34f11190802338c9f18a9e51a
              • Instruction ID: 200ee93ffe5cbe34fe3322613df925bacffb25cf34adc01ecfbc78f1708da337
              • Opcode Fuzzy Hash: c6fc2d442db54bce60bdf04202ef6ca1cedfcbf34f11190802338c9f18a9e51a
              • Instruction Fuzzy Hash: E251CE72600A95CFDB22CB6CC984B2A77F5BF48B54F0904A9F9428F691DB34DD40CB62
              Function 01AED1C0 Relevance: .1, Instructions: 135COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0eb649ebbf3548d8df43d0789ceff5cfbc550e3c64e1c06ae1f98d8f26ebe946
              • Instruction ID: 39c57fbc25239d0460985cecd42983a7128090d94cb5d0f45a870c0c414c7d70
              • Opcode Fuzzy Hash: 0eb649ebbf3548d8df43d0789ceff5cfbc550e3c64e1c06ae1f98d8f26ebe946
              • Instruction Fuzzy Hash: 86512475A00206DFDB18CFA9C585AAABBF1FF48314B14856ED819A7345E734EA80CF90
              Function 01A76154 Relevance: .1, Instructions: 133COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 50fdcbfb16aec3e35d51560404c66ae790680f99e9f4e170ba7f7fa1179916c4
              • Instruction ID: 256909c6fa61d66731ed8d80d5119662bc9287c2263a4a8d5b8672f2e303ae0c
              • Opcode Fuzzy Hash: 50fdcbfb16aec3e35d51560404c66ae790680f99e9f4e170ba7f7fa1179916c4
              • Instruction Fuzzy Hash: 5651F870900646DFEB659B28CD04BF8BBB5FF11314F1482A6E529976D1E7389A81CF80
              Function 01A6B136 Relevance: .1, Instructions: 131COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: cd6a711002f84658deeb7b96c31052ee509da18aba1cba9ae4a14721bc30a06f
              • Instruction ID: ef02de753f81f6424762e63d0e08ad521a43dd709690bc1ba86c1b9df7b04548
              • Opcode Fuzzy Hash: cd6a711002f84658deeb7b96c31052ee509da18aba1cba9ae4a14721bc30a06f
              • Instruction Fuzzy Hash: 434180B1640202EFDB22AF68C980B6ABBECFF50B94F044469E655DB691E774D840CF60
              Function 01A6A020 Relevance: .1, Instructions: 122COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
              • Instruction ID: 1cd53b5a00cd0dd51f53d912e3b5263a9747f391c85030baa3579e6b15bcfd9e
              • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
              • Instruction Fuzzy Hash: 4F410B31A04216DFDB11DF6984417BABB75EB50BA4F1A806EE945AB341D633DD40CBE0
              Function 01AF05A7 Relevance: .1, Instructions: 111COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0ecc0c1d0c33c60a31dbdeb2dcc5a35ce726d21ca3e77ffc6b4267110c25f48f
              • Instruction ID: 82aee367cf490653f9f11bd3a8379021f7b661a3ae093d7d8eb2ac00be9926be
              • Opcode Fuzzy Hash: 0ecc0c1d0c33c60a31dbdeb2dcc5a35ce726d21ca3e77ffc6b4267110c25f48f
              • Instruction Fuzzy Hash: B641C4726046419FC320DF68DA80A7BB7EAFFC8700F14461DFA5497681E770E904C7A6
              Function 01A802E1 Relevance: .1, Instructions: 106COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
              • Instruction ID: 0b9f0939b799d7a486718b51aaf2c8a3f399a66d8d7476af8e2e9dfd93c32108
              • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
              • Instruction Fuzzy Hash: CB310531A04644AFDB12AB68CD40BABBFF9EF14350F0841A6F865D7352C6749988CBA4
              Function 01A99274 Relevance: .1, Instructions: 105COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 68959d79cbfc9bdca1295ebfc1af1b4fc1ab63d8efa03139e94d60f45a61a557
              • Instruction ID: 1167330efe4eac4879232b3b2ed630a9b1417659fc9c94e43c1b00e277da5b1a
              • Opcode Fuzzy Hash: 68959d79cbfc9bdca1295ebfc1af1b4fc1ab63d8efa03139e94d60f45a61a557
              • Instruction Fuzzy Hash: CB31A275A00229AFDF219F68CC40BABBBF9AF86714F05019DE54DA7280DB309D84CF51
              Function 01A74260 Relevance: .1, Instructions: 102COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 507f78b72f8b7a1f6cfa8d70c0af80d1b319abaaf844a9479e788f65f1a7de63
              • Instruction ID: 6c13ee562ed8341ce05e95c7f47239495e774673d2a57c34ced2514d7fd6606e
              • Opcode Fuzzy Hash: 507f78b72f8b7a1f6cfa8d70c0af80d1b319abaaf844a9479e788f65f1a7de63
              • Instruction Fuzzy Hash: 0141BD71201B45DFD722DF28CA81FD67BE9BF99314F048429F69A8B250C774E944CB90
              Function 01A950E4 Relevance: .1, Instructions: 101COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9736ef1e2d2fe6ed3e8edd6ff05ccc53a0216fb05e956db353e68a80ecb75403
              • Instruction ID: e0752ac15b95bf849a73120673e71875419173ed21760232985b692874bc3c6e
              • Opcode Fuzzy Hash: 9736ef1e2d2fe6ed3e8edd6ff05ccc53a0216fb05e956db353e68a80ecb75403
              • Instruction Fuzzy Hash: 233106B1A083429FEF22EB1CC801767BBE4AF85750F19812BF5858B395D274C8C1C7A2
              Function 01A6B480 Relevance: .1, Instructions: 100COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: fe857a14a29a560db0def587ce7a58babcaf7d9697630564d1771a3d65474fcb
              • Instruction ID: d42525f131e92b2c577395fefb7bc1f0602e7cbdea87aefd3324ab30feccbb03
              • Opcode Fuzzy Hash: fe857a14a29a560db0def587ce7a58babcaf7d9697630564d1771a3d65474fcb
              • Instruction Fuzzy Hash: F93108726002049FC721EF28C440AA677B9FF45764F144169ED468B2A2D731ED42CBE0
              Function 01B361C3 Relevance: .1, Instructions: 97COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 16846d060cb37aed9641eaba2b1c548e28ea420f2789d078b07ebae1b6c8842a
              • Instruction ID: 4edc09a858b3b7790428ca031bf37cb0e32a466945464506b0542892b28ac43d
              • Opcode Fuzzy Hash: 16846d060cb37aed9641eaba2b1c548e28ea420f2789d078b07ebae1b6c8842a
              • Instruction Fuzzy Hash: F431E675A00156BBDB19DF98CD80FAEB7B5FB88B40F464168E900EB245D770ED10CB94
              Function 01B360B8 Relevance: .1, Instructions: 95COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4862f49b26669456c0f6dfc4b28220b6fd2ea3e0d0639e2e12304672a8814afb
              • Instruction ID: c4cbffd4125a88082c91832552fa35012af563c48df0c7dd6ad0c8958cca8e64
              • Opcode Fuzzy Hash: 4862f49b26669456c0f6dfc4b28220b6fd2ea3e0d0639e2e12304672a8814afb
              • Instruction Fuzzy Hash: 0C31EA71640A16BFDB1A9F9ACC50B6AB7F9EF94754F1040A9E505DB352DB30DE008790
              Function 01A78550 Relevance: .1, Instructions: 94COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d5eb391c38f85a61f42544577752bdbf1a946f9fa5ca613ff4bf403cad5b0cfd
              • Instruction ID: 33ea5603a2448f1b7e7f10397ee52141349e025a10e0e275ef465f1001d96a7d
              • Opcode Fuzzy Hash: d5eb391c38f85a61f42544577752bdbf1a946f9fa5ca613ff4bf403cad5b0cfd
              • Instruction Fuzzy Hash: 53319A726097018FE720CF19C844B2BBBE5FF98710F08496EE98997251D774ED44CB92
              Function 01AC7190 Relevance: .1, Instructions: 89COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3d9f232daa6456112ef7cca9ac13d1ecc1d2608bc40d33be58fee952b0e99bbe
              • Instruction ID: 9d7d9a75dff1d22330d2595c4eb61af2e7fdd86f77b34d5e6842190fd133bb2f
              • Opcode Fuzzy Hash: 3d9f232daa6456112ef7cca9ac13d1ecc1d2608bc40d33be58fee952b0e99bbe
              • Instruction Fuzzy Hash: 16314475604206CFC710CF5CC480956BBF6FF99750B2986A9EA589B325EB30ED06CF91
              Function 01A9438F Relevance: .1, Instructions: 89COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: de9dcd6e71be70b4ca9d6c09ad56f5d3dbf0766df76b491f20805cf776256249
              • Instruction ID: 6f163100a3001a6b35ef7900198431db397cf8dd36325489be842247673431e9
              • Opcode Fuzzy Hash: de9dcd6e71be70b4ca9d6c09ad56f5d3dbf0766df76b491f20805cf776256249
              • Instruction Fuzzy Hash: BC31E871B006069FDF24EFB8CA80A6EB7F9EF98704F00852AD516D7295D730D986CB90
              Function 01A792C5 Relevance: .1, Instructions: 89COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2963604b138b45d82781e0a3e479f75d70978de019cd50ff7a7906112cbdd64f
              • Instruction ID: 404730b3203c4316c7d212d5685455af1e9f40f2c1e6c379a927732495b34346
              • Opcode Fuzzy Hash: 2963604b138b45d82781e0a3e479f75d70978de019cd50ff7a7906112cbdd64f
              • Instruction Fuzzy Hash: 10317AB260834A8FCB02DF18D940A5BBBE9FF99754F04056AF851973A1D731DD14CBA2
              Function 01A6C156 Relevance: .1, Instructions: 88COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2eb9a18ab1c6807bae2e0950316b81f320c18fb6a73a54edfe3d90b6465aead3
              • Instruction ID: 9e1f7ccbe218d5a4459f80ba5625a8fbc2c5a6bef0a5d59333eafc4ea2859f5e
              • Opcode Fuzzy Hash: 2eb9a18ab1c6807bae2e0950316b81f320c18fb6a73a54edfe3d90b6465aead3
              • Instruction Fuzzy Hash: F531F7B25002019BDB25AF68CC41BB977B4AF50714F54C1BEE9869B382DB38D986CBD0
              Function 01B2C3CD Relevance: .1, Instructions: 88COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
              • Instruction ID: c729a2570eabac3b9f95dfdb2408d9abe0d0e381f660cbb7d60d1091801f30d6
              • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
              • Instruction Fuzzy Hash: EB213036A0066276DF19AB958C40ABFBFB4EF50710F80845AFAB987551E734D948C3A0
              Function 01A6E420 Relevance: .1, Instructions: 88COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 30bf57b99cadd67b35afb1e2d3e66955eebb62ac3a19de83411f535988298cd2
              • Instruction ID: 832c6b5fa3770238b98bb368df40468f3c3bce5bb6e91f2d3086890a1346b3bc
              • Opcode Fuzzy Hash: 30bf57b99cadd67b35afb1e2d3e66955eebb62ac3a19de83411f535988298cd2
              • Instruction Fuzzy Hash: CE31E535A0012C9BDB31DF28CD45FEE77BDEB15B40F0100A1E645AB291D6759E808F90
              Function 01AA4588 Relevance: .1, Instructions: 87COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
              • Instruction ID: a2bce2be3e4bb4450e4d8d280ce506c41805859490ab391e65e0f835c9c8f939
              • Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
              • Instruction Fuzzy Hash: 03217F72A00609EBCB15CF69C980A8EBBB5FF4C714F548069FE259B241D7B1EE058B90
              Function 01AA44B0 Relevance: .1, Instructions: 87COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e8175ece0b8eef718dd8f92952994af4911f6ea5b7adb2ec39f71ff624b44608
              • Instruction ID: 17d712d67ec0710ab025a7058a2455399ef7d3d0ccfb82f5dbd0f9067bf64954
              • Opcode Fuzzy Hash: e8175ece0b8eef718dd8f92952994af4911f6ea5b7adb2ec39f71ff624b44608
              • Instruction Fuzzy Hash: F121E3726047469BCB21DF28C980B6BB7E4FF8D720F484919FD849B241C770ED008BA2
              Function 01A6E388 Relevance: .1, Instructions: 86COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
              • Instruction ID: ca4573c604ea455d8703363d67f2ee3d57a5e98f8afbbcbefb427a25aa494605
              • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
              • Instruction Fuzzy Hash: 5A319A35600605EFDB21CF68C984F6AB7B9EF85354F1449A9E512CB681E730EE02CB50
              Function 01AAD530 Relevance: .1, Instructions: 85COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 07e51d0fc157cee7b42805a41f0c920f925f9a519db170c4aef474040f96588d
              • Instruction ID: b3f84cefff0f55586ab75b31eee9a48821962ba1884a5356683e1ac30185b7f5
              • Opcode Fuzzy Hash: 07e51d0fc157cee7b42805a41f0c920f925f9a519db170c4aef474040f96588d
              • Instruction Fuzzy Hash: D321E2B25043019BC721FBACDA44B6677ECBF64654F44082AFA85976A1EB38DC04C7A2
              Function 01A9F32A Relevance: .1, Instructions: 79COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e1acee25a86a18db778833508db53c8429f7f2c8d9f42c0ea70f9f679245ea3d
              • Instruction ID: e60716ca1a55ce029c7fad1e5bca19f8824f5c8a5ae71feacc8bb0e26ad22f27
              • Opcode Fuzzy Hash: e1acee25a86a18db778833508db53c8429f7f2c8d9f42c0ea70f9f679245ea3d
              • Instruction Fuzzy Hash: B421CF722002019FCB19DF29C540B67BBF9EF85365F15816DE11ACB291EB74E841CB94
              Function 01AF019F Relevance: .1, Instructions: 78COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: da5559d449c750a2af0f7722a9efbf6324cc9fab17f1153c29f11108a271d668
              • Instruction ID: 2c13ed4dd80a05df0c89c3e000d7566b34ef9f81fb81dd662c473b56f150b24c
              • Opcode Fuzzy Hash: da5559d449c750a2af0f7722a9efbf6324cc9fab17f1153c29f11108a271d668
              • Instruction Fuzzy Hash: 4C218BB1600645ABDB15DBACCA80E6AB7A8FF58740F144069FA04D76A1D738ED40CB68
              Function 01B171F9 Relevance: .1, Instructions: 74COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1267204b8987cbf30bfe6ba693345bbeec258774083de457f64c0a0baa1736eb
              • Instruction ID: 584f341e3c1cfc466f2945eae4d5b51177c9cfdda98a4edc0a3fff6aa9489add
              • Opcode Fuzzy Hash: 1267204b8987cbf30bfe6ba693345bbeec258774083de457f64c0a0baa1736eb
              • Instruction Fuzzy Hash: 6A214B31A047418BC329DF298944BABB7E8EFD6314F5149ADF8A683145CF70A94687D1
              Function 01AF0283 Relevance: .1, Instructions: 74COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b9ab0e33c76186788e82b43bc52fc23a49088ae1d3ad63956089aac818ebe02d
              • Instruction ID: ac72b972cbc75bfd8ca1ac3851699dc359803f86a6194f4022a4218463a95238
              • Opcode Fuzzy Hash: b9ab0e33c76186788e82b43bc52fc23a49088ae1d3ad63956089aac818ebe02d
              • Instruction Fuzzy Hash: 5021D6715043469BD711EFADCB48B6BBBEDEF90644F08455ABE80C7252D730D509C6A1
              Function 01AED0C0 Relevance: .1, Instructions: 73COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a31c2c23b4517fa83190f2f071b075dcb825627450a6f94414447da29f9bb9ec
              • Instruction ID: 55f5759989225c9569f23a677da1450e05fd1f2fbd709006c49ff28d64f109af
              • Opcode Fuzzy Hash: a31c2c23b4517fa83190f2f071b075dcb825627450a6f94414447da29f9bb9ec
              • Instruction Fuzzy Hash: FB21CF72644701ABD3219F18CC45B5BBBE4FF89760F04022EF9499B3A1D730E80087A9
              Function 01AAA30B Relevance: .1, Instructions: 70COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 778ec7c47fedfa295f7fa4668fcb2e521dfff360220ee8e40f5e47d4fbc13d19
              • Instruction ID: 019c2a7cd93dfcf1d04d4b4a2055d6fa1e41ddd7e27859d2510c59ffaa3e8d25
              • Opcode Fuzzy Hash: 778ec7c47fedfa295f7fa4668fcb2e521dfff360220ee8e40f5e47d4fbc13d19
              • Instruction Fuzzy Hash: 53217C79200A019FCB25DF29CD01B56B7F5FF58B04F1484A8E509CB762E375E842CBA4
              Function 01B080A8 Relevance: .1, Instructions: 69COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
              • Instruction ID: 61d9b03c8b1cc09f5c30af4cc850522303b6f2264785c2c92ede638bf73aa9a7
              • Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
              • Instruction Fuzzy Hash: 73218EB2A00209EFDF129F99CC40BAEBBBAFF48310F204455F944A7291D734DE518B50
              Function 01A915A9 Relevance: .1, Instructions: 69COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 29802a1ca24c6965babefc6623953e4fc32110ab479eab20bfca4cc576a297b9
              • Instruction ID: f1de3a0cffcb119d619ee9d52911410375cc4b57e53d378a2809525f6b859841
              • Opcode Fuzzy Hash: 29802a1ca24c6965babefc6623953e4fc32110ab479eab20bfca4cc576a297b9
              • Instruction Fuzzy Hash: 5F21F3B1600A86DFEB129FADCA44B217BE9AF40754F0E04A1ED068B293E734DC81C650
              Function 01AA0124 Relevance: .1, Instructions: 68COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
              • Instruction ID: 2cd336ff82b2c0f4b4ae3f407b374a5125a98c51dd9d614a32a1e573d7cdfe87
              • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
              • Instruction Fuzzy Hash: 3711BF72601705AFE7229F58CE81F9ABBB8EB84754F154029FA059B190D771ED84CB60
              Function 0040A9E3 Relevance: .1, Instructions: 66COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283198015.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_400000_SPA-198-2024.jbxd
              Yara matches
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 73351bebe4a757055e573fc56bfdf585adce22d4cc16eceb27a0fbf5b3d906b5
              • Instruction ID: c79646c41a7b9a2f75cf4af04a38e79a3505e8bf750d236a472815ac6483e6e5
              • Opcode Fuzzy Hash: 73351bebe4a757055e573fc56bfdf585adce22d4cc16eceb27a0fbf5b3d906b5
              • Instruction Fuzzy Hash: 97115C719482499FDB01CFA8C5416EEBFB0FB8A214F0841A6D889E72C2E6359522CBC1
              Function 01AFD080 Relevance: .1, Instructions: 66COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 070eb8381af3a8de8a3a0f653ad55c0a6bdeffc5b4274cd368158d5848768f85
              • Instruction ID: 340116adfae9fdaf50ea2e6933282973ab5166872a823f931d8326d3a10917da
              • Opcode Fuzzy Hash: 070eb8381af3a8de8a3a0f653ad55c0a6bdeffc5b4274cd368158d5848768f85
              • Instruction Fuzzy Hash: 6E110672150241ABC737BBA8CD40F3677A8EFA1A64F10047DFA494B692D738DC01C7A4
              Function 01A780E9 Relevance: .1, Instructions: 66COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a8a73ff7c8d9c49144996b661b3c9fe0a0421841a74a87b006c14b0182776752
              • Instruction ID: 597177a79bdbb0c28b959db4c95e8d8cd5f56a2731930bc744135e82c2b63b18
              • Opcode Fuzzy Hash: a8a73ff7c8d9c49144996b661b3c9fe0a0421841a74a87b006c14b0182776752
              • Instruction Fuzzy Hash: 7D21AE71A00206DFCB14CF98D980AAEBBF5FB88318F24816DD105AB350CB75AE06CBD0
              Function 01A69240 Relevance: .1, Instructions: 64COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 63c8e3f35299abcc833675573346db8a4fc810a451100614d57886ef462a99f5
              • Instruction ID: 25654e41fe2963a788027a894237e127c961172b3cc6e36328f682672adcfbf7
              • Opcode Fuzzy Hash: 63c8e3f35299abcc833675573346db8a4fc810a451100614d57886ef462a99f5
              • Instruction Fuzzy Hash: 8E11BF7A410241AAD7359F65E941AB23BECFBB8B80F144029E904972F8E37DDD01CB65
              Function 01AFD250 Relevance: .1, Instructions: 60COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 85b8372eab2b49e119a7121357f167aa50625d368b645fe9d61e15192df1d82c
              • Instruction ID: 5ea9984ad0fd063ce7076c2c4b96741ae0a7e64eb115b87378354f7ddb11bc25
              • Opcode Fuzzy Hash: 85b8372eab2b49e119a7121357f167aa50625d368b645fe9d61e15192df1d82c
              • Instruction Fuzzy Hash: 9401D2BB65020126D72767E98984BAB7758ABA96B0F19053DBF145B282DB3CCC41D2E0
              Function 01A9B052 Relevance: .1, Instructions: 57COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 05109ed18fbab7058250dde12f78a92b88f2361c0905162f6e217a34dcfa699e
              • Instruction ID: c05a09c66978747464f4ce7277cf2504d625a04f00b9f469f816aaabf83edaf9
              • Opcode Fuzzy Hash: 05109ed18fbab7058250dde12f78a92b88f2361c0905162f6e217a34dcfa699e
              • Instruction Fuzzy Hash: A301F9727003416BEB10AB6AAD81F6B77FCDF94224F040029E705C7241D774E9408671
              Function 01A67330 Relevance: .1, Instructions: 55COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d4468b5ca4e792f74080dcde3d11fdeae61bde62c4d48bc07568bc86d173b8eb
              • Instruction ID: f5b3f07a3f58ff7251f9f968c31be151252bfaffccdfeebe855a2f5be38146d2
              • Opcode Fuzzy Hash: d4468b5ca4e792f74080dcde3d11fdeae61bde62c4d48bc07568bc86d173b8eb
              • Instruction Fuzzy Hash: B3117071610615AFE721CFA9C942BAB77ECEB44358F058429EA85C7211D775EC009BA1
              Function 01A9E53E Relevance: .1, Instructions: 55COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
              • Instruction ID: 603bf2dbf8880d261da479329a47f1145d074ba5c77516ffc92981e44fe05473
              • Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
              • Instruction Fuzzy Hash: 1E118271601AC29FEB229B6C9954B267BE4AF41B58F1904A0DE438B653F728D882C251
              Function 01A9F2D0 Relevance: .1, Instructions: 54COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e5f8a6ee305b004c15699cd2af9cbdd27a9bd243f5f45b6b6919988e1281b734
              • Instruction ID: 94cc39a2083555bea236bb5d7221612251dab6aab0c9c3115e5a6dfa52b4a4c2
              • Opcode Fuzzy Hash: e5f8a6ee305b004c15699cd2af9cbdd27a9bd243f5f45b6b6919988e1281b734
              • Instruction Fuzzy Hash: DA11A0717006489FCB20DF69CA84BAABBF8BF44610F180476E501E7652D679D941C750
              Function 01B072A0 Relevance: .1, Instructions: 53COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1e850f2c6b8a62aa57273bc2e4efeca7cc81b0ea7f022921ea7aa6f1d3ab38ae
              • Instruction ID: d6b2ecb867721e02e1c6561ad02ab70b7f62799c36c04eb54a1ede25c9a498d8
              • Opcode Fuzzy Hash: 1e850f2c6b8a62aa57273bc2e4efeca7cc81b0ea7f022921ea7aa6f1d3ab38ae
              • Instruction Fuzzy Hash: 1C0192B2140546BFEB16AF56CD90FA2FB6DFF65790B400526F250425A0CB21FCA1CAA4
              Function 01A6A250 Relevance: .1, Instructions: 52COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
              • Instruction ID: 58526ab81d240ba8e3cf45b39240350f2d37fb5a8a8040d7ff68754173a8d36b
              • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
              • Instruction Fuzzy Hash: 5A0149724447219BCB318F29D840A327BFCFF55760700852DFC96AB2A1C331D400CB60
              Function 01AEE1D0 Relevance: .1, Instructions: 51COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 68098c5645ce083269287466c473653a88fbf942ba6692fbbf8549bfee8214a0
              • Instruction ID: f85c13a35cb4d9c5224f446585a1a004d52a809b485f1b9581f316fe4a0115bd
              • Opcode Fuzzy Hash: 68098c5645ce083269287466c473653a88fbf942ba6692fbbf8549bfee8214a0
              • Instruction Fuzzy Hash: AF11C032241241EFDB16EF19CE80F56BBB8FF64B54F2400A5FA059B661C735ED01CAA0
              Function 01A76259 Relevance: .1, Instructions: 51COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: aa2d34d7df9381f0bbb39f140de1590ab3d9b006de3c10488fead1d66163e501
              • Instruction ID: 98783d8430b04628414083bc9b490ae3ed912b19ed5f89d655479dc7cce72cda
              • Opcode Fuzzy Hash: aa2d34d7df9381f0bbb39f140de1590ab3d9b006de3c10488fead1d66163e501
              • Instruction Fuzzy Hash: 53118271941219ABEF65EF64CE81FE9B378BF04710F5041D6A318A60E1DB70AE85CF84
              Function 01A7208A Relevance: .0, Instructions: 50COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
              • Instruction ID: 8f231886ad7337b800218014fd3b0bf071ccc826a18abab13b6de2997ca42931
              • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
              • Instruction Fuzzy Hash: 9D01F1322001018FEF169B2DDC80BA27777BFC4A20F5984AAED058F246DA71DC82C3A0
              Function 01AF6050 Relevance: .0, Instructions: 50COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f64437b5783e272c11e621b11a02ebd4384dde4586894757ad957f8e6123c7ca
              • Instruction ID: feceed926660ad1b003b6506c12eed259f915d6d68775bd999ff66fcf57a3589
              • Opcode Fuzzy Hash: f64437b5783e272c11e621b11a02ebd4384dde4586894757ad957f8e6123c7ca
              • Instruction Fuzzy Hash: E2111772900019ABCB11DB94CD84DEFBB7CEF58254F044166E906E7211EA34AA15CBA0
              Function 01AB20F0 Relevance: .0, Instructions: 49COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 35beab2e21c423ea8c9bbbf138bb246d9880981c48c5afe2d7edb577b7dee936
              • Instruction ID: 371cd9bb70356bc20209d07813f5b242dc3deef853c5ebba9237f57c4a049192
              • Opcode Fuzzy Hash: 35beab2e21c423ea8c9bbbf138bb246d9880981c48c5afe2d7edb577b7dee936
              • Instruction Fuzzy Hash: DD116D35A0024DABCB15EFA4D990FAE7BB9FF48640F00405AF91297291D635EE11CB90
              Function 01A6C020 Relevance: .0, Instructions: 49COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
              • Instruction ID: 57b83761fbe8509fb0dffe6676a250184069e9252d8d2ec44cbe90fbc22672c2
              • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
              • Instruction Fuzzy Hash: 9701B9321007459FDB22A7B9C600A6777FDFFD5624F45842DA6958B540DA74E442C750
              Function 01AAE5CF Relevance: .0, Instructions: 49COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: cdf8c550f76b3bca399a537c58b37ea18876480f2985e6926d1435fa4ffae6fd
              • Instruction ID: f68a6b795a4f1c5df3c06fa8067945f93757a565325cb6853a52349f5e56a321
              • Opcode Fuzzy Hash: cdf8c550f76b3bca399a537c58b37ea18876480f2985e6926d1435fa4ffae6fd
              • Instruction Fuzzy Hash: 380184B12416427FD715BB7DCE44E67B7ECFF94654B00062AB10593551DB24EC01C6B0
              Function 01A69353 Relevance: .0, Instructions: 48COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 16eb1e9227c9ca53ee971aeba792c6b4be561f846bb8a1c766c052503132072f
              • Instruction ID: 001a0e5d400892c8b0ca20aa6bfab01e22363fb0ed0bfab5925482464137c774
              • Opcode Fuzzy Hash: 16eb1e9227c9ca53ee971aeba792c6b4be561f846bb8a1c766c052503132072f
              • Instruction Fuzzy Hash: 3211AD72400B02DFD7329F1AC980B22B7E8FF50B66F19886DD4894A4A6C375E880CB10
              Function 01AAD1D0 Relevance: .0, Instructions: 47COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2103513d2fbd223765d54b27d59d1ce24549dd4e977acd5ce3c70b0a80ca45ab
              • Instruction ID: 9b00ce637fea18ef1e8bbe7f7470d05908d4b3e9822b92a26df63697f6cac2d1
              • Opcode Fuzzy Hash: 2103513d2fbd223765d54b27d59d1ce24549dd4e977acd5ce3c70b0a80ca45ab
              • Instruction Fuzzy Hash: BA019E72A00204ABDF21DB98E800F6977A9EB84B30F14815AFE518FB81CB34DD04C7C0
              Function 01A933A5 Relevance: .0, Instructions: 47COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5807426d3854de8340053ba828383e613f6f2126caef2cc0c9319ce74fae2529
              • Instruction ID: aecd955a258b468ef83190ea77a996f08707492d48019588e99f63131b26e7fa
              • Opcode Fuzzy Hash: 5807426d3854de8340053ba828383e613f6f2126caef2cc0c9319ce74fae2529
              • Instruction Fuzzy Hash: FC01D136300105ABCF129BBACD00E9B7EFDBFC4651B1A4429BA05E7161EA30D982C7A0
              Function 01B2F5BE Relevance: .0, Instructions: 47COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: efa1355bdd9a2b2cc0944bedb5ece86e0d6bc6c1be551d325b175bf6fcec2517
              • Instruction ID: 8b70df9d3cb9dcba3fc98505b5d75f270ff719cbf8dd09fcacb6f5f221c3094f
              • Opcode Fuzzy Hash: efa1355bdd9a2b2cc0944bedb5ece86e0d6bc6c1be551d325b175bf6fcec2517
              • Instruction Fuzzy Hash: 72019E70A00249AFCB14EF69D941FEEBBB8EF44710F00406AF904EB381D674DA05CB94
              Function 01A8E016 Relevance: .0, Instructions: 46COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
              • Instruction ID: ab0100c6b52672bc003293eabe42f40771f95c285400ac31c9ab6650a9636548
              • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
              • Instruction Fuzzy Hash: 84017C32240580DFE322AB5DCA48F277BE8EF45B68F0D08A9F905CB692D778DC41C621
              Function 01A6826B Relevance: .0, Instructions: 46COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0627b54ac0a742f768f1d83bcc432adfe85f83a1ba133796922c4f3826785761
              • Instruction ID: aa6f36c5d3239bdd31e0ff0790920913a1dbfb8ac33c0c9a50455b91005f07a9
              • Opcode Fuzzy Hash: 0627b54ac0a742f768f1d83bcc432adfe85f83a1ba133796922c4f3826785761
              • Instruction Fuzzy Hash: 6F01F272700609DBC714EBBAD9409AE7BFDFF90610F094029EA02A7290EE34DC01C290
              Function 01B2F367 Relevance: .0, Instructions: 45COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7c783a5b557365b2fa4ffa82e538f8fdc61738e5332940e8f3e8112b02595167
              • Instruction ID: 07b1d61c694ea2cea0744704c65599a240fde1393e6cb917f92611a133c29f5d
              • Opcode Fuzzy Hash: 7c783a5b557365b2fa4ffa82e538f8fdc61738e5332940e8f3e8112b02595167
              • Instruction Fuzzy Hash: 6301A271A00258EBDB14EFA9D985FAFBBB8EF54710F00406AF905EB381D674D904C794
              Function 01A72582 Relevance: .0, Instructions: 45COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e3f996c545051054d45efa5b9a89e44a5ffa5d50f8be15e559cb37cdbe3d2728
              • Instruction ID: 85d2f92710189f4bf80adb18302f7a2f0b113a45ce1e226fa254d6f2adf99504
              • Opcode Fuzzy Hash: e3f996c545051054d45efa5b9a89e44a5ffa5d50f8be15e559cb37cdbe3d2728
              • Instruction Fuzzy Hash: 74F0F972641621B7C7319B56CD40F177AA9EF84E90F054029A60597640C634DD05C6A0
              Function 01B45152 Relevance: .0, Instructions: 43COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: bd6d7c7418f19b82dd544b4ff463083e1f1e4ca5b90da2f449a970346e83001a
              • Instruction ID: 63b1f5111106bedfae0ab911f7795363c6baf2a97b3b536d1ddcf4a55b3c8532
              • Opcode Fuzzy Hash: bd6d7c7418f19b82dd544b4ff463083e1f1e4ca5b90da2f449a970346e83001a
              • Instruction Fuzzy Hash: 37012C71A10249ABDB04DFA9D9819EEBBF8FF58710F10405AE901E7391D734EA018BA4
              Function 01B450D9 Relevance: .0, Instructions: 43COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9ec5cd2634a8b0da6f4156f7420d069308c80c0ef7c913d34bbd49cc861dc19a
              • Instruction ID: 1bff8eddbc452df65a79f86582050c2c190d1ae16763c328fd5b4af51d992e29
              • Opcode Fuzzy Hash: 9ec5cd2634a8b0da6f4156f7420d069308c80c0ef7c913d34bbd49cc861dc19a
              • Instruction Fuzzy Hash: C9015AB1A0020DABCB04DFA9D9819EEBBB8FF58700F10405AF900F7281D734A9018BA0
              Function 01B45060 Relevance: .0, Instructions: 43COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1196d378a739c3cf0c9c5eacb12cc22686c6cee45cc84cbc7a00d8abdb303e20
              • Instruction ID: 29fdc2fff21191fba920bf6fd51538a9d51fdd4d7c32578071250837b1b458e0
              • Opcode Fuzzy Hash: 1196d378a739c3cf0c9c5eacb12cc22686c6cee45cc84cbc7a00d8abdb303e20
              • Instruction Fuzzy Hash: C9012C75A10249ABCB04DFA9D9819EEBBF8FF58710F10405AFA01E7391D734EA018BA4
              Function 01A9C073 Relevance: .0, Instructions: 43COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
              • Instruction ID: 965d57cd042505ac635f22f5d76769edf335cdd8bfdb327bdfaf50391c6ed388
              • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
              • Instruction Fuzzy Hash: 16F0C2F2A00A11ABD324CF4DDD40E57FBEEDBD1AA0F048128A605C7220EA31DD04CB90
              Function 01A6C310 Relevance: .0, Instructions: 43COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
              • Instruction ID: 657c1e96c27f08ccd6c47971946f7081737d2b7edc38291e4a8579996d096e95
              • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
              • Instruction Fuzzy Hash: DFF0FC732046239BD73217594940B3BF5AD8FD1AB4F1D4035E3459F248C9608D0156D0
              Function 01B45537 Relevance: .0, Instructions: 43COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1ba783f5d9ae5b561ad7e088814fa2534da79dd6f0b0467494e6c18fd2dc54fc
              • Instruction ID: 09bd99a0b11b3c20c60a7564b5a0d4244581cc06577bdbc3806c471363c9f95f
              • Opcode Fuzzy Hash: 1ba783f5d9ae5b561ad7e088814fa2534da79dd6f0b0467494e6c18fd2dc54fc
              • Instruction Fuzzy Hash: 30110C70A1024ADFDB44DFA9D541BADBBF4BF08600F0482A6E505EB382D734D9418B90
              Function 01B461E5 Relevance: .0, Instructions: 41COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1b2684891e24f57f5b7a1024f4386ace9e14011c18eba7dfcd4bf526c5905ddb
              • Instruction ID: 4b243a39c5e022842645a0b781a6bab9f8c80349274a8354945c1b1fedffe78a
              • Opcode Fuzzy Hash: 1b2684891e24f57f5b7a1024f4386ace9e14011c18eba7dfcd4bf526c5905ddb
              • Instruction Fuzzy Hash: 06018F71A00249EBCB04DFA9D541AEEBBF8FF59710F14405AE501E7280D734EA01CB94
              Function 01AF63C0 Relevance: .0, Instructions: 41COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
              • Instruction ID: ec70e2aa2ef414f67460fd9c2e7e1c28888efca41f09fbb4fe72b097e94f3171
              • Opcode Fuzzy Hash: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
              • Instruction Fuzzy Hash: BEF0127210001DBFEF019F94DE80DAF7B7DEF55698B104125FA1592160D631DD21A7A0
              Function 01B2F2F8 Relevance: .0, Instructions: 41COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 59a79a1af3b2930c4f4e12ab025ccdaca3a051f71d523798b40cc11bb714c658
              • Instruction ID: ff0851826f8acddca4121ed43edb96035e0e2004354a732a560b553725804ec3
              • Opcode Fuzzy Hash: 59a79a1af3b2930c4f4e12ab025ccdaca3a051f71d523798b40cc11bb714c658
              • Instruction Fuzzy Hash: 57F0C872F10258ABDB04DFB9C545AEEB7B8EF54710F0080AAE501E7291DA74D9058750
              Function 01AA724D Relevance: .0, Instructions: 40COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 44620c8b90c707c3135ebb5afdba643e124f7b09bfea536c61b6b3c3b840e391
              • Instruction ID: 67b46224c5e21c9fcdc9547d33ac4c82ff7f4893baf409558abea841736aa7b4
              • Opcode Fuzzy Hash: 44620c8b90c707c3135ebb5afdba643e124f7b09bfea536c61b6b3c3b840e391
              • Instruction Fuzzy Hash: D0F0F671A012566BEB14D7EC8A40FEBBBA89F94610F488596BA01D7141D732EA44C750
              Function 01AFA4B0 Relevance: .0, Instructions: 40COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 35404f9005f11e066e7f5ce626f35d271a182eded8444e0de577b26f98edab4b
              • Instruction ID: ab314d49e357c5ef6cd5b89235219d80848a06c1d67abb2694e7e4a4fef806ca
              • Opcode Fuzzy Hash: 35404f9005f11e066e7f5ce626f35d271a182eded8444e0de577b26f98edab4b
              • Instruction Fuzzy Hash: ED019736100209ABCF229F94DC44EDE7FA6FB4C7A4F068105FE1966260C736E970EB81
              Function 01A6C0F0 Relevance: .0, Instructions: 39COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a718fc2dc7c09f6228ad14e641b8333a6401dd3f06855c69423232b444e7a879
              • Instruction ID: 8d8eaf736c3a2854fdb0dc1ce93c17cd37ac73d799d2128fe1d531674fe01e88
              • Opcode Fuzzy Hash: a718fc2dc7c09f6228ad14e641b8333a6401dd3f06855c69423232b444e7a879
              • Instruction Fuzzy Hash: 89F024B2204381DBF31097698C01B2232AEEBC0660F29802AEB498F6C5FA70DC418395
              Function 01B453FC Relevance: .0, Instructions: 39COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a33241f30b2e9ea382f6b98ccc70aeccce76ff05bd132ee961d8a17b8b726e4f
              • Instruction ID: 44675f4c8d85d0e49e6ecfb07bf13d754d278643abfb5cacd543755cb87ce0cf
              • Opcode Fuzzy Hash: a33241f30b2e9ea382f6b98ccc70aeccce76ff05bd132ee961d8a17b8b726e4f
              • Instruction Fuzzy Hash: 40011E70A0024ADFDB44DFA9D545B9EB7F4FF18300F1482A5E519EB382D7349A408B90
              Function 01AA656A Relevance: .0, Instructions: 39COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 56d434d839eb351a8b39541a4d30bbc0bd83c31a4747f6fe05053188f8e31c56
              • Instruction ID: 749522e45b016e6d9963f6346a32c237fa0bc977e5f52d2300e2d77491cac387
              • Opcode Fuzzy Hash: 56d434d839eb351a8b39541a4d30bbc0bd83c31a4747f6fe05053188f8e31c56
              • Instruction Fuzzy Hash: 6A0144702006829BE7329B7CCE5CF653BE8BB54B44F8C4594FA55DBAE6DB68D4018A10
              Function 01B1437C Relevance: .0, Instructions: 37COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
              • Instruction ID: 4515527a967c4b1a1314b07469592efce6614019b1bdfe0fdd568710db7f0f4e
              • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
              • Instruction Fuzzy Hash: 91F0E93174191347EB3EAA2DA5A0B2BA695DF90B10B47067E9605CB684DF20D8008790
              Function 01B2F3E6 Relevance: .0, Instructions: 35COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b490f211aa7dd5c0162b46952f13a0bec02b1d2b5dbe880f60d618f09187e05e
              • Instruction ID: 60d3d443fcd7b45a8eac0efe1d2da3467e783957a707630d43ae03b16e75d4db
              • Opcode Fuzzy Hash: b490f211aa7dd5c0162b46952f13a0bec02b1d2b5dbe880f60d618f09187e05e
              • Instruction Fuzzy Hash: 09F08C70A00249AFCB04EFA8D645AAEB7F4FF18300F408069F905EB382D674EA00CB54
              Function 01A692FF Relevance: .0, Instructions: 35COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 718c914a0907f39d08349811fbb29c44860bf71e7c4c9e0ce791986b58125d54
              • Instruction ID: 5ff7601d9c746c8948026296b1abb7e4a9cd6313021b10531f6b585b257004da
              • Opcode Fuzzy Hash: 718c914a0907f39d08349811fbb29c44860bf71e7c4c9e0ce791986b58125d54
              • Instruction Fuzzy Hash: 6EF0FA32200240AFD731AB0ACD08F9BBBEDEF94B04F18011DE642830E0CAB0E908C660
              Function 01B455C9 Relevance: .0, Instructions: 35COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f97a0b22d8acd202886345f12d53a31a54756881e4c24d39204016a4590c8333
              • Instruction ID: 9bc3970b7e33073d81227b542c256a637b1a44623c63b636d543509740b30794
              • Opcode Fuzzy Hash: f97a0b22d8acd202886345f12d53a31a54756881e4c24d39204016a4590c8333
              • Instruction Fuzzy Hash: E0F03C74A00249AFDB04EFA8D645AAEB7F4FF18700F108469F905EB381D774EA00CB54
              Function 01B30115 Relevance: .0, Instructions: 32COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a2b2e3bac345fbe38fc259567a60665457148f766d610c5a4cabd7a541b94e22
              • Instruction ID: f54d2a5ac55ad02d89cfb615563929bbda3fd1c9354b8833b1667f8fd866d896
              • Opcode Fuzzy Hash: a2b2e3bac345fbe38fc259567a60665457148f766d610c5a4cabd7a541b94e22
              • Instruction Fuzzy Hash: 64F0272A415A9016DF3E7B2C74503D13B64EBA6610F0910D9FDA557299C7788893C320
              Function 01B4539D Relevance: .0, Instructions: 31COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c0775306eea9fe6d32763c4f42250836a4a1ec93e7d0bdf266742e28f5635de0
              • Instruction ID: b454ffd9979d7f331114a70ffa62410e23ffc64548446e0e5c3b358c96f46e65
              • Opcode Fuzzy Hash: c0775306eea9fe6d32763c4f42250836a4a1ec93e7d0bdf266742e28f5635de0
              • Instruction Fuzzy Hash: E1F0B470A1064D9FDB04EF78D581AAEB7B8EF18700F108094E502EB281DA74D9058B14
              Function 01B45283 Relevance: .0, Instructions: 31COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 34a7713d182d2cd30b2c85af441e930a8f83536cec4d0084fdd4aeae34e2b94f
              • Instruction ID: 2aa499a50b446720a1b0db9e6df39a0441311a227aaffe2a56ef867b0e0729b1
              • Opcode Fuzzy Hash: 34a7713d182d2cd30b2c85af441e930a8f83536cec4d0084fdd4aeae34e2b94f
              • Instruction Fuzzy Hash: 48F05470A10649ABDB14EFA9D645AAE77F8FF14700F408459B541EB292EB34D9008754
              Function 01B452E2 Relevance: .0, Instructions: 31COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 110d9548777eecb02085eef122246465da0ab97a7824dc72f15bd785e88aa982
              • Instruction ID: 5ed1b8edce85a6f1c299aac54afd5ff5cb11f12e1a392abd1453550f1923aab3
              • Opcode Fuzzy Hash: 110d9548777eecb02085eef122246465da0ab97a7824dc72f15bd785e88aa982
              • Instruction Fuzzy Hash: 80F0B470A106499BDB14EFB9D681EAE77B8FF14700F008458A501EB281DB74D900C714
              Function 01AAC5ED Relevance: .0, Instructions: 31COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 027083264acab40c8d6a544baf2defc9a7bf41c5f56366795a3c81a0be7a557f
              • Instruction ID: 52331a5e65d93c863f84441d692c0024b48801474caa8dca7ceecb9efae67e7a
              • Opcode Fuzzy Hash: 027083264acab40c8d6a544baf2defc9a7bf41c5f56366795a3c81a0be7a557f
              • Instruction Fuzzy Hash: 89F020B19116D19FF732DB1CC248B21BBE8AB447B0F88B466D406C761AC360F880CA50
              Function 01B451CB Relevance: .0, Instructions: 30COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 83dbaaaf110bb3d18432cf763bcd56337ddec321b635bc6eccae9ee2805ade2e
              • Instruction ID: d70220a1e709db7c94452174c21649a41f96788464a39b77dd0e6401263ab862
              • Opcode Fuzzy Hash: 83dbaaaf110bb3d18432cf763bcd56337ddec321b635bc6eccae9ee2805ade2e
              • Instruction Fuzzy Hash: C6F08270A10249ABDB14EFA8D645EAE77B8FF14704F044459FA01EB2D1EB74E900C768
              Function 01AED070 Relevance: .0, Instructions: 30COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 29a6642c7ef7ed3592a36acdccc95c3bae471711bc0d42908ddba4b2807d0017
              • Instruction ID: 0a20a6367aacb89b2a50ba5629b192f08fbff91509e71cae45d88f291ce60f9d
              • Opcode Fuzzy Hash: 29a6642c7ef7ed3592a36acdccc95c3bae471711bc0d42908ddba4b2807d0017
              • Instruction Fuzzy Hash: 5DF0E57350461467C230AA498C05FABFBACDBE5B70F14031ABA249B1D0DA70EA01C7D6
              Function 01B45341 Relevance: .0, Instructions: 30COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 95c41867a0cb386bfc99214633b63ca262d6b1c2839c6f715950ae44b5c30828
              • Instruction ID: c795b3bb77378f18e265120d0ecea8a70783aedba04cf6e2e050ffb1fa012115
              • Opcode Fuzzy Hash: 95c41867a0cb386bfc99214633b63ca262d6b1c2839c6f715950ae44b5c30828
              • Instruction Fuzzy Hash: B0F02770A00249EBCF04EBB8D685EAE77F8EF19300F104099E502EB2D1EB34E9008714
              Function 01B45227 Relevance: .0, Instructions: 30COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2b2248883687cf8bf2afa0fe6784aed2c8d18525344ea9ffc3a7cbcba40f39f7
              • Instruction ID: f1bc4f2d05d2e9240130e0a7c20de2a24ddb627501147d68b43ec3b6826871df
              • Opcode Fuzzy Hash: 2b2248883687cf8bf2afa0fe6784aed2c8d18525344ea9ffc3a7cbcba40f39f7
              • Instruction Fuzzy Hash: 6EF08270A14249ABDB14EBA8D645EAE77B8FF14704F044499B901EB2D2EB74D9018758
              Function 01AA7208 Relevance: .0, Instructions: 30COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9e2bef02b45ea0b489dcab3a0fc3e4a4128fb6cd6dec6d3114d9bc3bb84572e6
              • Instruction ID: 2f824a10c74b46d7118b65ff80bf3260cc5e1ee5b0e74fcf131fe607659e8605
              • Opcode Fuzzy Hash: 9e2bef02b45ea0b489dcab3a0fc3e4a4128fb6cd6dec6d3114d9bc3bb84572e6
              • Instruction Fuzzy Hash: BEF0A0B1995695AFE732D77CC18CB2277EC9B88A74F1985A2D41ACBD02C338DC80C260
              Function 01B454DB Relevance: .0, Instructions: 30COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 325e596359cbf085ac65e7444ffa614332e696d10f4ecd59b7149e678b6066b0
              • Instruction ID: ef501fc0b27747636febd71f35a1803529fefbdf0fa59fad38dd308ed34ce3aa
              • Opcode Fuzzy Hash: 325e596359cbf085ac65e7444ffa614332e696d10f4ecd59b7149e678b6066b0
              • Instruction Fuzzy Hash: DDF08270A10249ABDB14EBA9D655FAE7BB8EF18704F104098E501EB2C1EA34D9009758
              Function 01AA55C0 Relevance: .0, Instructions: 28COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 09511f6a5b3cabbe784265c74914248b525a176bb6667c193042ebcc910e885d
              • Instruction ID: 505c82c84dac044b3fdc4d5fee94e83daf94c1184bdd6ce4a10a2b1b1a574e44
              • Opcode Fuzzy Hash: 09511f6a5b3cabbe784265c74914248b525a176bb6667c193042ebcc910e885d
              • Instruction Fuzzy Hash: E5E02B33500615ABC7216B2BDC04F12FB69FF60BB0F154116F598975908B70FC11CAD8
              Function 01A725E0 Relevance: .0, Instructions: 23COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a2b0c5b96fd9a6467d37eb08e5093e12873faf198a3b3b07523752234d12b98f
              • Instruction ID: cd76dbbd182b7168a31ec3ab9b3e74a555e8963b95495d75b132da5659bcb6b0
              • Opcode Fuzzy Hash: a2b0c5b96fd9a6467d37eb08e5093e12873faf198a3b3b07523752234d12b98f
              • Instruction Fuzzy Hash: 42E092721005949BC722BF29DE01F9AB79AEF64760F014516F115571A0CB34AD10C788
              Function 01AF4000 Relevance: .0, Instructions: 22COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
              • Instruction ID: 33b0d5d3e8f8b83648eff98c16e8b6c28182ad217429e884837774ae53192bf6
              • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
              • Instruction Fuzzy Hash: AFE0C2343003058FE715CF59C040B637BB6BFD9A20F28C078AA488F205EB36E942CB40
              Function 01B2B3D0 Relevance: .0, Instructions: 21COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2862d5c95079e8f9bdfc17701203be164f113e2c7109adcb0461f4fb661a1a8a
              • Instruction ID: 0405738b81ed29df20ed637c45d8afbe8fe062b0eea17acf0946c3ccd537a117
              • Opcode Fuzzy Hash: 2862d5c95079e8f9bdfc17701203be164f113e2c7109adcb0461f4fb661a1a8a
              • Instruction Fuzzy Hash: E8E0C231284225BBDF262A44CE40F797B19EF60BA0F108031FB0C6A690CA71EC96D6D4
              Function 01A6823B Relevance: .0, Instructions: 21COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
              • Instruction ID: 81b4b8374063572662b7626647711015740080a4fe9ff90b19531679b5fe66a1
              • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
              • Instruction Fuzzy Hash: 51E08C31040A50EFDB322F25DE00B9276ADFF68F50F14482AE082160A58AB9A881CA54
              Function 01A72050 Relevance: .0, Instructions: 20COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 38f8cb05c3ca4ed2f2df7ffffb8506dc17c001ae3ea3035f8515a87eb1b48c78
              • Instruction ID: 354674a9bc708293ac1dcbf3c653a14c228254cda10295ed76cbd5a4a77fd5a8
              • Opcode Fuzzy Hash: 38f8cb05c3ca4ed2f2df7ffffb8506dc17c001ae3ea3035f8515a87eb1b48c78
              • Instruction Fuzzy Hash: 43E08C721004506BC711FE5DEE00F9A739AEFA4660F004122F150872A0CA64AD00C798
              Function 01AF92BC Relevance: .0, Instructions: 20COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ac63992e178883e084abca038ccba7d82b8129f5a3147b3197c3622e3f81906c
              • Instruction ID: cfad13d13a46f5143fd00fdbd636e83699488b9447ef3d9ab6f78286817b44c4
              • Opcode Fuzzy Hash: ac63992e178883e084abca038ccba7d82b8129f5a3147b3197c3622e3f81906c
              • Instruction Fuzzy Hash: 90F0C238251B80CBE62ADF08C1A1B5277B9FB55B48F50055CE5468BBB1C73AA942CB40
              Function 01A6B562 Relevance: .0, Instructions: 17COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 513c018af8093926a425ffcf59a89caa6ba2b1d98b48f3b0c5e1abf4a0335a68
              • Instruction ID: d151c06647b062ee64a8096a1d358ffc57beb150baacf13a1524d2c119c3ff10
              • Opcode Fuzzy Hash: 513c018af8093926a425ffcf59a89caa6ba2b1d98b48f3b0c5e1abf4a0335a68
              • Instruction Fuzzy Hash: 73D05E31261661AFDB327F25EF05F827AB9EFA0F10F450529B142664F086A1ED84C6A0
              Function 01AAE59C Relevance: .0, Instructions: 16COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
              • Instruction ID: 2a9306b5aec819bd018e4ef96ff52364f5ea10c2f5243935bb0c323cb864f295
              • Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
              • Instruction Fuzzy Hash: 5FD0A972604620ABDB32AA1CFC04FD333E9BB88B20F060459F008C7150C360EC81CA84
              Function 01A6A0E3 Relevance: .0, Instructions: 15COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
              • Instruction ID: 497cbbc87267b2502f6f052fdb5f4f51671cd2c782bb7dfd38727ab1b89b0cf5
              • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
              • Instruction Fuzzy Hash: 01D0127231607197DF29A7556914F677959AF81EA4F1A006D790AA3900C5158C42D6E0
              Function 01AF930B Relevance: .0, Instructions: 12COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 73b68ca8792e09d39eb84bf204166a27678a7482029cab1375adc9e7cd32c121
              • Instruction ID: afec6b020fa6c2fe0ffce5fe02cedab35c2b0ccb841e5d9e7e755fb105a4b2a0
              • Opcode Fuzzy Hash: 73b68ca8792e09d39eb84bf204166a27678a7482029cab1375adc9e7cd32c121
              • Instruction Fuzzy Hash: 6DD01735941AC48FE72BCB08C165B517BF8F705B44F85109CF14247AA2C27C9984CB00
              Function 01A90310 Relevance: .0, Instructions: 11COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
              • Instruction ID: e6c0dee3bbf4d7341251c00f5ea8f830a56a361a12416342f03a67499a73ce3b
              • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
              • Instruction Fuzzy Hash: B6D01236100248EFCB01DF41C990D9B776EFBD8750F509019FD19076108A31ED62DA50
              Function 01A9340D Relevance: .0, Instructions: 10COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 228d46562787cc6ef91b6aff40b17c30ce715ed8b58bcfbb69b93c396a4a2043
              • Instruction ID: a04b172a92321a0d929bdccfb365132d01bec0d2a13ab9dba7fadb5eb44d1e70
              • Opcode Fuzzy Hash: 228d46562787cc6ef91b6aff40b17c30ce715ed8b58bcfbb69b93c396a4a2043
              • Instruction Fuzzy Hash: F2C08CBC1415816AEF2B6724CA00B383AA0BF40A07F85019CAB40294A3C368DC428218
              Function 01AB3090 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6e8649280ae6ad23cf209ea3ed50e69a656d5b435760a75a443c6d6fdb6cab3f
              • Instruction ID: d0928c43e18257f3376b49bcecd817f9e9100c6b39e7dee517263bf39ef30503
              • Opcode Fuzzy Hash: 6e8649280ae6ad23cf209ea3ed50e69a656d5b435760a75a443c6d6fdb6cab3f
              • Instruction Fuzzy Hash: 9E90022124140802D140715D84147070006E7D0A01F56C015A0024554DC61B8A6567B1
              Function 01AB3010 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7077a6523dff224adeb29ce73fd25a6cc0e45c2f71cefbecd76b3c9103dae9e6
              • Instruction ID: 5b612d98117bd1582f6a64168e0bfdd49d0e1d7fb38be5e19cf1b39f1ec32164
              • Opcode Fuzzy Hash: 7077a6523dff224adeb29ce73fd25a6cc0e45c2f71cefbecd76b3c9103dae9e6
              • Instruction Fuzzy Hash: 4E90022120184442D140725D4804B0F4105A7E1602F96C01DA4156554CC91A89555721
              Function 01AB4340 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e7e857cdc8a64b8fa2aa33ea221d2807c8d138da1a0be7928fa65667618e33f9
              • Instruction ID: 87ee7eaa2dff778f853ce08cf3332240d3d4aafdfb9bd8bc4b15cd73c35514bd
              • Opcode Fuzzy Hash: e7e857cdc8a64b8fa2aa33ea221d2807c8d138da1a0be7928fa65667618e33f9
              • Instruction Fuzzy Hash: 06900231605800129140715D48845464005B7E0701F56C015E0424554CCA198A565361
              Function 01AB4650 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 97345c6fd953c675e77c0948eadad4f4b9a2bd21c419e1c7687a80f94c93bb9a
              • Instruction ID: 9e9e2d9920bc95b8d2fdf378585a9d72f0303ea0bd4aa5bd8652d0618673e4a6
              • Opcode Fuzzy Hash: 97345c6fd953c675e77c0948eadad4f4b9a2bd21c419e1c7687a80f94c93bb9a
              • Instruction Fuzzy Hash: 07900471701500434140715D4C044077005F7F17017D7C11DF0554570CC71DCD55D37D
              Function 01AB39B0 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3efed96714ee9913bda4e86bf62965ebe1b0eefe78f2adeee0207317420fdf92
              • Instruction ID: ab7d8ccb95b26425803193a59cfbf6864f993ef50171bc0a503e9d5f43cd5fd9
              • Opcode Fuzzy Hash: 3efed96714ee9913bda4e86bf62965ebe1b0eefe78f2adeee0207317420fdf92
              • Instruction Fuzzy Hash: D290043134545103D150715D44047174005F7F0701F57C035F0C145D4DC55FCD557331
              Function 01AB2BA0 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2360a288dc1005b8300d45482758ed63e986adc71ce8a7ff338d1ed99046607c
              • Instruction ID: 49b0045ebb5a1ca5f4aca07a5ac8069de1b3efdbc3a72526d79eeaa02a9d0bf8
              • Opcode Fuzzy Hash: 2360a288dc1005b8300d45482758ed63e986adc71ce8a7ff338d1ed99046607c
              • Instruction Fuzzy Hash: 5590023160540802D150715D44147460005A7D0701F56C015A0024654DC75A8B5577A1
              Function 01AB2B80 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0f45022e021a0feea6c605096b57ce2d55b4221fd213d6a4d6a1997ca347f745
              • Instruction ID: d2c10b5b0d01e40f5775a69c5f76468f2a4ee094a5f9f1dfb0fb76e2a7a157e2
              • Opcode Fuzzy Hash: 0f45022e021a0feea6c605096b57ce2d55b4221fd213d6a4d6a1997ca347f745
              • Instruction Fuzzy Hash: 4690023120140802D104715D48046860005A7D0701F56C015A6024655ED66A89917231
              Function 01AB2BE0 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c1b580ef544973dfc29d1139275ad0a01ec40c6f76737ce63a77a60330f21b68
              • Instruction ID: e34f4db42a5210c6c33a44573b1c6af1afbae3d9ba9c1839154d458ba8bf5b80
              • Opcode Fuzzy Hash: c1b580ef544973dfc29d1139275ad0a01ec40c6f76737ce63a77a60330f21b68
              • Instruction Fuzzy Hash: F990023120544842D140715D4404A460015A7D0705F56C015A0064694DD62A8E55B761
              Function 01AB2BF0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 51a14333d26b3b04a597af032f454b4035dc813bf34fc8e19f2c6912427d2b23
              • Instruction ID: c6e52f4a1660cda19fbbb07a0f7895d66a06793564a18382b1991291720bfb20
              • Opcode Fuzzy Hash: 51a14333d26b3b04a597af032f454b4035dc813bf34fc8e19f2c6912427d2b23
              • Instruction Fuzzy Hash: 6790023120140802D180715D440464A0005A7D1701F96C019A0025654DCA1A8B5977A1
              Function 01AB2B60 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4d4a80ae7b64a108280b760e272052ac7909e7d334137b84fa70db609d094d1a
              • Instruction ID: 5b56ef7960b63474000114ba2bdae2aa7d92952612408385db996f935acd8190
              • Opcode Fuzzy Hash: 4d4a80ae7b64a108280b760e272052ac7909e7d334137b84fa70db609d094d1a
              • Instruction Fuzzy Hash: 82900261202400034105715D4414616400AA7E0601F56C025E1014590DC52A89916225
              Function 01AB2AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6e7e5d33e2fa3d6f3a74e0bc550cbbdfaa9db7d05ac73e6d5c4149a2c8c57a05
              • Instruction ID: e72fef7972036f56fd9d7c413b2ab50622e4ad3317690ff4f02948dd98dc3f87
              • Opcode Fuzzy Hash: 6e7e5d33e2fa3d6f3a74e0bc550cbbdfaa9db7d05ac73e6d5c4149a2c8c57a05
              • Instruction Fuzzy Hash: C59002A1201540924500B25D8404B0A4505A7E0601F56C01AE1054560CC52A89519235
              Function 01AB2AF0 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 19d010be7a34e397f8064cd7b6abe795af2fbf7f0df68b7ffcd0c29bf277307c
              • Instruction ID: db69ea9effaec0feaac94c0fe28bad9ea077f0926e76d9db2681e732ce10b181
              • Opcode Fuzzy Hash: 19d010be7a34e397f8064cd7b6abe795af2fbf7f0df68b7ffcd0c29bf277307c
              • Instruction Fuzzy Hash: 5C900225221400020145B55D060450B0445B7D6751796C019F1416590CC62689655321
              Function 01AB2AD0 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4e1d42da3839535f35299aa786b0ae0430920aec206072488e4be8dc78cf0e48
              • Instruction ID: c610f30fd02f4df919316a983282d433587e23bba274c9ad25fb9702af95290e
              • Opcode Fuzzy Hash: 4e1d42da3839535f35299aa786b0ae0430920aec206072488e4be8dc78cf0e48
              • Instruction Fuzzy Hash: 10900435311400030105F55D07045070047F7D5751757C035F1015550CD737CD715331
              Function 01AB2DB0 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c06f40fa62a13099ac3596f8b200b22d4661542ae41034c11cd40da1f52774ce
              • Instruction ID: 593ddf294a8b3203293f293e308b62131c4a9252d75a2ce8f0987b69b232ba77
              • Opcode Fuzzy Hash: c06f40fa62a13099ac3596f8b200b22d4661542ae41034c11cd40da1f52774ce
              • Instruction Fuzzy Hash: 6C90023124140402D141715D44046060009B7D0641F96C016A0424554EC65A8B56AB61
              Function 01AB2DD0 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ba063b55c3e81f7b635933d4a9a1c7ee118be0e682e5c3a682c36c660b0d91a3
              • Instruction ID: 54ed72f79722d3d2030a01d5948f5b9531de20db4e9a136f6520dde7012fef7c
              • Opcode Fuzzy Hash: ba063b55c3e81f7b635933d4a9a1c7ee118be0e682e5c3a682c36c660b0d91a3
              • Instruction Fuzzy Hash: 42900221242441525545B15D44045074006B7E0641B96C016A1414950CC52B9956D721
              Function 01AB2D30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 14351cd10ce3489254c2124e149cf554ac695da7af9de613c51681a7205ff0bf
              • Instruction ID: 2f4368accd6c4591eb82e23467be06ef18b16630e1de895346f161e2716cf40f
              • Opcode Fuzzy Hash: 14351cd10ce3489254c2124e149cf554ac695da7af9de613c51681a7205ff0bf
              • Instruction Fuzzy Hash: 2E90043130140003D140715D541C7074005F7F1701F57D015F0414554CDD1FCD575333
              Function 01AB2D00 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 99a68ac3dc96b1cdb4ed5d07aa39fb70d3e19f4deed8f804a42a713cc8c0bf15
              • Instruction ID: 7d75b7a80a3e13064fea3f41412a3fc4a6427847f2a15d2cccf8b01e83e725ed
              • Opcode Fuzzy Hash: 99a68ac3dc96b1cdb4ed5d07aa39fb70d3e19f4deed8f804a42a713cc8c0bf15
              • Instruction Fuzzy Hash: A490022120544442D100755D5408A060005A7D0605F56D015A1064595DC63A8951A231
              Function 01AB2D10 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9f40ef6c29028043ee8e709c84acd81b1394e3af30a2113d3698c1d31baaa06e
              • Instruction ID: 2d26a268c693238b571ae7fcab9accebfd837ff339f186b0569c53c9502cb1e5
              • Opcode Fuzzy Hash: 9f40ef6c29028043ee8e709c84acd81b1394e3af30a2113d3698c1d31baaa06e
              • Instruction Fuzzy Hash: B090022921340002D180715D540860A0005A7D1602F96D419A0015558CC91A89695321
              Function 01AB3D10 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8f4f29460e1292743a0adda20736dd83ba8d033a7dcb43424f7c8ca95735ceb2
              • Instruction ID: b7a2b48dfcfb4514b91ef6262c3af96033c21de186659989cbf7c40a26acfd97
              • Opcode Fuzzy Hash: 8f4f29460e1292743a0adda20736dd83ba8d033a7dcb43424f7c8ca95735ceb2
              • Instruction Fuzzy Hash: 6F900231202401429540725D5804A4E4105A7E1702F96D419A0015554CC91989615321
              Function 01AB3D70 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: bef36ffc10e4c0270fefcfe3e6cf94b31ca01a791aa5bbac5c1d15b3c22040d1
              • Instruction ID: c60c09bb47ab66427aa131e2ceeaf8ed92823e8483d46562e579fa15fd2aea65
              • Opcode Fuzzy Hash: bef36ffc10e4c0270fefcfe3e6cf94b31ca01a791aa5bbac5c1d15b3c22040d1
              • Instruction Fuzzy Hash: 3290023520140402D510715D58046460046A7D0701F56D415A0424558DC65989A1A221
              Function 01AB2CA0 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4c3fd4fa1136d3bdb47db52e3424991640f0039bebdfffffad4d43d155c4c763
              • Instruction ID: a81dc3dfb9caf011f0c269d63011835786de6161730173a86706f1d118fcac89
              • Opcode Fuzzy Hash: 4c3fd4fa1136d3bdb47db52e3424991640f0039bebdfffffad4d43d155c4c763
              • Instruction Fuzzy Hash: D990023120140402D100759D54086460005A7E0701F56D015A5024555EC66A89916231
              Function 01AB2CF0 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2b573870b87fd77880dce9e574160cc70bfe3780598164de082ba31fbc4bf7d9
              • Instruction ID: d339efabd54cdc54e431f49c4d49dbdaa96e5450dd321ddd29f251678e55aa08
              • Opcode Fuzzy Hash: 2b573870b87fd77880dce9e574160cc70bfe3780598164de082ba31fbc4bf7d9
              • Instruction Fuzzy Hash: 9890043130140403D100715D550C7070005F7D0701F57D415F043455CDD75FCD517331
              Function 01AB2CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6ab9164ecfe46a8ef313bb8d13108fcc41fa58cb94cfd48e71ab7574ab781c75
              • Instruction ID: b9766704f9d4f46d1958025c97160873620290f9f4d4fdf76704e250ddae67e6
              • Opcode Fuzzy Hash: 6ab9164ecfe46a8ef313bb8d13108fcc41fa58cb94cfd48e71ab7574ab781c75
              • Instruction Fuzzy Hash: 8490022160540402D140715D54187060015A7D0601F56D015A0024554DC65E8B5567A1
              Function 01AB2C60 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 782b3c51bc257a081c6bd944fb447f4f36d91f07c3bd0a447c2678253cd632e5
              • Instruction ID: 19a466b80471834093ad44d36363a52379279312a7d3ab6692f5899b0001bc9d
              • Opcode Fuzzy Hash: 782b3c51bc257a081c6bd944fb447f4f36d91f07c3bd0a447c2678253cd632e5
              • Instruction Fuzzy Hash: 2F90023120140842D100715D4404B460005A7E0701F56C01AA0124654DC61AC9517621
              Function 01AB2FA0 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d067f13f2db7e8efa9778cbaf3a2ba71509fb852a5c533d0086d41d9a575b87e
              • Instruction ID: c4d2d0b2fb4f30de4a1e43a71d7c61af3deafdc881f850a4a1e7a0e432df9684
              • Opcode Fuzzy Hash: d067f13f2db7e8efa9778cbaf3a2ba71509fb852a5c533d0086d41d9a575b87e
              • Instruction Fuzzy Hash: 2990023120180402D100715D48087470005A7D0702F56C015A5164555EC66AC9916631
              Function 01AB2FB0 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: fe9b35ca9c728f91237cacbd3b00740923e14a4e340746bc1f05bd1925dca188
              • Instruction ID: f24fd9010751a4f49d0ab5956a3e7deab00b801fec7f9a95e78342cf4310a645
              • Opcode Fuzzy Hash: fe9b35ca9c728f91237cacbd3b00740923e14a4e340746bc1f05bd1925dca188
              • Instruction Fuzzy Hash: D9900221601400424140716D88449064005BBE1611B56C125A0998550DC55E89655765
              Function 01AB2F90 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 08d34d2169c969af550225478197e452f44d4350ae51380bbf300dddd61eb1e6
              • Instruction ID: 9e58677afb276e299da1a81458ac6fc733d215a27f0a23da6c4062786595bd74
              • Opcode Fuzzy Hash: 08d34d2169c969af550225478197e452f44d4350ae51380bbf300dddd61eb1e6
              • Instruction Fuzzy Hash: 1F90023120180402D100715D481470B0005A7D0702F56C015A1164555DC62A89516671
              Function 01AB2FE0 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e97b992bbfa383573d93b5131b5ffaa1eb6f20ee5d92161de40f38ded197810d
              • Instruction ID: e6ffa0eaac7b9c326cbe00ad59d3414e36def2647b4d292c3be00572000865b7
              • Opcode Fuzzy Hash: e97b992bbfa383573d93b5131b5ffaa1eb6f20ee5d92161de40f38ded197810d
              • Instruction Fuzzy Hash: 8F900221211C0042D200756D4C14B070005A7D0703F56C119A0154554CC91A89615621
              Function 01AB2F30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e1261167bf1771700a97ac6ea5f824b0a9247f6698b5613154d2f8faa8cd45d8
              • Instruction ID: 1162413fffb65add7935bb7ce8178e9db77eb6ab906477cc47bdea9ccc0e7f25
              • Opcode Fuzzy Hash: e1261167bf1771700a97ac6ea5f824b0a9247f6698b5613154d2f8faa8cd45d8
              • Instruction Fuzzy Hash: 0790026134140442D100715D4414B060005E7E1701F56C019E1064554DC61ECD526226
              Function 01AB2F60 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c77962ced5d37e265a22382c43cff3157e14f5c583d70b81a993d4db9ea48af5
              • Instruction ID: d7f2400b91a59a8118278ee294407f29d26c34e8a0ef2bb4cd2227f45d5d0319
              • Opcode Fuzzy Hash: c77962ced5d37e265a22382c43cff3157e14f5c583d70b81a993d4db9ea48af5
              • Instruction Fuzzy Hash: 8790047131140043D104715D44047070045F7F1701F57C017F3154554CC53FCD715335
              Function 01AB2EA0 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7b806f7c71fe86210187060a15cb8a38dfe2400624f990a10932e6ffe4da0979
              • Instruction ID: 77c0acedc33d69df4fe0885d982c2b25f7a323b0e018c9084d15587869755f65
              • Opcode Fuzzy Hash: 7b806f7c71fe86210187060a15cb8a38dfe2400624f990a10932e6ffe4da0979
              • Instruction Fuzzy Hash: 4B90027120140402D140715D44047460005A7D0701F56C015A5064554EC65E8ED56765
              Function 01AB2E80 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f1d4c57b51250159e541baf552d3b3b6951da1d1f692f055d56bffe4e0286e6f
              • Instruction ID: 658a1697673351eb1a17d97149e6c563e612ddc6d11289f981f505d7e8002358
              • Opcode Fuzzy Hash: f1d4c57b51250159e541baf552d3b3b6951da1d1f692f055d56bffe4e0286e6f
              • Instruction Fuzzy Hash: F590022160140502D101715D4404616000AA7D0641F96C026A1024555ECA2A8A92A231
              Function 01AB2EE0 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 142047b88c286622bd669308706f9732ef7ce5118aea02cc3f7a973493c8d3eb
              • Instruction ID: 6187b97e11bd308e1ae4b02c820e4ffbe667c08d3a06386bb102128b7cd1237a
              • Opcode Fuzzy Hash: 142047b88c286622bd669308706f9732ef7ce5118aea02cc3f7a973493c8d3eb
              • Instruction Fuzzy Hash: D790026120180403D140755D48046070005A7D0702F56C015A2064555ECA2E8D516235
              Function 01AB2E30 Relevance: .0, Instructions: 4COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 829f0baa49125b68023a36959213ee85afa36a0db4b41ef0e60777d07b765151
              • Instruction ID: 5e1c152fbdaa661598f8c64f0b76989c7079f4c82cddd7e6f7b547b46071cde3
              • Opcode Fuzzy Hash: 829f0baa49125b68023a36959213ee85afa36a0db4b41ef0e60777d07b765151
              • Instruction Fuzzy Hash: 9190022130140402D102715D44146060009E7D1745F96C016E1424555DC62A8A53A232
              Function 01AB2C00 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
              • Instruction ID: 9f61412f11b5e3ee762173fdc8b263ec46ac6eb5781609148b05bfd32178cb6c
              • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
              • Instruction Fuzzy Hash:
              Function 01AB2890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
              Download Yara Rule
              APIs
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID: ___swprintf_l
              • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
              • API String ID: 48624451-2108815105
              • Opcode ID: f5fb260f98c416fc21e9ff583c9dc4669bc1b15f89f3f3e2f17d65eccdc68047
              • Instruction ID: 176c8414c5c86552b5e4d69a60ebb27f848937522e0d8a9cc6facd6d8b07a119
              • Opcode Fuzzy Hash: f5fb260f98c416fc21e9ff583c9dc4669bc1b15f89f3f3e2f17d65eccdc68047
              • Instruction Fuzzy Hash: 7F51D8B5A00156BFDB11DBAC89D4ABEFBFCBB48240714816BE469D7642D334EE4087E0
              Function 01AA7630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
              Download Yara Rule
              Strings
              • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 01AE4725
              • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 01AE4742
              • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 01AE46FC
              • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 01AE4655
              • Execute=1, xrefs: 01AE4713
              • ExecuteOptions, xrefs: 01AE46A0
              • CLIENT(ntdll): Processing section info %ws..., xrefs: 01AE4787
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
              • API String ID: 0-484625025
              • Opcode ID: 89e4ca4c786165b5026eb09fb708e15f2abff92fdc1aa991ebc1711e873b6113
              • Instruction ID: b282f48ce3fd39dba9575b9c5802628e53a6e4b7162ce36bb7321e5a8752069c
              • Opcode Fuzzy Hash: 89e4ca4c786165b5026eb09fb708e15f2abff92fdc1aa991ebc1711e873b6113
              • Instruction Fuzzy Hash: 0751E7316402197AEF21EBE9DD89FFB7BB8EF18304F4400A9E605A7191E7729E458F50
              Function 01ABB5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
              Download Yara Rule
              APIs
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID: __aulldvrm
              • String ID: +$-$0$0
              • API String ID: 1302938615-699404926
              • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
              • Instruction ID: 6391169dcae286b80788c7bbeb9e7baacdbedabe258b31309d7bea86700771b8
              • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
              • Instruction Fuzzy Hash: 5D816070E062C99EEF25CFACC8D17EEBBB9AF45310F1C4259D951A7293C63498818771
              Function 01AABED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
              Download Yara Rule
              Strings
              • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 01AE7B7F
              • RTL: Resource at %p, xrefs: 01AE7B8E
              • RTL: Re-Waiting, xrefs: 01AE7BAC
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
              • API String ID: 0-871070163
              • Opcode ID: 3006c9eda646ff4225cd7fc5de038cadbeb3a9a35cf567bb907df3b2bfd617f6
              • Instruction ID: 0efbbe3a4ce514a54674448b5ad437b46b08653f0747a3142f080c92ba5becb2
              • Opcode Fuzzy Hash: 3006c9eda646ff4225cd7fc5de038cadbeb3a9a35cf567bb907df3b2bfd617f6
              • Instruction Fuzzy Hash: 0F4106353047429FDB25DF29C940B6AB7E9EF98710F440A1DFA5AD7680DB32E8058BA1
              Function 01AAB4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
              Download Yara Rule
              APIs
              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01AE728C
              Strings
              • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 01AE7294
              • RTL: Resource at %p, xrefs: 01AE72A3
              • RTL: Re-Waiting, xrefs: 01AE72C1
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
              • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
              • API String ID: 885266447-605551621
              • Opcode ID: 215e65129c682a8f50e2e9fe39f4e01cfed1cb02020e60dc37b934e465c646a8
              • Instruction ID: e515d28d66317f0e512a3c5e716f2c56997aef15e3834d77788d5e095f32def6
              • Opcode Fuzzy Hash: 215e65129c682a8f50e2e9fe39f4e01cfed1cb02020e60dc37b934e465c646a8
              • Instruction Fuzzy Hash: 5141DF32600302ABD721DFA9CD41B6ABBE5FB94710F140619F956EB281DB31E8528BE1
              Function 01AB7D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
              Download Yara Rule
              APIs
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID: __aulldvrm
              • String ID: +$-
              • API String ID: 1302938615-2137968064
              • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
              • Instruction ID: 1b0edb12c6d869f9f4ca10670a4f8234dbd3aa4151238779dc6c8774037a78e4
              • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
              • Instruction Fuzzy Hash: E391C370E002969AEB24DFADC8C06FEBBBDAF84760F14451AE955E72C2D7B48940CB14
              Function 01A79126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID:
              • String ID: $$@
              • API String ID: 0-1194432280
              • Opcode ID: bbabc3b8e17548cc496e96dd716f5545a3cf14e639017f1056975280cf664f59
              • Instruction ID: 36aa0484fd152a798dae8b990f67a625f16e64ae7f5fd90952525b86e330285b
              • Opcode Fuzzy Hash: bbabc3b8e17548cc496e96dd716f5545a3cf14e639017f1056975280cf664f59
              • Instruction Fuzzy Hash: 47812C71D006699BDB31DB54CD44BEAB7B4AF48714F0441DAEA1EB7290E7305E84CFA0
              Function 01AFCEA0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 134COMMON
              Download Yara Rule
              APIs
              • @_EH4_CallFilterFunc@8.LIBCMT ref: 01AFCFBD
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.2283692332.0000000001A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A40000, based on PE: true
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_1a40000_SPA-198-2024.jbxd
              Similarity
              • API ID: CallFilterFunc@8
              • String ID: @$@4Cw@4Cw
              • API String ID: 4062629308-3101775584
              • Opcode ID: e6b12c91f06d23a73a4f87ce831aa32950bc11abee77536e270a0d78bc7e0e7f
              • Instruction ID: ade61c0e3508edba569ba8ab17cab51fdfa522dc1a6db035965c540e682e90a9
              • Opcode Fuzzy Hash: e6b12c91f06d23a73a4f87ce831aa32950bc11abee77536e270a0d78bc7e0e7f
              • Instruction Fuzzy Hash: 0A418EB29002199FDB229FE9C940AADBBB8FF64B50F00442EFA05DB265D734D901CB61