Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exe

Overview

General Information

Sample name:SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exe
Analysis ID:1546602
MD5:e9dd7735e683f61b80c4bddfcffaee1d
SHA1:1a49c2fb7733bfe1833aa1164ae39f096cc9dc0f
SHA256:2d34439b88bca48219791ac13393ba7a2a7c7b3d80d6ad25fa7fb1967ae4fd44
Tags:exe
Infos:

Detection

FormBook
Score:80
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Yara detected AntiVM3
Yara detected FormBook
.NET source code contains potential unpacker
AI detected suspicious sample
Injects a PE file into a foreign processes
Machine Learning detection for sample
AV process strings found (often used to terminate AV products)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
PE file contains strange resources
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000003.00000002.1500085807.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    Process Memory Space: SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exe PID: 7596JoeSecurity_AntiVM_3Yara detected AntiVM_3Joe Security

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      3.2.SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        3.2.SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security

          Sigma Signatures

          No Sigma rule has matched

          Suricata Signatures

          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
          2024-11-01T08:24:15.060254+010020229301A Network Trojan was detected4.245.163.56443192.168.2.949803TCP
          2024-11-01T08:24:52.916023+010020229301A Network Trojan was detected4.245.163.56443192.168.2.949983TCP

          Joe Sandbox Signatures

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Multi AV Scanner detection for submitted file
          Source: SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeReversingLabs: Detection: 39%
          Yara detected FormBook
          Source: Yara matchFile source: 3.2.SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.2.SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000003.00000002.1500085807.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          AI detected suspicious sample
          Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
          Machine Learning detection for sample
          Source: SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeJoe Sandbox ML: detected
          Source: SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
          Source: SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
          Source: Binary string: wntdll.pdbUGP source: SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exe, 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp
          Source: Binary string: wntdll.pdb source: SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exe, SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exe, 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 4x nop then jmp 077A97A1h0_2_077A94A5
          Source: Network trafficSuricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 4.245.163.56:443 -> 192.168.2.9:49803
          Source: Network trafficSuricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 4.245.163.56:443 -> 192.168.2.9:49983
          Source: Amcache.hve.6.drString found in binary or memory: http://upx.sf.net

          E-Banking Fraud

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 3.2.SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.2.SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000003.00000002.1500085807.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0042C433 NtClose,3_2_0042C433
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0040A9E3 NtAllocateVirtualMemory,3_2_0040A9E3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01762DF0 NtQuerySystemInformation,LdrInitializeThunk,3_2_01762DF0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01764340 NtSetContextThread,3_2_01764340
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01764650 NtSuspendThread,3_2_01764650
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01762B60 NtClose,3_2_01762B60
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01762BF0 NtAllocateVirtualMemory,3_2_01762BF0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01762BE0 NtQueryValueKey,3_2_01762BE0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01762BA0 NtEnumerateValueKey,3_2_01762BA0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01762B80 NtQueryInformationFile,3_2_01762B80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01762AF0 NtWriteFile,3_2_01762AF0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01762AD0 NtReadFile,3_2_01762AD0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01762AB0 NtWaitForSingleObject,3_2_01762AB0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01762D30 NtUnmapViewOfSection,3_2_01762D30
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01762D10 NtMapViewOfSection,3_2_01762D10
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01762D00 NtSetInformationFile,3_2_01762D00
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01762DD0 NtDelayExecution,3_2_01762DD0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01762DB0 NtEnumerateKey,3_2_01762DB0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01762C70 NtFreeVirtualMemory,3_2_01762C70
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01762C60 NtCreateKey,3_2_01762C60
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01762C00 NtQueryInformationProcess,3_2_01762C00
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01762CF0 NtOpenProcess,3_2_01762CF0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01762CC0 NtQueryVirtualMemory,3_2_01762CC0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01762CA0 NtQueryInformationToken,3_2_01762CA0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01762F60 NtCreateProcessEx,3_2_01762F60
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01762F30 NtCreateSection,3_2_01762F30
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01762FE0 NtCreateFile,3_2_01762FE0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01762FB0 NtResumeThread,3_2_01762FB0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01762FA0 NtQuerySection,3_2_01762FA0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01762F90 NtProtectVirtualMemory,3_2_01762F90
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01762E30 NtWriteVirtualMemory,3_2_01762E30
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01762EE0 NtQueueApcThread,3_2_01762EE0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01762EA0 NtAdjustPrivilegesToken,3_2_01762EA0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01762E80 NtReadVirtualMemory,3_2_01762E80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01763010 NtOpenDirectoryObject,3_2_01763010
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01763090 NtSetValueKey,3_2_01763090
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017635C0 NtCreateMutant,3_2_017635C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017639B0 NtGetContextThread,3_2_017639B0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01763D70 NtOpenThread,3_2_01763D70
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01763D10 NtOpenProcessToken,3_2_01763D10
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 0_2_016BDD7C0_2_016BDD7C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 0_2_05B0A0900_2_05B0A090
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 0_2_05B0B3600_2_05B0B360
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 0_2_05B0E5080_2_05B0E508
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 0_2_05B0E4F80_2_05B0E4F8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 0_2_05B046E00_2_05B046E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 0_2_05B046E80_2_05B046E8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 0_2_05B0A0800_2_05B0A080
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 0_2_05B0B3590_2_05B0B359
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 0_2_05B0E2780_2_05B0E278
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 0_2_05B0E2680_2_05B0E268
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 0_2_05B04BD20_2_05B04BD2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 0_2_077AAEA80_2_077AAEA8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 0_2_077A4E200_2_077A4E20
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 0_2_077A73380_2_077A7338
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 0_2_077A52480_2_077A5248
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 0_2_077A69300_2_077A6930
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 0_2_077A69200_2_077A6920
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_004011103_2_00401110
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0040E13B3_2_0040E13B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0042EAD33_2_0042EAD3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_004023703_2_00402370
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0040FCC33_2_0040FCC3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_004166133_2_00416613
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0040FEE33_2_0040FEE3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0040DF633_2_0040DF63
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_004027103_2_00402710
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_00402FD03_2_00402FD0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017B81583_2_017B8158
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017CA1183_2_017CA118
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017201003_2_01720100
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017E81CC3_2_017E81CC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017F01AA3_2_017F01AA
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017E41A23_2_017E41A2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017C20003_2_017C2000
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017EA3523_2_017EA352
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0173E3F03_2_0173E3F0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017F03E63_2_017F03E6
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017D02743_2_017D0274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017B02C03_2_017B02C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017305353_2_01730535
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017F05913_2_017F0591
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017E24463_2_017E2446
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017D44203_2_017D4420
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017DE4F63_2_017DE4F6
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017307703_2_01730770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017547503_2_01754750
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0172C7C03_2_0172C7C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0174C6E03_2_0174C6E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017469623_2_01746962
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017329A03_2_017329A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017FA9A63_2_017FA9A6
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0173A8403_2_0173A840
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017328403_2_01732840
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0175E8F03_2_0175E8F0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017168B83_2_017168B8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017EAB403_2_017EAB40
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017E6BD73_2_017E6BD7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0172EA803_2_0172EA80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017CCD1F3_2_017CCD1F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0173AD003_2_0173AD00
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0172ADE03_2_0172ADE0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01748DBF3_2_01748DBF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01730C003_2_01730C00
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01720CF23_2_01720CF2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017D0CB53_2_017D0CB5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017A4F403_2_017A4F40
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01750F303_2_01750F30
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017D2F303_2_017D2F30
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01772F283_2_01772F28
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0173CFE03_2_0173CFE0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01722FC83_2_01722FC8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017AEFA03_2_017AEFA0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01730E593_2_01730E59
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017EEE263_2_017EEE26
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017EEEDB3_2_017EEEDB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01742E903_2_01742E90
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017ECE933_2_017ECE93
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0171F1723_2_0171F172
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017FB16B3_2_017FB16B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0176516C3_2_0176516C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0173B1B03_2_0173B1B0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017E70E93_2_017E70E9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017EF0E03_2_017EF0E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017DF0CC3_2_017DF0CC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017370C03_2_017370C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0171D34C3_2_0171D34C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017E132D3_2_017E132D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0177739A3_2_0177739A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017D12ED3_2_017D12ED
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0174B2C03_2_0174B2C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017352A03_2_017352A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017E75713_2_017E7571
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017F95C33_2_017F95C3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017CD5B03_2_017CD5B0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017214603_2_01721460
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017EF43F3_2_017EF43F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017EF7B03_2_017EF7B0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017756303_2_01775630
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017E16CC3_2_017E16CC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017399503_2_01739950
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0174B9503_2_0174B950
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017C59103_2_017C5910
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0179D8003_2_0179D800
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017338E03_2_017338E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017EFB763_2_017EFB76
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017A5BF03_2_017A5BF0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0176DBF93_2_0176DBF9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0174FB803_2_0174FB80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017A3A6C3_2_017A3A6C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017EFA493_2_017EFA49
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017E7A463_2_017E7A46
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017DDAC63_2_017DDAC6
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017CDAAC3_2_017CDAAC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01775AA03_2_01775AA0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017D1AA33_2_017D1AA3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017E7D733_2_017E7D73
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017E1D5A3_2_017E1D5A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01733D403_2_01733D40
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0174FDC03_2_0174FDC0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017A9C323_2_017A9C32
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017EFCF23_2_017EFCF2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017EFF093_2_017EFF09
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_016F3FD53_2_016F3FD5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_016F3FD23_2_016F3FD2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017EFFB13_2_017EFFB1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01731F923_2_01731F92
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01739EB03_2_01739EB0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: String function: 017AF290 appears 105 times
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: String function: 01777E54 appears 110 times
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: String function: 0179EA12 appears 86 times
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: String function: 0171B970 appears 280 times
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: String function: 01765130 appears 58 times
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7796 -s 200
          Source: SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeStatic PE information: Resource name: RT_VERSION type: MacBinary, comment length 97, char. code 0x69, total length 1711304448, Wed Mar 28 22:22:24 2040 INVALID date, modified Tue Feb 7 01:41:58 2040, creator ' ' "4"
          Source: SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exe, 00000000.00000002.1340675574.000000000137E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exe
          Source: SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exe, 00000000.00000000.1318005962.0000000000D92000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameLGXn.exe. vs SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exe
          Source: SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exe, 00000000.00000002.1345414706.0000000007F80000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exe
          Source: SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exe, 00000003.00000002.1500617309.000000000181D000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exe
          Source: SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeBinary or memory string: OriginalFilenameLGXn.exe. vs SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exe
          Source: SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
          Source: SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exe.4b10b00.0.raw.unpack, LoOvAtGDSr5DueSUZ0.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
          Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exe.7f80000.3.raw.unpack, LoOvAtGDSr5DueSUZ0.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
          Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exe.4b98920.1.raw.unpack, LoOvAtGDSr5DueSUZ0.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
          Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exe.4b10b00.0.raw.unpack, JoKtFFlqsrlAKF2DOI.csSecurity API names: System.IO.DirectoryInfo.SetAccessControl(System.Security.AccessControl.DirectorySecurity)
          Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exe.4b10b00.0.raw.unpack, JoKtFFlqsrlAKF2DOI.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
          Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exe.4b10b00.0.raw.unpack, JoKtFFlqsrlAKF2DOI.csSecurity API names: _0020.AddAccessRule
          Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exe.4b98920.1.raw.unpack, JoKtFFlqsrlAKF2DOI.csSecurity API names: System.IO.DirectoryInfo.SetAccessControl(System.Security.AccessControl.DirectorySecurity)
          Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exe.4b98920.1.raw.unpack, JoKtFFlqsrlAKF2DOI.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
          Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exe.4b98920.1.raw.unpack, JoKtFFlqsrlAKF2DOI.csSecurity API names: _0020.AddAccessRule
          Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exe.7f80000.3.raw.unpack, JoKtFFlqsrlAKF2DOI.csSecurity API names: System.IO.DirectoryInfo.SetAccessControl(System.Security.AccessControl.DirectorySecurity)
          Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exe.7f80000.3.raw.unpack, JoKtFFlqsrlAKF2DOI.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
          Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exe.7f80000.3.raw.unpack, JoKtFFlqsrlAKF2DOI.csSecurity API names: _0020.AddAccessRule
          Source: classification engineClassification label: mal80.troj.evad.winEXE@4/6@0/0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exe.logJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeMutant created: NULL
          Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7796
          Source: C:\Windows\SysWOW64\WerFault.exeFile created: C:\ProgramData\Microsoft\Windows\WER\Temp\4a05dd2b-c2b3-47e7-ba9c-a7968da07b32Jump to behavior
          Source: SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeReversingLabs: Detection: 39%
          Source: unknownProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exe"
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exe"
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7796 -s 200
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exe"Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeSection loaded: mscoree.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeSection loaded: apphelp.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeSection loaded: version.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeSection loaded: profapi.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeSection loaded: cryptsp.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeSection loaded: rsaenh.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeSection loaded: cryptbase.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeSection loaded: dwrite.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeSection loaded: windowscodecs.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeSection loaded: userenv.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeSection loaded: msasn1.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeSection loaded: gpapi.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeSection loaded: textshaping.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeSection loaded: iconcodecservice.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
          Source: Window RecorderWindow detected: More than 3 window changes detected
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
          Source: SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
          Source: SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeStatic file information: File size 1049600 > 1048576
          Source: SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
          Source: Binary string: wntdll.pdbUGP source: SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exe, 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp
          Source: Binary string: wntdll.pdb source: SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exe, SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exe, 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp

          Data Obfuscation

          barindex
          .NET source code contains potential unpacker
          Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exe.4b98920.1.raw.unpack, JoKtFFlqsrlAKF2DOI.cs.Net Code: nj46d2y7aa System.Reflection.Assembly.Load(byte[])
          Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exe.4b10b00.0.raw.unpack, JoKtFFlqsrlAKF2DOI.cs.Net Code: nj46d2y7aa System.Reflection.Assembly.Load(byte[])
          Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exe.7f80000.3.raw.unpack, JoKtFFlqsrlAKF2DOI.cs.Net Code: nj46d2y7aa System.Reflection.Assembly.Load(byte[])
          Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exe.40a6000.2.raw.unpack, XlF5VlCIHRSQX8M5eh.cs.Net Code: _200C_200C_202D_206C_200B_206A_206D_200B_200D_200C_202D_206A_206D_202A_206A_206B_202B_206C_202D_200B_202E_202B_202A_206C_206A_206D_202D_206B_206D_206B_200D_202B_202D_206C_206F_206C_200B_202B_206A_206D_202E System.Reflection.Assembly.Load(byte[])
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0041594D push 899D5642h; ret 3_2_00415952
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_00406155 push ss; retf 3_2_00406160
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_00403270 push eax; ret 3_2_00403272
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0040227F pushad ; retf 3_2_00402280
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0040BB30 push eax; ret 3_2_0040BB31
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0041F3C9 push ss; retf 3_2_0041F3CB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_00415468 push esi; ret 3_2_004154E7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0041547D push esi; ret 3_2_004154E7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_004154C2 push esi; ret 3_2_004154E7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0041548F push esi; ret 3_2_004154E7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_004066BD push edx; iretd 3_2_004066BF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_00413F7E pushad ; retf 3_2_00414025
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_00413FC5 pushad ; retf 3_2_00414025
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_016F225F pushad ; ret 3_2_016F27F9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_016F27FA pushad ; ret 3_2_016F27F9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017209AD push ecx; mov dword ptr [esp], ecx3_2_017209B6
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_016F283D push eax; iretd 3_2_016F2858
          Source: SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeStatic PE information: section name: .text entropy: 7.095259259275497
          Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exe.4b98920.1.raw.unpack, wsMA6Y8v5gMDBEo8JH.csHigh entropy of concatenated method names: 'tVptlOhYDZ', 'Tfst7SMwVp', 'FjCM4WddbY', 'qFOMsi55X5', 'al1M1INbuV', 'clgMaepjaJ', 'gQfMfKZwM5', 'cswMulamLX', 'wkkMmyNglP', 'i4XMjHpVil'
          Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exe.4b98920.1.raw.unpack, Bj7sOjDsJc215YhLWr.csHigh entropy of concatenated method names: 'BaLkr1aibe', 'iDWkbRDjQh', 'x2VkdN4FyW', 'WRPkqfE9Uy', 'lnXklPvxcY', 'VlWkPnRGyR', 'VLsk7M7Jja', 'xAQkXgTcto', 'vurkU22HHU', 'hKdkihs3K9'
          Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exe.4b98920.1.raw.unpack, MNSliCp5pLfTfbnbm5.csHigh entropy of concatenated method names: 'Dispose', 'VOoJEWxK7R', 'H1N3ojpchN', 'cbXppUOi3X', 'moBJDrnPWN', 'u9lJzHPyFm', 'ProcessDialogKey', 'n103N3IVLl', 'eJQ3JsxhvR', 'tee33ZAZpj'
          Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exe.4b98920.1.raw.unpack, jjQvmyMF56mtukRQMQ.csHigh entropy of concatenated method names: 't5BWKvkal2', 'c6aWo5c2c6', 'WJxW4DR41G', 'LfXWsMoGh6', 'xouWTgEwNe', 'rPGW1VmsbZ', 'Next', 'Next', 'Next', 'NextBytes'
          Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exe.4b98920.1.raw.unpack, xeWQkCEFLvnbKnDpEF.csHigh entropy of concatenated method names: 'bkiMqafFE0', 'yfRMPWYYPp', 'qs1MXpWRlR', 'bFKMUfppC0', 'JQHMhQrQkU', 'LthMBoXbqv', 'PaSMg39caF', 'YbPMWthyb8', 'NMhMYcBSR4', 'L2HMAFcflJ'
          Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exe.4b98920.1.raw.unpack, smAnK9e31D8m4R6qLi.csHigh entropy of concatenated method names: 'ykdGcKYW5A', 'BZkGQ2Vdqa', 'cNoGtCnk6x', 'BfOGkA8HKQ', 'hrJGFvvvEe', 'Tert8mWlgh', 'jWWt9FNvec', 'Dm1tHbX9Fe', 'OlftIIteWJ', 'rJPtE44eVg'
          Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exe.4b98920.1.raw.unpack, yNyEsDy6ZIQIwpcLg5.csHigh entropy of concatenated method names: 'P0Uhj2U1BZ', 'uLchLHMiT1', 'AB6hT7YWbb', 'fNrhnPwQgY', 'EPlhofFDqp', 'Kukh4J9hO5', 'smihslRMc1', 'GFlh1MnvKb', 'OiMhauiaCC', 'bCRhfkLR25'
          Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exe.4b98920.1.raw.unpack, NDciXZjFENg46qwwKL.csHigh entropy of concatenated method names: 'cQ8kCrAJ5w', 'UDIkMGPBCF', 'xKUkGWeOQq', 'QKaGDB4t3S', 'yqWGzm8jc6', 'knokNhiVWB', 'DvNkJijXZH', 'y0xk3Dadyi', 'K5GkyA6VpV', 'oA8k68FAhs'
          Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exe.4b98920.1.raw.unpack, gR77ck3b1vNAqKeOjn.csHigh entropy of concatenated method names: 'VDkJkrHpc7', 'CETJFSxQwW', 'qoQJOOGNVh', 'VwUJwv8VCr', 'UG0JhDy6me', 'QeBJBmWYWa', 'aDgrn49S9xprh3Om9n', 'ypNTt50qCDr3SPGnSf', 'Q4QJJytK8U', 'pdVJyU7gqx'
          Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exe.4b98920.1.raw.unpack, KNB6Q2N0141dFw3eMM.csHigh entropy of concatenated method names: 'OElYJKGlig', 'iRdYylDYCw', 'w1xY6lfulU', 'IIoYCZuxEZ', 'eutYQBkghx', 'st3Ytj9ERB', 'kH3YG6cFCp', 'gRMWHqNpDE', 'VnPWIBWBi2', 'P69WEloDd0'
          Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exe.4b98920.1.raw.unpack, WMKORuaqWZ8bGjTHhX.csHigh entropy of concatenated method names: 'waxdNjfSO', 'n70q8xjDk', 'nKjPcopwR', 'hop7APsAj', 'TwYUBO00W', 'b1PivMCVH', 'qsCw07GXIFElr5dgtA', 'sVDOaPqpkBe72puhOh', 'CxLUm1BTeSkaV5cZ9C', 'yS5WE1jsV'
          Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exe.4b98920.1.raw.unpack, XycZQ6ihZsb5hHhheI.csHigh entropy of concatenated method names: 'pofWCcFrSk', 'Hx8WQ6fPFi', 'KkwWMRf7EW', 'UpKWt6Uogy', 'IR6WGhKRR3', 'y6HWkTZO8L', 'ds5WFig4gA', 'zwgW2KZNqE', 'ErQWOpUDaY', 'twKWwUXNhi'
          Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exe.4b98920.1.raw.unpack, QwpIkmTc4W7fPSPU4G.csHigh entropy of concatenated method names: 'YJfVXnngs0', 'PtjVUb58C0', 'GUXVKsUGP3', 'cShVoPx405', 'Fi9VsG5K9m', 'SiAV1d7Wlm', 'O81VfnMWvo', 'brFVuEDYfi', 'e88VjrD5iZ', 'RqAVxX1Zmb'
          Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exe.4b98920.1.raw.unpack, BMgUpomoSW6PRVxHGMD.csHigh entropy of concatenated method names: 'xKrYrCSjtx', 's07YbtACL5', 'z9iYdcvrkM', 'YWKYqSNiom', 'ImCYlW7V0B', 'J5AYPE5KVM', 'aZsY7nl62R', 'qiuYXElMPp', 'BSLYU5UDTA', 'PvZYik3NAO'
          Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exe.4b98920.1.raw.unpack, erEGj1KDA7PtYxTiLC.csHigh entropy of concatenated method names: 'ToString', 'yTFBx9BlC6', 'V1aBoeylv1', 'NyGB4s9mBy', 'DO0BsNGRDZ', 'MYBB1iCf1E', 'KVhBaDIrph', 'cauBfsabTG', 'hvwBujtJ48', 'K7OBmbuay7'
          Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exe.4b98920.1.raw.unpack, G6l4sIzeHTDBaooQSE.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'mveYVyxgAn', 'oNuYh95QeR', 'iKhYBJwEws', 'HghYg3WPUk', 'Q8qYWIr3UW', 'Q2UYYg2nFa', 'kJxYAEG2eL'
          Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exe.4b98920.1.raw.unpack, GM9nRjAm0y9eQYtQoW.csHigh entropy of concatenated method names: 'cY1gIE6FC6', 'zUQgDoISoJ', 'tNwWN1VKWd', 'iYVWJ2kThB', 'WAWgx7guZ5', 'sfJgL9gfd0', 'bswgS3TKr3', 'IcegTIe4eQ', 'Q5fgnj1XUe', 'i08g02kXoa'
          Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exe.4b98920.1.raw.unpack, LoOvAtGDSr5DueSUZ0.csHigh entropy of concatenated method names: 'CWMQTnB298', 'HIaQnRGilA', 'f6AQ08Qij0', 'VdFQ5nvEAA', 'rKSQ8qJbvD', 'QFMQ9K5ITr', 'pKFQHaUZh8', 'zpCQIoa3Jv', 'KT2QEpMkcs', 'nn8QD3g2Xo'
          Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exe.4b98920.1.raw.unpack, JoKtFFlqsrlAKF2DOI.csHigh entropy of concatenated method names: 'kykycKkkeQ', 'wREyC7li7y', 'APryQa9i6l', 'Am7yM8P2S3', 'Uy1ytlsh4p', 'iRTyGHo6tw', 'okrykRS6Ls', 'nVTyFVGp7Z', 'z0Qy2MFoa7', 'HvSyOOOB7O'
          Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exe.4b98920.1.raw.unpack, nPjv9VmFBhSJar81eCQ.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'SArAThuF6I', 'SC0AnM3Mvl', 'EvfA0i7a5C', 'bpHA5HP5LI', 'ju3A8VWO4F', 'k6rA9bfSpy', 'CoPAHu2LWT'
          Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exe.4b10b00.0.raw.unpack, wsMA6Y8v5gMDBEo8JH.csHigh entropy of concatenated method names: 'tVptlOhYDZ', 'Tfst7SMwVp', 'FjCM4WddbY', 'qFOMsi55X5', 'al1M1INbuV', 'clgMaepjaJ', 'gQfMfKZwM5', 'cswMulamLX', 'wkkMmyNglP', 'i4XMjHpVil'
          Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exe.4b10b00.0.raw.unpack, Bj7sOjDsJc215YhLWr.csHigh entropy of concatenated method names: 'BaLkr1aibe', 'iDWkbRDjQh', 'x2VkdN4FyW', 'WRPkqfE9Uy', 'lnXklPvxcY', 'VlWkPnRGyR', 'VLsk7M7Jja', 'xAQkXgTcto', 'vurkU22HHU', 'hKdkihs3K9'
          Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exe.4b10b00.0.raw.unpack, MNSliCp5pLfTfbnbm5.csHigh entropy of concatenated method names: 'Dispose', 'VOoJEWxK7R', 'H1N3ojpchN', 'cbXppUOi3X', 'moBJDrnPWN', 'u9lJzHPyFm', 'ProcessDialogKey', 'n103N3IVLl', 'eJQ3JsxhvR', 'tee33ZAZpj'
          Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exe.4b10b00.0.raw.unpack, jjQvmyMF56mtukRQMQ.csHigh entropy of concatenated method names: 't5BWKvkal2', 'c6aWo5c2c6', 'WJxW4DR41G', 'LfXWsMoGh6', 'xouWTgEwNe', 'rPGW1VmsbZ', 'Next', 'Next', 'Next', 'NextBytes'
          Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exe.4b10b00.0.raw.unpack, xeWQkCEFLvnbKnDpEF.csHigh entropy of concatenated method names: 'bkiMqafFE0', 'yfRMPWYYPp', 'qs1MXpWRlR', 'bFKMUfppC0', 'JQHMhQrQkU', 'LthMBoXbqv', 'PaSMg39caF', 'YbPMWthyb8', 'NMhMYcBSR4', 'L2HMAFcflJ'
          Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exe.4b10b00.0.raw.unpack, smAnK9e31D8m4R6qLi.csHigh entropy of concatenated method names: 'ykdGcKYW5A', 'BZkGQ2Vdqa', 'cNoGtCnk6x', 'BfOGkA8HKQ', 'hrJGFvvvEe', 'Tert8mWlgh', 'jWWt9FNvec', 'Dm1tHbX9Fe', 'OlftIIteWJ', 'rJPtE44eVg'
          Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exe.4b10b00.0.raw.unpack, yNyEsDy6ZIQIwpcLg5.csHigh entropy of concatenated method names: 'P0Uhj2U1BZ', 'uLchLHMiT1', 'AB6hT7YWbb', 'fNrhnPwQgY', 'EPlhofFDqp', 'Kukh4J9hO5', 'smihslRMc1', 'GFlh1MnvKb', 'OiMhauiaCC', 'bCRhfkLR25'
          Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exe.4b10b00.0.raw.unpack, NDciXZjFENg46qwwKL.csHigh entropy of concatenated method names: 'cQ8kCrAJ5w', 'UDIkMGPBCF', 'xKUkGWeOQq', 'QKaGDB4t3S', 'yqWGzm8jc6', 'knokNhiVWB', 'DvNkJijXZH', 'y0xk3Dadyi', 'K5GkyA6VpV', 'oA8k68FAhs'
          Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exe.4b10b00.0.raw.unpack, gR77ck3b1vNAqKeOjn.csHigh entropy of concatenated method names: 'VDkJkrHpc7', 'CETJFSxQwW', 'qoQJOOGNVh', 'VwUJwv8VCr', 'UG0JhDy6me', 'QeBJBmWYWa', 'aDgrn49S9xprh3Om9n', 'ypNTt50qCDr3SPGnSf', 'Q4QJJytK8U', 'pdVJyU7gqx'
          Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exe.4b10b00.0.raw.unpack, KNB6Q2N0141dFw3eMM.csHigh entropy of concatenated method names: 'OElYJKGlig', 'iRdYylDYCw', 'w1xY6lfulU', 'IIoYCZuxEZ', 'eutYQBkghx', 'st3Ytj9ERB', 'kH3YG6cFCp', 'gRMWHqNpDE', 'VnPWIBWBi2', 'P69WEloDd0'
          Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exe.4b10b00.0.raw.unpack, WMKORuaqWZ8bGjTHhX.csHigh entropy of concatenated method names: 'waxdNjfSO', 'n70q8xjDk', 'nKjPcopwR', 'hop7APsAj', 'TwYUBO00W', 'b1PivMCVH', 'qsCw07GXIFElr5dgtA', 'sVDOaPqpkBe72puhOh', 'CxLUm1BTeSkaV5cZ9C', 'yS5WE1jsV'
          Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exe.4b10b00.0.raw.unpack, XycZQ6ihZsb5hHhheI.csHigh entropy of concatenated method names: 'pofWCcFrSk', 'Hx8WQ6fPFi', 'KkwWMRf7EW', 'UpKWt6Uogy', 'IR6WGhKRR3', 'y6HWkTZO8L', 'ds5WFig4gA', 'zwgW2KZNqE', 'ErQWOpUDaY', 'twKWwUXNhi'
          Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exe.4b10b00.0.raw.unpack, QwpIkmTc4W7fPSPU4G.csHigh entropy of concatenated method names: 'YJfVXnngs0', 'PtjVUb58C0', 'GUXVKsUGP3', 'cShVoPx405', 'Fi9VsG5K9m', 'SiAV1d7Wlm', 'O81VfnMWvo', 'brFVuEDYfi', 'e88VjrD5iZ', 'RqAVxX1Zmb'
          Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exe.4b10b00.0.raw.unpack, BMgUpomoSW6PRVxHGMD.csHigh entropy of concatenated method names: 'xKrYrCSjtx', 's07YbtACL5', 'z9iYdcvrkM', 'YWKYqSNiom', 'ImCYlW7V0B', 'J5AYPE5KVM', 'aZsY7nl62R', 'qiuYXElMPp', 'BSLYU5UDTA', 'PvZYik3NAO'
          Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exe.4b10b00.0.raw.unpack, erEGj1KDA7PtYxTiLC.csHigh entropy of concatenated method names: 'ToString', 'yTFBx9BlC6', 'V1aBoeylv1', 'NyGB4s9mBy', 'DO0BsNGRDZ', 'MYBB1iCf1E', 'KVhBaDIrph', 'cauBfsabTG', 'hvwBujtJ48', 'K7OBmbuay7'
          Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exe.4b10b00.0.raw.unpack, G6l4sIzeHTDBaooQSE.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'mveYVyxgAn', 'oNuYh95QeR', 'iKhYBJwEws', 'HghYg3WPUk', 'Q8qYWIr3UW', 'Q2UYYg2nFa', 'kJxYAEG2eL'
          Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exe.4b10b00.0.raw.unpack, GM9nRjAm0y9eQYtQoW.csHigh entropy of concatenated method names: 'cY1gIE6FC6', 'zUQgDoISoJ', 'tNwWN1VKWd', 'iYVWJ2kThB', 'WAWgx7guZ5', 'sfJgL9gfd0', 'bswgS3TKr3', 'IcegTIe4eQ', 'Q5fgnj1XUe', 'i08g02kXoa'
          Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exe.4b10b00.0.raw.unpack, LoOvAtGDSr5DueSUZ0.csHigh entropy of concatenated method names: 'CWMQTnB298', 'HIaQnRGilA', 'f6AQ08Qij0', 'VdFQ5nvEAA', 'rKSQ8qJbvD', 'QFMQ9K5ITr', 'pKFQHaUZh8', 'zpCQIoa3Jv', 'KT2QEpMkcs', 'nn8QD3g2Xo'
          Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exe.4b10b00.0.raw.unpack, JoKtFFlqsrlAKF2DOI.csHigh entropy of concatenated method names: 'kykycKkkeQ', 'wREyC7li7y', 'APryQa9i6l', 'Am7yM8P2S3', 'Uy1ytlsh4p', 'iRTyGHo6tw', 'okrykRS6Ls', 'nVTyFVGp7Z', 'z0Qy2MFoa7', 'HvSyOOOB7O'
          Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exe.4b10b00.0.raw.unpack, nPjv9VmFBhSJar81eCQ.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'SArAThuF6I', 'SC0AnM3Mvl', 'EvfA0i7a5C', 'bpHA5HP5LI', 'ju3A8VWO4F', 'k6rA9bfSpy', 'CoPAHu2LWT'
          Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exe.7f80000.3.raw.unpack, wsMA6Y8v5gMDBEo8JH.csHigh entropy of concatenated method names: 'tVptlOhYDZ', 'Tfst7SMwVp', 'FjCM4WddbY', 'qFOMsi55X5', 'al1M1INbuV', 'clgMaepjaJ', 'gQfMfKZwM5', 'cswMulamLX', 'wkkMmyNglP', 'i4XMjHpVil'
          Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exe.7f80000.3.raw.unpack, Bj7sOjDsJc215YhLWr.csHigh entropy of concatenated method names: 'BaLkr1aibe', 'iDWkbRDjQh', 'x2VkdN4FyW', 'WRPkqfE9Uy', 'lnXklPvxcY', 'VlWkPnRGyR', 'VLsk7M7Jja', 'xAQkXgTcto', 'vurkU22HHU', 'hKdkihs3K9'
          Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exe.7f80000.3.raw.unpack, MNSliCp5pLfTfbnbm5.csHigh entropy of concatenated method names: 'Dispose', 'VOoJEWxK7R', 'H1N3ojpchN', 'cbXppUOi3X', 'moBJDrnPWN', 'u9lJzHPyFm', 'ProcessDialogKey', 'n103N3IVLl', 'eJQ3JsxhvR', 'tee33ZAZpj'
          Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exe.7f80000.3.raw.unpack, jjQvmyMF56mtukRQMQ.csHigh entropy of concatenated method names: 't5BWKvkal2', 'c6aWo5c2c6', 'WJxW4DR41G', 'LfXWsMoGh6', 'xouWTgEwNe', 'rPGW1VmsbZ', 'Next', 'Next', 'Next', 'NextBytes'
          Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exe.7f80000.3.raw.unpack, xeWQkCEFLvnbKnDpEF.csHigh entropy of concatenated method names: 'bkiMqafFE0', 'yfRMPWYYPp', 'qs1MXpWRlR', 'bFKMUfppC0', 'JQHMhQrQkU', 'LthMBoXbqv', 'PaSMg39caF', 'YbPMWthyb8', 'NMhMYcBSR4', 'L2HMAFcflJ'
          Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exe.7f80000.3.raw.unpack, smAnK9e31D8m4R6qLi.csHigh entropy of concatenated method names: 'ykdGcKYW5A', 'BZkGQ2Vdqa', 'cNoGtCnk6x', 'BfOGkA8HKQ', 'hrJGFvvvEe', 'Tert8mWlgh', 'jWWt9FNvec', 'Dm1tHbX9Fe', 'OlftIIteWJ', 'rJPtE44eVg'
          Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exe.7f80000.3.raw.unpack, yNyEsDy6ZIQIwpcLg5.csHigh entropy of concatenated method names: 'P0Uhj2U1BZ', 'uLchLHMiT1', 'AB6hT7YWbb', 'fNrhnPwQgY', 'EPlhofFDqp', 'Kukh4J9hO5', 'smihslRMc1', 'GFlh1MnvKb', 'OiMhauiaCC', 'bCRhfkLR25'
          Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exe.7f80000.3.raw.unpack, NDciXZjFENg46qwwKL.csHigh entropy of concatenated method names: 'cQ8kCrAJ5w', 'UDIkMGPBCF', 'xKUkGWeOQq', 'QKaGDB4t3S', 'yqWGzm8jc6', 'knokNhiVWB', 'DvNkJijXZH', 'y0xk3Dadyi', 'K5GkyA6VpV', 'oA8k68FAhs'
          Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exe.7f80000.3.raw.unpack, gR77ck3b1vNAqKeOjn.csHigh entropy of concatenated method names: 'VDkJkrHpc7', 'CETJFSxQwW', 'qoQJOOGNVh', 'VwUJwv8VCr', 'UG0JhDy6me', 'QeBJBmWYWa', 'aDgrn49S9xprh3Om9n', 'ypNTt50qCDr3SPGnSf', 'Q4QJJytK8U', 'pdVJyU7gqx'
          Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exe.7f80000.3.raw.unpack, KNB6Q2N0141dFw3eMM.csHigh entropy of concatenated method names: 'OElYJKGlig', 'iRdYylDYCw', 'w1xY6lfulU', 'IIoYCZuxEZ', 'eutYQBkghx', 'st3Ytj9ERB', 'kH3YG6cFCp', 'gRMWHqNpDE', 'VnPWIBWBi2', 'P69WEloDd0'
          Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exe.7f80000.3.raw.unpack, WMKORuaqWZ8bGjTHhX.csHigh entropy of concatenated method names: 'waxdNjfSO', 'n70q8xjDk', 'nKjPcopwR', 'hop7APsAj', 'TwYUBO00W', 'b1PivMCVH', 'qsCw07GXIFElr5dgtA', 'sVDOaPqpkBe72puhOh', 'CxLUm1BTeSkaV5cZ9C', 'yS5WE1jsV'
          Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exe.7f80000.3.raw.unpack, XycZQ6ihZsb5hHhheI.csHigh entropy of concatenated method names: 'pofWCcFrSk', 'Hx8WQ6fPFi', 'KkwWMRf7EW', 'UpKWt6Uogy', 'IR6WGhKRR3', 'y6HWkTZO8L', 'ds5WFig4gA', 'zwgW2KZNqE', 'ErQWOpUDaY', 'twKWwUXNhi'
          Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exe.7f80000.3.raw.unpack, QwpIkmTc4W7fPSPU4G.csHigh entropy of concatenated method names: 'YJfVXnngs0', 'PtjVUb58C0', 'GUXVKsUGP3', 'cShVoPx405', 'Fi9VsG5K9m', 'SiAV1d7Wlm', 'O81VfnMWvo', 'brFVuEDYfi', 'e88VjrD5iZ', 'RqAVxX1Zmb'
          Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exe.7f80000.3.raw.unpack, BMgUpomoSW6PRVxHGMD.csHigh entropy of concatenated method names: 'xKrYrCSjtx', 's07YbtACL5', 'z9iYdcvrkM', 'YWKYqSNiom', 'ImCYlW7V0B', 'J5AYPE5KVM', 'aZsY7nl62R', 'qiuYXElMPp', 'BSLYU5UDTA', 'PvZYik3NAO'
          Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exe.7f80000.3.raw.unpack, erEGj1KDA7PtYxTiLC.csHigh entropy of concatenated method names: 'ToString', 'yTFBx9BlC6', 'V1aBoeylv1', 'NyGB4s9mBy', 'DO0BsNGRDZ', 'MYBB1iCf1E', 'KVhBaDIrph', 'cauBfsabTG', 'hvwBujtJ48', 'K7OBmbuay7'
          Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exe.7f80000.3.raw.unpack, G6l4sIzeHTDBaooQSE.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'mveYVyxgAn', 'oNuYh95QeR', 'iKhYBJwEws', 'HghYg3WPUk', 'Q8qYWIr3UW', 'Q2UYYg2nFa', 'kJxYAEG2eL'
          Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exe.7f80000.3.raw.unpack, GM9nRjAm0y9eQYtQoW.csHigh entropy of concatenated method names: 'cY1gIE6FC6', 'zUQgDoISoJ', 'tNwWN1VKWd', 'iYVWJ2kThB', 'WAWgx7guZ5', 'sfJgL9gfd0', 'bswgS3TKr3', 'IcegTIe4eQ', 'Q5fgnj1XUe', 'i08g02kXoa'
          Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exe.7f80000.3.raw.unpack, LoOvAtGDSr5DueSUZ0.csHigh entropy of concatenated method names: 'CWMQTnB298', 'HIaQnRGilA', 'f6AQ08Qij0', 'VdFQ5nvEAA', 'rKSQ8qJbvD', 'QFMQ9K5ITr', 'pKFQHaUZh8', 'zpCQIoa3Jv', 'KT2QEpMkcs', 'nn8QD3g2Xo'
          Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exe.7f80000.3.raw.unpack, JoKtFFlqsrlAKF2DOI.csHigh entropy of concatenated method names: 'kykycKkkeQ', 'wREyC7li7y', 'APryQa9i6l', 'Am7yM8P2S3', 'Uy1ytlsh4p', 'iRTyGHo6tw', 'okrykRS6Ls', 'nVTyFVGp7Z', 'z0Qy2MFoa7', 'HvSyOOOB7O'
          Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exe.7f80000.3.raw.unpack, nPjv9VmFBhSJar81eCQ.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'SArAThuF6I', 'SC0AnM3Mvl', 'EvfA0i7a5C', 'bpHA5HP5LI', 'ju3A8VWO4F', 'k6rA9bfSpy', 'CoPAHu2LWT'
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion

          barindex
          Yara detected AntiVM3
          Source: Yara matchFile source: Process Memory Space: SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exe PID: 7596, type: MEMORYSTR
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeMemory allocated: 16B0000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeMemory allocated: 3080000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeMemory allocated: 5080000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeMemory allocated: 9400000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeMemory allocated: A400000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeMemory allocated: A610000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeMemory allocated: B610000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeMemory allocated: BA20000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeMemory allocated: CA20000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeMemory allocated: DA20000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0176096E rdtsc 3_2_0176096E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeAPI coverage: 0.3 %
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exe TID: 7644Thread sleep time: -922337203685477s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: Amcache.hve.6.drBinary or memory string: VMware
          Source: Amcache.hve.6.drBinary or memory string: VMware Virtual USB Mouse
          Source: Amcache.hve.6.drBinary or memory string: vmci.syshbin
          Source: Amcache.hve.6.drBinary or memory string: VMware, Inc.
          Source: Amcache.hve.6.drBinary or memory string: VMware20,1hbin@
          Source: Amcache.hve.6.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
          Source: Amcache.hve.6.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
          Source: Amcache.hve.6.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
          Source: Amcache.hve.6.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
          Source: Amcache.hve.6.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
          Source: Amcache.hve.6.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
          Source: Amcache.hve.6.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
          Source: Amcache.hve.6.drBinary or memory string: vmci.sys
          Source: Amcache.hve.6.drBinary or memory string: vmci.syshbin`
          Source: Amcache.hve.6.drBinary or memory string: \driver\vmci,\driver\pci
          Source: Amcache.hve.6.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
          Source: Amcache.hve.6.drBinary or memory string: VMware20,1
          Source: Amcache.hve.6.drBinary or memory string: Microsoft Hyper-V Generation Counter
          Source: Amcache.hve.6.drBinary or memory string: NECVMWar VMware SATA CD00
          Source: Amcache.hve.6.drBinary or memory string: VMware Virtual disk SCSI Disk Device
          Source: Amcache.hve.6.drBinary or memory string: VMware-42 27 c7 3b 45 a3 e4 a4-61 bc 19 7c 28 5c 10 19
          Source: Amcache.hve.6.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
          Source: Amcache.hve.6.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
          Source: Amcache.hve.6.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
          Source: Amcache.hve.6.drBinary or memory string: VMware PCI VMCI Bus Device
          Source: Amcache.hve.6.drBinary or memory string: VMware VMCI Bus Device
          Source: Amcache.hve.6.drBinary or memory string: VMware Virtual RAM
          Source: Amcache.hve.6.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
          Source: Amcache.hve.6.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0176096E rdtsc 3_2_0176096E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01762DF0 NtQuerySystemInformation,LdrInitializeThunk,3_2_01762DF0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017F4164 mov eax, dword ptr fs:[00000030h]3_2_017F4164
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017F4164 mov eax, dword ptr fs:[00000030h]3_2_017F4164
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017B8158 mov eax, dword ptr fs:[00000030h]3_2_017B8158
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01726154 mov eax, dword ptr fs:[00000030h]3_2_01726154
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01726154 mov eax, dword ptr fs:[00000030h]3_2_01726154
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0171C156 mov eax, dword ptr fs:[00000030h]3_2_0171C156
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017B4144 mov eax, dword ptr fs:[00000030h]3_2_017B4144
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017B4144 mov eax, dword ptr fs:[00000030h]3_2_017B4144
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017B4144 mov ecx, dword ptr fs:[00000030h]3_2_017B4144
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017B4144 mov eax, dword ptr fs:[00000030h]3_2_017B4144
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017B4144 mov eax, dword ptr fs:[00000030h]3_2_017B4144
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01750124 mov eax, dword ptr fs:[00000030h]3_2_01750124
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017CA118 mov ecx, dword ptr fs:[00000030h]3_2_017CA118
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017CA118 mov eax, dword ptr fs:[00000030h]3_2_017CA118
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017CA118 mov eax, dword ptr fs:[00000030h]3_2_017CA118
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017CA118 mov eax, dword ptr fs:[00000030h]3_2_017CA118
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017E0115 mov eax, dword ptr fs:[00000030h]3_2_017E0115
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017CE10E mov eax, dword ptr fs:[00000030h]3_2_017CE10E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017CE10E mov ecx, dword ptr fs:[00000030h]3_2_017CE10E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017CE10E mov eax, dword ptr fs:[00000030h]3_2_017CE10E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017CE10E mov eax, dword ptr fs:[00000030h]3_2_017CE10E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017CE10E mov ecx, dword ptr fs:[00000030h]3_2_017CE10E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017CE10E mov eax, dword ptr fs:[00000030h]3_2_017CE10E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017CE10E mov eax, dword ptr fs:[00000030h]3_2_017CE10E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017CE10E mov ecx, dword ptr fs:[00000030h]3_2_017CE10E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017CE10E mov eax, dword ptr fs:[00000030h]3_2_017CE10E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017CE10E mov ecx, dword ptr fs:[00000030h]3_2_017CE10E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017501F8 mov eax, dword ptr fs:[00000030h]3_2_017501F8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017F61E5 mov eax, dword ptr fs:[00000030h]3_2_017F61E5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0179E1D0 mov eax, dword ptr fs:[00000030h]3_2_0179E1D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0179E1D0 mov eax, dword ptr fs:[00000030h]3_2_0179E1D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0179E1D0 mov ecx, dword ptr fs:[00000030h]3_2_0179E1D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0179E1D0 mov eax, dword ptr fs:[00000030h]3_2_0179E1D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0179E1D0 mov eax, dword ptr fs:[00000030h]3_2_0179E1D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017E61C3 mov eax, dword ptr fs:[00000030h]3_2_017E61C3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017E61C3 mov eax, dword ptr fs:[00000030h]3_2_017E61C3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017A019F mov eax, dword ptr fs:[00000030h]3_2_017A019F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017A019F mov eax, dword ptr fs:[00000030h]3_2_017A019F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017A019F mov eax, dword ptr fs:[00000030h]3_2_017A019F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017A019F mov eax, dword ptr fs:[00000030h]3_2_017A019F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0171A197 mov eax, dword ptr fs:[00000030h]3_2_0171A197
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0171A197 mov eax, dword ptr fs:[00000030h]3_2_0171A197
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0171A197 mov eax, dword ptr fs:[00000030h]3_2_0171A197
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01760185 mov eax, dword ptr fs:[00000030h]3_2_01760185
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017DC188 mov eax, dword ptr fs:[00000030h]3_2_017DC188
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017DC188 mov eax, dword ptr fs:[00000030h]3_2_017DC188
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017C4180 mov eax, dword ptr fs:[00000030h]3_2_017C4180
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017C4180 mov eax, dword ptr fs:[00000030h]3_2_017C4180
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0174C073 mov eax, dword ptr fs:[00000030h]3_2_0174C073
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01722050 mov eax, dword ptr fs:[00000030h]3_2_01722050
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017A6050 mov eax, dword ptr fs:[00000030h]3_2_017A6050
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017B6030 mov eax, dword ptr fs:[00000030h]3_2_017B6030
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0171A020 mov eax, dword ptr fs:[00000030h]3_2_0171A020
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0171C020 mov eax, dword ptr fs:[00000030h]3_2_0171C020
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0173E016 mov eax, dword ptr fs:[00000030h]3_2_0173E016
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0173E016 mov eax, dword ptr fs:[00000030h]3_2_0173E016
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0173E016 mov eax, dword ptr fs:[00000030h]3_2_0173E016
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0173E016 mov eax, dword ptr fs:[00000030h]3_2_0173E016
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017A4000 mov ecx, dword ptr fs:[00000030h]3_2_017A4000
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017C2000 mov eax, dword ptr fs:[00000030h]3_2_017C2000
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017C2000 mov eax, dword ptr fs:[00000030h]3_2_017C2000
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017C2000 mov eax, dword ptr fs:[00000030h]3_2_017C2000
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017C2000 mov eax, dword ptr fs:[00000030h]3_2_017C2000
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017C2000 mov eax, dword ptr fs:[00000030h]3_2_017C2000
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017C2000 mov eax, dword ptr fs:[00000030h]3_2_017C2000
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017C2000 mov eax, dword ptr fs:[00000030h]3_2_017C2000
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017C2000 mov eax, dword ptr fs:[00000030h]3_2_017C2000
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0171C0F0 mov eax, dword ptr fs:[00000030h]3_2_0171C0F0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017620F0 mov ecx, dword ptr fs:[00000030h]3_2_017620F0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0171A0E3 mov ecx, dword ptr fs:[00000030h]3_2_0171A0E3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017A60E0 mov eax, dword ptr fs:[00000030h]3_2_017A60E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017280E9 mov eax, dword ptr fs:[00000030h]3_2_017280E9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017A20DE mov eax, dword ptr fs:[00000030h]3_2_017A20DE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017E60B8 mov eax, dword ptr fs:[00000030h]3_2_017E60B8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017E60B8 mov ecx, dword ptr fs:[00000030h]3_2_017E60B8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017180A0 mov eax, dword ptr fs:[00000030h]3_2_017180A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017B80A8 mov eax, dword ptr fs:[00000030h]3_2_017B80A8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0172208A mov eax, dword ptr fs:[00000030h]3_2_0172208A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017C437C mov eax, dword ptr fs:[00000030h]3_2_017C437C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017A035C mov eax, dword ptr fs:[00000030h]3_2_017A035C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017A035C mov eax, dword ptr fs:[00000030h]3_2_017A035C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017A035C mov eax, dword ptr fs:[00000030h]3_2_017A035C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017A035C mov ecx, dword ptr fs:[00000030h]3_2_017A035C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017A035C mov eax, dword ptr fs:[00000030h]3_2_017A035C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017A035C mov eax, dword ptr fs:[00000030h]3_2_017A035C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017EA352 mov eax, dword ptr fs:[00000030h]3_2_017EA352
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017C8350 mov ecx, dword ptr fs:[00000030h]3_2_017C8350
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017F634F mov eax, dword ptr fs:[00000030h]3_2_017F634F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017A2349 mov eax, dword ptr fs:[00000030h]3_2_017A2349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017A2349 mov eax, dword ptr fs:[00000030h]3_2_017A2349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017A2349 mov eax, dword ptr fs:[00000030h]3_2_017A2349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017A2349 mov eax, dword ptr fs:[00000030h]3_2_017A2349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017A2349 mov eax, dword ptr fs:[00000030h]3_2_017A2349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017A2349 mov eax, dword ptr fs:[00000030h]3_2_017A2349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017A2349 mov eax, dword ptr fs:[00000030h]3_2_017A2349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017A2349 mov eax, dword ptr fs:[00000030h]3_2_017A2349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017A2349 mov eax, dword ptr fs:[00000030h]3_2_017A2349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017A2349 mov eax, dword ptr fs:[00000030h]3_2_017A2349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017A2349 mov eax, dword ptr fs:[00000030h]3_2_017A2349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017A2349 mov eax, dword ptr fs:[00000030h]3_2_017A2349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017A2349 mov eax, dword ptr fs:[00000030h]3_2_017A2349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017A2349 mov eax, dword ptr fs:[00000030h]3_2_017A2349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017A2349 mov eax, dword ptr fs:[00000030h]3_2_017A2349
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017F8324 mov eax, dword ptr fs:[00000030h]3_2_017F8324
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017F8324 mov ecx, dword ptr fs:[00000030h]3_2_017F8324
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017F8324 mov eax, dword ptr fs:[00000030h]3_2_017F8324
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017F8324 mov eax, dword ptr fs:[00000030h]3_2_017F8324
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0171C310 mov ecx, dword ptr fs:[00000030h]3_2_0171C310
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01740310 mov ecx, dword ptr fs:[00000030h]3_2_01740310
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0175A30B mov eax, dword ptr fs:[00000030h]3_2_0175A30B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0175A30B mov eax, dword ptr fs:[00000030h]3_2_0175A30B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0175A30B mov eax, dword ptr fs:[00000030h]3_2_0175A30B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0173E3F0 mov eax, dword ptr fs:[00000030h]3_2_0173E3F0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0173E3F0 mov eax, dword ptr fs:[00000030h]3_2_0173E3F0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0173E3F0 mov eax, dword ptr fs:[00000030h]3_2_0173E3F0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017563FF mov eax, dword ptr fs:[00000030h]3_2_017563FF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017303E9 mov eax, dword ptr fs:[00000030h]3_2_017303E9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017303E9 mov eax, dword ptr fs:[00000030h]3_2_017303E9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017303E9 mov eax, dword ptr fs:[00000030h]3_2_017303E9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017303E9 mov eax, dword ptr fs:[00000030h]3_2_017303E9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017303E9 mov eax, dword ptr fs:[00000030h]3_2_017303E9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017303E9 mov eax, dword ptr fs:[00000030h]3_2_017303E9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017303E9 mov eax, dword ptr fs:[00000030h]3_2_017303E9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017303E9 mov eax, dword ptr fs:[00000030h]3_2_017303E9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017CE3DB mov eax, dword ptr fs:[00000030h]3_2_017CE3DB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017CE3DB mov eax, dword ptr fs:[00000030h]3_2_017CE3DB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017CE3DB mov ecx, dword ptr fs:[00000030h]3_2_017CE3DB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017CE3DB mov eax, dword ptr fs:[00000030h]3_2_017CE3DB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017C43D4 mov eax, dword ptr fs:[00000030h]3_2_017C43D4
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017C43D4 mov eax, dword ptr fs:[00000030h]3_2_017C43D4
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017DC3CD mov eax, dword ptr fs:[00000030h]3_2_017DC3CD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0172A3C0 mov eax, dword ptr fs:[00000030h]3_2_0172A3C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0172A3C0 mov eax, dword ptr fs:[00000030h]3_2_0172A3C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0172A3C0 mov eax, dword ptr fs:[00000030h]3_2_0172A3C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0172A3C0 mov eax, dword ptr fs:[00000030h]3_2_0172A3C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0172A3C0 mov eax, dword ptr fs:[00000030h]3_2_0172A3C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0172A3C0 mov eax, dword ptr fs:[00000030h]3_2_0172A3C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017283C0 mov eax, dword ptr fs:[00000030h]3_2_017283C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017283C0 mov eax, dword ptr fs:[00000030h]3_2_017283C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017283C0 mov eax, dword ptr fs:[00000030h]3_2_017283C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017283C0 mov eax, dword ptr fs:[00000030h]3_2_017283C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017A63C0 mov eax, dword ptr fs:[00000030h]3_2_017A63C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01718397 mov eax, dword ptr fs:[00000030h]3_2_01718397
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01718397 mov eax, dword ptr fs:[00000030h]3_2_01718397
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01718397 mov eax, dword ptr fs:[00000030h]3_2_01718397
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0171E388 mov eax, dword ptr fs:[00000030h]3_2_0171E388
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0171E388 mov eax, dword ptr fs:[00000030h]3_2_0171E388
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0171E388 mov eax, dword ptr fs:[00000030h]3_2_0171E388
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0174438F mov eax, dword ptr fs:[00000030h]3_2_0174438F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0174438F mov eax, dword ptr fs:[00000030h]3_2_0174438F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017D0274 mov eax, dword ptr fs:[00000030h]3_2_017D0274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017D0274 mov eax, dword ptr fs:[00000030h]3_2_017D0274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017D0274 mov eax, dword ptr fs:[00000030h]3_2_017D0274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017D0274 mov eax, dword ptr fs:[00000030h]3_2_017D0274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017D0274 mov eax, dword ptr fs:[00000030h]3_2_017D0274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017D0274 mov eax, dword ptr fs:[00000030h]3_2_017D0274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017D0274 mov eax, dword ptr fs:[00000030h]3_2_017D0274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017D0274 mov eax, dword ptr fs:[00000030h]3_2_017D0274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017D0274 mov eax, dword ptr fs:[00000030h]3_2_017D0274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017D0274 mov eax, dword ptr fs:[00000030h]3_2_017D0274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017D0274 mov eax, dword ptr fs:[00000030h]3_2_017D0274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017D0274 mov eax, dword ptr fs:[00000030h]3_2_017D0274
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01724260 mov eax, dword ptr fs:[00000030h]3_2_01724260
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01724260 mov eax, dword ptr fs:[00000030h]3_2_01724260
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01724260 mov eax, dword ptr fs:[00000030h]3_2_01724260
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0171826B mov eax, dword ptr fs:[00000030h]3_2_0171826B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0171A250 mov eax, dword ptr fs:[00000030h]3_2_0171A250
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017F625D mov eax, dword ptr fs:[00000030h]3_2_017F625D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01726259 mov eax, dword ptr fs:[00000030h]3_2_01726259
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017DA250 mov eax, dword ptr fs:[00000030h]3_2_017DA250
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017DA250 mov eax, dword ptr fs:[00000030h]3_2_017DA250
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017A8243 mov eax, dword ptr fs:[00000030h]3_2_017A8243
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017A8243 mov ecx, dword ptr fs:[00000030h]3_2_017A8243
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0171823B mov eax, dword ptr fs:[00000030h]3_2_0171823B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017302E1 mov eax, dword ptr fs:[00000030h]3_2_017302E1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017302E1 mov eax, dword ptr fs:[00000030h]3_2_017302E1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017302E1 mov eax, dword ptr fs:[00000030h]3_2_017302E1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017F62D6 mov eax, dword ptr fs:[00000030h]3_2_017F62D6
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0172A2C3 mov eax, dword ptr fs:[00000030h]3_2_0172A2C3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0172A2C3 mov eax, dword ptr fs:[00000030h]3_2_0172A2C3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0172A2C3 mov eax, dword ptr fs:[00000030h]3_2_0172A2C3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0172A2C3 mov eax, dword ptr fs:[00000030h]3_2_0172A2C3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0172A2C3 mov eax, dword ptr fs:[00000030h]3_2_0172A2C3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017302A0 mov eax, dword ptr fs:[00000030h]3_2_017302A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017302A0 mov eax, dword ptr fs:[00000030h]3_2_017302A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017B62A0 mov eax, dword ptr fs:[00000030h]3_2_017B62A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017B62A0 mov ecx, dword ptr fs:[00000030h]3_2_017B62A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017B62A0 mov eax, dword ptr fs:[00000030h]3_2_017B62A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017B62A0 mov eax, dword ptr fs:[00000030h]3_2_017B62A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017B62A0 mov eax, dword ptr fs:[00000030h]3_2_017B62A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017B62A0 mov eax, dword ptr fs:[00000030h]3_2_017B62A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0175E284 mov eax, dword ptr fs:[00000030h]3_2_0175E284
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0175E284 mov eax, dword ptr fs:[00000030h]3_2_0175E284
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017A0283 mov eax, dword ptr fs:[00000030h]3_2_017A0283
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017A0283 mov eax, dword ptr fs:[00000030h]3_2_017A0283
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017A0283 mov eax, dword ptr fs:[00000030h]3_2_017A0283
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0175656A mov eax, dword ptr fs:[00000030h]3_2_0175656A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0175656A mov eax, dword ptr fs:[00000030h]3_2_0175656A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0175656A mov eax, dword ptr fs:[00000030h]3_2_0175656A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01728550 mov eax, dword ptr fs:[00000030h]3_2_01728550
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01728550 mov eax, dword ptr fs:[00000030h]3_2_01728550
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01730535 mov eax, dword ptr fs:[00000030h]3_2_01730535
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01730535 mov eax, dword ptr fs:[00000030h]3_2_01730535
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01730535 mov eax, dword ptr fs:[00000030h]3_2_01730535
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01730535 mov eax, dword ptr fs:[00000030h]3_2_01730535
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01730535 mov eax, dword ptr fs:[00000030h]3_2_01730535
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01730535 mov eax, dword ptr fs:[00000030h]3_2_01730535
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0174E53E mov eax, dword ptr fs:[00000030h]3_2_0174E53E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0174E53E mov eax, dword ptr fs:[00000030h]3_2_0174E53E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0174E53E mov eax, dword ptr fs:[00000030h]3_2_0174E53E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0174E53E mov eax, dword ptr fs:[00000030h]3_2_0174E53E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0174E53E mov eax, dword ptr fs:[00000030h]3_2_0174E53E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017B6500 mov eax, dword ptr fs:[00000030h]3_2_017B6500
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017F4500 mov eax, dword ptr fs:[00000030h]3_2_017F4500
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017F4500 mov eax, dword ptr fs:[00000030h]3_2_017F4500
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017F4500 mov eax, dword ptr fs:[00000030h]3_2_017F4500
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017F4500 mov eax, dword ptr fs:[00000030h]3_2_017F4500
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017F4500 mov eax, dword ptr fs:[00000030h]3_2_017F4500
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017F4500 mov eax, dword ptr fs:[00000030h]3_2_017F4500
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017F4500 mov eax, dword ptr fs:[00000030h]3_2_017F4500
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017225E0 mov eax, dword ptr fs:[00000030h]3_2_017225E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0174E5E7 mov eax, dword ptr fs:[00000030h]3_2_0174E5E7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0174E5E7 mov eax, dword ptr fs:[00000030h]3_2_0174E5E7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0174E5E7 mov eax, dword ptr fs:[00000030h]3_2_0174E5E7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0174E5E7 mov eax, dword ptr fs:[00000030h]3_2_0174E5E7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0174E5E7 mov eax, dword ptr fs:[00000030h]3_2_0174E5E7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0174E5E7 mov eax, dword ptr fs:[00000030h]3_2_0174E5E7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0174E5E7 mov eax, dword ptr fs:[00000030h]3_2_0174E5E7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0174E5E7 mov eax, dword ptr fs:[00000030h]3_2_0174E5E7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0175C5ED mov eax, dword ptr fs:[00000030h]3_2_0175C5ED
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0175C5ED mov eax, dword ptr fs:[00000030h]3_2_0175C5ED
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017265D0 mov eax, dword ptr fs:[00000030h]3_2_017265D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0175A5D0 mov eax, dword ptr fs:[00000030h]3_2_0175A5D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0175A5D0 mov eax, dword ptr fs:[00000030h]3_2_0175A5D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0175E5CF mov eax, dword ptr fs:[00000030h]3_2_0175E5CF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0175E5CF mov eax, dword ptr fs:[00000030h]3_2_0175E5CF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017445B1 mov eax, dword ptr fs:[00000030h]3_2_017445B1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017445B1 mov eax, dword ptr fs:[00000030h]3_2_017445B1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017A05A7 mov eax, dword ptr fs:[00000030h]3_2_017A05A7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017A05A7 mov eax, dword ptr fs:[00000030h]3_2_017A05A7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017A05A7 mov eax, dword ptr fs:[00000030h]3_2_017A05A7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0175E59C mov eax, dword ptr fs:[00000030h]3_2_0175E59C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01722582 mov eax, dword ptr fs:[00000030h]3_2_01722582
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01722582 mov ecx, dword ptr fs:[00000030h]3_2_01722582
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01754588 mov eax, dword ptr fs:[00000030h]3_2_01754588
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0174A470 mov eax, dword ptr fs:[00000030h]3_2_0174A470
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0174A470 mov eax, dword ptr fs:[00000030h]3_2_0174A470
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0174A470 mov eax, dword ptr fs:[00000030h]3_2_0174A470
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017AC460 mov ecx, dword ptr fs:[00000030h]3_2_017AC460
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017DA456 mov eax, dword ptr fs:[00000030h]3_2_017DA456
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0171645D mov eax, dword ptr fs:[00000030h]3_2_0171645D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0174245A mov eax, dword ptr fs:[00000030h]3_2_0174245A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0175E443 mov eax, dword ptr fs:[00000030h]3_2_0175E443
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0175E443 mov eax, dword ptr fs:[00000030h]3_2_0175E443
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0175E443 mov eax, dword ptr fs:[00000030h]3_2_0175E443
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0175E443 mov eax, dword ptr fs:[00000030h]3_2_0175E443
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0175E443 mov eax, dword ptr fs:[00000030h]3_2_0175E443
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0175E443 mov eax, dword ptr fs:[00000030h]3_2_0175E443
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0175E443 mov eax, dword ptr fs:[00000030h]3_2_0175E443
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0175E443 mov eax, dword ptr fs:[00000030h]3_2_0175E443
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0175A430 mov eax, dword ptr fs:[00000030h]3_2_0175A430
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0171E420 mov eax, dword ptr fs:[00000030h]3_2_0171E420
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0171E420 mov eax, dword ptr fs:[00000030h]3_2_0171E420
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0171E420 mov eax, dword ptr fs:[00000030h]3_2_0171E420
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0171C427 mov eax, dword ptr fs:[00000030h]3_2_0171C427
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017A6420 mov eax, dword ptr fs:[00000030h]3_2_017A6420
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017A6420 mov eax, dword ptr fs:[00000030h]3_2_017A6420
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017A6420 mov eax, dword ptr fs:[00000030h]3_2_017A6420
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017A6420 mov eax, dword ptr fs:[00000030h]3_2_017A6420
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017A6420 mov eax, dword ptr fs:[00000030h]3_2_017A6420
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017A6420 mov eax, dword ptr fs:[00000030h]3_2_017A6420
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017A6420 mov eax, dword ptr fs:[00000030h]3_2_017A6420
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01758402 mov eax, dword ptr fs:[00000030h]3_2_01758402
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01758402 mov eax, dword ptr fs:[00000030h]3_2_01758402
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01758402 mov eax, dword ptr fs:[00000030h]3_2_01758402
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017204E5 mov ecx, dword ptr fs:[00000030h]3_2_017204E5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017544B0 mov ecx, dword ptr fs:[00000030h]3_2_017544B0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017AA4B0 mov eax, dword ptr fs:[00000030h]3_2_017AA4B0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017264AB mov eax, dword ptr fs:[00000030h]3_2_017264AB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017DA49A mov eax, dword ptr fs:[00000030h]3_2_017DA49A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01728770 mov eax, dword ptr fs:[00000030h]3_2_01728770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01730770 mov eax, dword ptr fs:[00000030h]3_2_01730770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01730770 mov eax, dword ptr fs:[00000030h]3_2_01730770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01730770 mov eax, dword ptr fs:[00000030h]3_2_01730770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01730770 mov eax, dword ptr fs:[00000030h]3_2_01730770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01730770 mov eax, dword ptr fs:[00000030h]3_2_01730770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01730770 mov eax, dword ptr fs:[00000030h]3_2_01730770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01730770 mov eax, dword ptr fs:[00000030h]3_2_01730770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01730770 mov eax, dword ptr fs:[00000030h]3_2_01730770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01730770 mov eax, dword ptr fs:[00000030h]3_2_01730770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01730770 mov eax, dword ptr fs:[00000030h]3_2_01730770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01730770 mov eax, dword ptr fs:[00000030h]3_2_01730770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01730770 mov eax, dword ptr fs:[00000030h]3_2_01730770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01720750 mov eax, dword ptr fs:[00000030h]3_2_01720750
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01762750 mov eax, dword ptr fs:[00000030h]3_2_01762750
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01762750 mov eax, dword ptr fs:[00000030h]3_2_01762750
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017AE75D mov eax, dword ptr fs:[00000030h]3_2_017AE75D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017A4755 mov eax, dword ptr fs:[00000030h]3_2_017A4755
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0175674D mov esi, dword ptr fs:[00000030h]3_2_0175674D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0175674D mov eax, dword ptr fs:[00000030h]3_2_0175674D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0175674D mov eax, dword ptr fs:[00000030h]3_2_0175674D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0175273C mov eax, dword ptr fs:[00000030h]3_2_0175273C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0175273C mov ecx, dword ptr fs:[00000030h]3_2_0175273C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0175273C mov eax, dword ptr fs:[00000030h]3_2_0175273C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0179C730 mov eax, dword ptr fs:[00000030h]3_2_0179C730
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0175C720 mov eax, dword ptr fs:[00000030h]3_2_0175C720
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0175C720 mov eax, dword ptr fs:[00000030h]3_2_0175C720
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01720710 mov eax, dword ptr fs:[00000030h]3_2_01720710
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01750710 mov eax, dword ptr fs:[00000030h]3_2_01750710
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0175C700 mov eax, dword ptr fs:[00000030h]3_2_0175C700
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017247FB mov eax, dword ptr fs:[00000030h]3_2_017247FB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017247FB mov eax, dword ptr fs:[00000030h]3_2_017247FB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017427ED mov eax, dword ptr fs:[00000030h]3_2_017427ED
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017427ED mov eax, dword ptr fs:[00000030h]3_2_017427ED
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017427ED mov eax, dword ptr fs:[00000030h]3_2_017427ED
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017AE7E1 mov eax, dword ptr fs:[00000030h]3_2_017AE7E1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0172C7C0 mov eax, dword ptr fs:[00000030h]3_2_0172C7C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017A07C3 mov eax, dword ptr fs:[00000030h]3_2_017A07C3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017207AF mov eax, dword ptr fs:[00000030h]3_2_017207AF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017D47A0 mov eax, dword ptr fs:[00000030h]3_2_017D47A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017C678E mov eax, dword ptr fs:[00000030h]3_2_017C678E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01752674 mov eax, dword ptr fs:[00000030h]3_2_01752674
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017E866E mov eax, dword ptr fs:[00000030h]3_2_017E866E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017E866E mov eax, dword ptr fs:[00000030h]3_2_017E866E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0175A660 mov eax, dword ptr fs:[00000030h]3_2_0175A660
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0175A660 mov eax, dword ptr fs:[00000030h]3_2_0175A660
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0173C640 mov eax, dword ptr fs:[00000030h]3_2_0173C640
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0173E627 mov eax, dword ptr fs:[00000030h]3_2_0173E627
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01756620 mov eax, dword ptr fs:[00000030h]3_2_01756620
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01758620 mov eax, dword ptr fs:[00000030h]3_2_01758620
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0172262C mov eax, dword ptr fs:[00000030h]3_2_0172262C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01762619 mov eax, dword ptr fs:[00000030h]3_2_01762619
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0179E609 mov eax, dword ptr fs:[00000030h]3_2_0179E609
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0173260B mov eax, dword ptr fs:[00000030h]3_2_0173260B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0173260B mov eax, dword ptr fs:[00000030h]3_2_0173260B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0173260B mov eax, dword ptr fs:[00000030h]3_2_0173260B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0173260B mov eax, dword ptr fs:[00000030h]3_2_0173260B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0173260B mov eax, dword ptr fs:[00000030h]3_2_0173260B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0173260B mov eax, dword ptr fs:[00000030h]3_2_0173260B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0173260B mov eax, dword ptr fs:[00000030h]3_2_0173260B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0179E6F2 mov eax, dword ptr fs:[00000030h]3_2_0179E6F2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0179E6F2 mov eax, dword ptr fs:[00000030h]3_2_0179E6F2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0179E6F2 mov eax, dword ptr fs:[00000030h]3_2_0179E6F2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0179E6F2 mov eax, dword ptr fs:[00000030h]3_2_0179E6F2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017A06F1 mov eax, dword ptr fs:[00000030h]3_2_017A06F1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017A06F1 mov eax, dword ptr fs:[00000030h]3_2_017A06F1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0175A6C7 mov ebx, dword ptr fs:[00000030h]3_2_0175A6C7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0175A6C7 mov eax, dword ptr fs:[00000030h]3_2_0175A6C7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017566B0 mov eax, dword ptr fs:[00000030h]3_2_017566B0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0175C6A6 mov eax, dword ptr fs:[00000030h]3_2_0175C6A6
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01724690 mov eax, dword ptr fs:[00000030h]3_2_01724690
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01724690 mov eax, dword ptr fs:[00000030h]3_2_01724690
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017C4978 mov eax, dword ptr fs:[00000030h]3_2_017C4978
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017C4978 mov eax, dword ptr fs:[00000030h]3_2_017C4978
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017AC97C mov eax, dword ptr fs:[00000030h]3_2_017AC97C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01746962 mov eax, dword ptr fs:[00000030h]3_2_01746962
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01746962 mov eax, dword ptr fs:[00000030h]3_2_01746962
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01746962 mov eax, dword ptr fs:[00000030h]3_2_01746962
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0176096E mov eax, dword ptr fs:[00000030h]3_2_0176096E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0176096E mov edx, dword ptr fs:[00000030h]3_2_0176096E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0176096E mov eax, dword ptr fs:[00000030h]3_2_0176096E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017A0946 mov eax, dword ptr fs:[00000030h]3_2_017A0946
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017F4940 mov eax, dword ptr fs:[00000030h]3_2_017F4940
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017A892A mov eax, dword ptr fs:[00000030h]3_2_017A892A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017B892B mov eax, dword ptr fs:[00000030h]3_2_017B892B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017AC912 mov eax, dword ptr fs:[00000030h]3_2_017AC912
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01718918 mov eax, dword ptr fs:[00000030h]3_2_01718918
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01718918 mov eax, dword ptr fs:[00000030h]3_2_01718918
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0179E908 mov eax, dword ptr fs:[00000030h]3_2_0179E908
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0179E908 mov eax, dword ptr fs:[00000030h]3_2_0179E908
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017529F9 mov eax, dword ptr fs:[00000030h]3_2_017529F9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017529F9 mov eax, dword ptr fs:[00000030h]3_2_017529F9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017AE9E0 mov eax, dword ptr fs:[00000030h]3_2_017AE9E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0172A9D0 mov eax, dword ptr fs:[00000030h]3_2_0172A9D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0172A9D0 mov eax, dword ptr fs:[00000030h]3_2_0172A9D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0172A9D0 mov eax, dword ptr fs:[00000030h]3_2_0172A9D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0172A9D0 mov eax, dword ptr fs:[00000030h]3_2_0172A9D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0172A9D0 mov eax, dword ptr fs:[00000030h]3_2_0172A9D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0172A9D0 mov eax, dword ptr fs:[00000030h]3_2_0172A9D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017549D0 mov eax, dword ptr fs:[00000030h]3_2_017549D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017EA9D3 mov eax, dword ptr fs:[00000030h]3_2_017EA9D3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017B69C0 mov eax, dword ptr fs:[00000030h]3_2_017B69C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017A89B3 mov esi, dword ptr fs:[00000030h]3_2_017A89B3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017A89B3 mov eax, dword ptr fs:[00000030h]3_2_017A89B3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017A89B3 mov eax, dword ptr fs:[00000030h]3_2_017A89B3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017329A0 mov eax, dword ptr fs:[00000030h]3_2_017329A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017329A0 mov eax, dword ptr fs:[00000030h]3_2_017329A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017329A0 mov eax, dword ptr fs:[00000030h]3_2_017329A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017329A0 mov eax, dword ptr fs:[00000030h]3_2_017329A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017329A0 mov eax, dword ptr fs:[00000030h]3_2_017329A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017329A0 mov eax, dword ptr fs:[00000030h]3_2_017329A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017329A0 mov eax, dword ptr fs:[00000030h]3_2_017329A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017329A0 mov eax, dword ptr fs:[00000030h]3_2_017329A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017329A0 mov eax, dword ptr fs:[00000030h]3_2_017329A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017329A0 mov eax, dword ptr fs:[00000030h]3_2_017329A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017329A0 mov eax, dword ptr fs:[00000030h]3_2_017329A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017329A0 mov eax, dword ptr fs:[00000030h]3_2_017329A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017329A0 mov eax, dword ptr fs:[00000030h]3_2_017329A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017209AD mov eax, dword ptr fs:[00000030h]3_2_017209AD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017209AD mov eax, dword ptr fs:[00000030h]3_2_017209AD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017AE872 mov eax, dword ptr fs:[00000030h]3_2_017AE872
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017AE872 mov eax, dword ptr fs:[00000030h]3_2_017AE872
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017B6870 mov eax, dword ptr fs:[00000030h]3_2_017B6870
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017B6870 mov eax, dword ptr fs:[00000030h]3_2_017B6870
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01750854 mov eax, dword ptr fs:[00000030h]3_2_01750854
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01724859 mov eax, dword ptr fs:[00000030h]3_2_01724859
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01724859 mov eax, dword ptr fs:[00000030h]3_2_01724859
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01732840 mov ecx, dword ptr fs:[00000030h]3_2_01732840
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01742835 mov eax, dword ptr fs:[00000030h]3_2_01742835
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01742835 mov eax, dword ptr fs:[00000030h]3_2_01742835
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01742835 mov eax, dword ptr fs:[00000030h]3_2_01742835
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01742835 mov ecx, dword ptr fs:[00000030h]3_2_01742835
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01742835 mov eax, dword ptr fs:[00000030h]3_2_01742835
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01742835 mov eax, dword ptr fs:[00000030h]3_2_01742835
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0175A830 mov eax, dword ptr fs:[00000030h]3_2_0175A830
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017C483A mov eax, dword ptr fs:[00000030h]3_2_017C483A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017C483A mov eax, dword ptr fs:[00000030h]3_2_017C483A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017AC810 mov eax, dword ptr fs:[00000030h]3_2_017AC810
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0175C8F9 mov eax, dword ptr fs:[00000030h]3_2_0175C8F9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0175C8F9 mov eax, dword ptr fs:[00000030h]3_2_0175C8F9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017EA8E4 mov eax, dword ptr fs:[00000030h]3_2_017EA8E4
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0174E8C0 mov eax, dword ptr fs:[00000030h]3_2_0174E8C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017F08C0 mov eax, dword ptr fs:[00000030h]3_2_017F08C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017AC89D mov eax, dword ptr fs:[00000030h]3_2_017AC89D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01720887 mov eax, dword ptr fs:[00000030h]3_2_01720887
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0171CB7E mov eax, dword ptr fs:[00000030h]3_2_0171CB7E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01718B50 mov eax, dword ptr fs:[00000030h]3_2_01718B50
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017F2B57 mov eax, dword ptr fs:[00000030h]3_2_017F2B57
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017F2B57 mov eax, dword ptr fs:[00000030h]3_2_017F2B57
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017F2B57 mov eax, dword ptr fs:[00000030h]3_2_017F2B57
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017F2B57 mov eax, dword ptr fs:[00000030h]3_2_017F2B57
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017CEB50 mov eax, dword ptr fs:[00000030h]3_2_017CEB50
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017D4B4B mov eax, dword ptr fs:[00000030h]3_2_017D4B4B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017D4B4B mov eax, dword ptr fs:[00000030h]3_2_017D4B4B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017B6B40 mov eax, dword ptr fs:[00000030h]3_2_017B6B40
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017B6B40 mov eax, dword ptr fs:[00000030h]3_2_017B6B40
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017EAB40 mov eax, dword ptr fs:[00000030h]3_2_017EAB40
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017C8B42 mov eax, dword ptr fs:[00000030h]3_2_017C8B42
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0174EB20 mov eax, dword ptr fs:[00000030h]3_2_0174EB20
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0174EB20 mov eax, dword ptr fs:[00000030h]3_2_0174EB20
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017E8B28 mov eax, dword ptr fs:[00000030h]3_2_017E8B28
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017E8B28 mov eax, dword ptr fs:[00000030h]3_2_017E8B28
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0179EB1D mov eax, dword ptr fs:[00000030h]3_2_0179EB1D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0179EB1D mov eax, dword ptr fs:[00000030h]3_2_0179EB1D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0179EB1D mov eax, dword ptr fs:[00000030h]3_2_0179EB1D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0179EB1D mov eax, dword ptr fs:[00000030h]3_2_0179EB1D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0179EB1D mov eax, dword ptr fs:[00000030h]3_2_0179EB1D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0179EB1D mov eax, dword ptr fs:[00000030h]3_2_0179EB1D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0179EB1D mov eax, dword ptr fs:[00000030h]3_2_0179EB1D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0179EB1D mov eax, dword ptr fs:[00000030h]3_2_0179EB1D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0179EB1D mov eax, dword ptr fs:[00000030h]3_2_0179EB1D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017F4B00 mov eax, dword ptr fs:[00000030h]3_2_017F4B00
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01728BF0 mov eax, dword ptr fs:[00000030h]3_2_01728BF0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01728BF0 mov eax, dword ptr fs:[00000030h]3_2_01728BF0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01728BF0 mov eax, dword ptr fs:[00000030h]3_2_01728BF0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0174EBFC mov eax, dword ptr fs:[00000030h]3_2_0174EBFC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017ACBF0 mov eax, dword ptr fs:[00000030h]3_2_017ACBF0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017CEBD0 mov eax, dword ptr fs:[00000030h]3_2_017CEBD0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01740BCB mov eax, dword ptr fs:[00000030h]3_2_01740BCB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01740BCB mov eax, dword ptr fs:[00000030h]3_2_01740BCB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01740BCB mov eax, dword ptr fs:[00000030h]3_2_01740BCB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01720BCD mov eax, dword ptr fs:[00000030h]3_2_01720BCD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01720BCD mov eax, dword ptr fs:[00000030h]3_2_01720BCD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01720BCD mov eax, dword ptr fs:[00000030h]3_2_01720BCD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01730BBE mov eax, dword ptr fs:[00000030h]3_2_01730BBE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01730BBE mov eax, dword ptr fs:[00000030h]3_2_01730BBE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017D4BB0 mov eax, dword ptr fs:[00000030h]3_2_017D4BB0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017D4BB0 mov eax, dword ptr fs:[00000030h]3_2_017D4BB0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0179CA72 mov eax, dword ptr fs:[00000030h]3_2_0179CA72
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0179CA72 mov eax, dword ptr fs:[00000030h]3_2_0179CA72
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0175CA6F mov eax, dword ptr fs:[00000030h]3_2_0175CA6F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0175CA6F mov eax, dword ptr fs:[00000030h]3_2_0175CA6F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0175CA6F mov eax, dword ptr fs:[00000030h]3_2_0175CA6F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017CEA60 mov eax, dword ptr fs:[00000030h]3_2_017CEA60
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01726A50 mov eax, dword ptr fs:[00000030h]3_2_01726A50
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01726A50 mov eax, dword ptr fs:[00000030h]3_2_01726A50
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01726A50 mov eax, dword ptr fs:[00000030h]3_2_01726A50
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01726A50 mov eax, dword ptr fs:[00000030h]3_2_01726A50
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01726A50 mov eax, dword ptr fs:[00000030h]3_2_01726A50
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01726A50 mov eax, dword ptr fs:[00000030h]3_2_01726A50
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01726A50 mov eax, dword ptr fs:[00000030h]3_2_01726A50
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01730A5B mov eax, dword ptr fs:[00000030h]3_2_01730A5B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01730A5B mov eax, dword ptr fs:[00000030h]3_2_01730A5B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01744A35 mov eax, dword ptr fs:[00000030h]3_2_01744A35
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01744A35 mov eax, dword ptr fs:[00000030h]3_2_01744A35
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0175CA38 mov eax, dword ptr fs:[00000030h]3_2_0175CA38
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0175CA24 mov eax, dword ptr fs:[00000030h]3_2_0175CA24
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0174EA2E mov eax, dword ptr fs:[00000030h]3_2_0174EA2E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_017ACA11 mov eax, dword ptr fs:[00000030h]3_2_017ACA11
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0175AAEE mov eax, dword ptr fs:[00000030h]3_2_0175AAEE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_0175AAEE mov eax, dword ptr fs:[00000030h]3_2_0175AAEE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01720AD0 mov eax, dword ptr fs:[00000030h]3_2_01720AD0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01754AD0 mov eax, dword ptr fs:[00000030h]3_2_01754AD0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01754AD0 mov eax, dword ptr fs:[00000030h]3_2_01754AD0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01776ACC mov eax, dword ptr fs:[00000030h]3_2_01776ACC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01776ACC mov eax, dword ptr fs:[00000030h]3_2_01776ACC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01776ACC mov eax, dword ptr fs:[00000030h]3_2_01776ACC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01728AA0 mov eax, dword ptr fs:[00000030h]3_2_01728AA0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01728AA0 mov eax, dword ptr fs:[00000030h]3_2_01728AA0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeCode function: 3_2_01776AA4 mov eax, dword ptr fs:[00000030h]3_2_01776AA4
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeMemory allocated: page read and write | page guardJump to behavior

          HIPS / PFW / Operating System Protection Evasion

          barindex
          Injects a PE file into a foreign processes
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeMemory written: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exe base: 400000 value starts with: 4D5AJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exe"Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
          Source: Amcache.hve.6.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
          Source: Amcache.hve.6.drBinary or memory string: msmpeng.exe
          Source: Amcache.hve.6.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
          Source: Amcache.hve.6.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23090.2008-0\msmpeng.exe
          Source: Amcache.hve.6.drBinary or memory string: MsMpEng.exe

          Stealing of Sensitive Information

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 3.2.SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.2.SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000003.00000002.1500085807.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY

          Remote Access Functionality

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 3.2.SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.2.SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000003.00000002.1500085807.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY

          Mitre Att&ck Matrix

          ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
          Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
          DLL Side-Loading          		111
          Process Injection          		1
          Masquerading          		OS Credential Dumping31
          Security Software Discovery          		Remote Services1
          Archive Collected Data          		1
          Encrypted Channel          		Exfiltration Over Other Network MediumAbuse Accessibility Features
          CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
          DLL Side-Loading          		1
          Disable or Modify Tools          		LSASS Memory1
          Process Discovery          		Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
          Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)41
          Virtualization/Sandbox Evasion          		Security Account Manager41
          Virtualization/Sandbox Evasion          		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
          Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook111
          Process Injection          		NTDS12
          System Information Discovery          		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
          Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
          Deobfuscate/Decode Files or Information          		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
          Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts4
          Obfuscated Files or Information          		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
          DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items12
          Software Packing          		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
          Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
          DLL Side-Loading          		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exe39%ReversingLabsByteCode-MSIL.Trojan.Generic
          SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exe100%Joe Sandbox ML

          Dropped Files

          No Antivirus matches

          Unpacked PE Files

          No Antivirus matches

          Domains

          No Antivirus matches

          URLs

          SourceDetectionScannerLabelLink
          http://upx.sf.net0%URL Reputationsafe

          Domains and IPs

          Contacted Domains

          No contacted domains info

          URLs from Memory and Binaries

          NameSourceMaliciousAntivirus DetectionReputation
          http://upx.sf.netAmcache.hve.6.drfalse
          • URL Reputation: safe
          		unknown

          World Map of Contacted IPs

          No contacted IP infos

          General Information

          Joe Sandbox version:41.0.0 Charoite
          Analysis ID:1546602
          Start date and time:2024-11-01 08:23:07 +01:00
          Joe Sandbox product:CloudBasic
          Overall analysis duration:0h 6m 1s
          Hypervisor based Inspection enabled:false
          Report type:full
          Cookbook file name:default.jbs
          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
          Number of analysed new started processes analysed:12
          Number of new started drivers analysed:0
          Number of existing processes analysed:0
          Number of existing drivers analysed:0
          Number of injected processes analysed:0
          Technologies:
          • HCA enabled
          • EGA enabled
          • AMSI enabled
          Analysis Mode:default
          Analysis stop reason:Timeout
          Sample name:SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exe
          Detection:MAL
          Classification:mal80.troj.evad.winEXE@4/6@0/0
          EGA Information:
          • Successful, ratio: 100%
          HCA Information:
          • Successful, ratio: 98%
          • Number of executed functions: 42
          • Number of non-executed functions: 282
          Cookbook Comments:
          • Found application associated with file extension: .exe

          Warnings

          • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
          • Excluded IPs from analysis (whitelisted): 20.42.65.92, 20.42.73.29
          • Excluded domains from analysis (whitelisted): fs.microsoft.com, onedsblobprdeus17.eastus.cloudapp.azure.com, ocsp.digicert.com, otelrules.azureedge.net, login.live.com, slscr.update.microsoft.com, blobcollector.events.data.trafficmanager.net, onedsblobprdeus15.eastus.cloudapp.azure.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
          • Not all processes where analyzed, report is missing behavior information
          • VT rate limit hit for: SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exe

          Simulations

          Behavior and APIs

          TimeTypeDescription
          03:23:56API Interceptor2x Sleep call for process: SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exe modified
          03:24:14API Interceptor1x Sleep call for process: WerFault.exe modified

          Joe Sandbox View / Context

          IPs

          No context

          Domains

          No context

          ASNs

          No context

          JA3 Fingerprints

          No context

          Dropped Files

          No context

          Created / dropped Files

          C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_SecuriteInfo.com_9d37165d566cda7f9f5226822267a83bf9f9dc0_2c478989_8cf7d0dd-4bb6-4915-b0e9-ec34a2b367be\Report.wer

          Download File
          Process:C:\Windows\SysWOW64\WerFault.exe
          File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
          Category:dropped
          Size (bytes):65536
          Entropy (8bit):0.6647753896098305
          Encrypted:false
          SSDEEP:192:6sdqMA7MQN50BU/H3W37jlzuiFiZ24IO8w31:Nq3MPBU/IjlzuiFiY4IO8S
          MD5:45B27B4C61C704404A1538A22BA85781
          SHA1:3CBBDBE8A9392010EFD9870D951EDFD52EB1E70C
          SHA-256:5618DD5A39ECA9EFE5A290EA4437F875A35B7EEA4AE6E07229703DA779DEADDF
          SHA-512:7D52D687C00D74A032B62F74D6E24301685F71D5C8CF9E0ECEAFCA8A77DEC971497D10CC3C148F62E360E245E8F66622122327A024E19FC79C65E179F9C282F8
          Malicious:false
          Reputation:low
          Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.4.9.1.9.4.4.9.2.5.8.7.0.1.2.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.4.9.1.9.4.4.9.5.3.9.9.5.1.3.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.8.c.f.7.d.0.d.d.-.4.b.b.6.-.4.9.1.5.-.b.0.e.9.-.e.c.3.4.a.2.b.3.6.7.b.e.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.7.6.d.a.1.9.d.f.-.3.5.a.1.-.4.2.3.3.-.b.7.a.0.-.1.f.2.f.7.6.1.b.1.9.9.1.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.S.e.c.u.r.i.t.e.I.n.f.o...c.o.m...W.i.n.3.2...P.W.S.X.-.g.e.n...1.5.7.7.9...2.9.5.1.0...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.L.G.X.n...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.e.7.4.-.0.0.0.1.-.0.0.1.4.-.5.7.c.2.-.2.4.0.4.2.f.2.c.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.2.0.d.9.1.4.5.d.f.1.1.6.8.5.6.a.7.0.c.4.e.2.8.a.6.9.6.b.c.d.c.5.0.0.0.0.0.0.0.0.!.0.0.0.0.1.a.4.9.c.2.

          C:\ProgramData\Microsoft\Windows\WER\Temp\WEREDFB.tmp.dmp

          Download File
          Process:C:\Windows\SysWOW64\WerFault.exe
          File Type:Mini DuMP crash report, 14 streams, Fri Nov 1 07:24:09 2024, 0x1205a4 type
          Category:dropped
          Size (bytes):24278
          Entropy (8bit):1.847759794441937
          Encrypted:false
          SSDEEP:96:5N8owkLpyizy/b8EqNdhZi75dhyYYncpqyESBzWa7bk5WIkWIEzI5fCiAn81a:Uo/0tD0LZO5L9X5E6Sa7bk2qiAV
          MD5:10446A4C58623B46CD9201818BD11169
          SHA1:20D09AE249B85A58EC3D74F7449F2A1892A81381
          SHA-256:4FC9532DA355A6771A39B745B6F54331D5F216ABACD49097BBDE2B6E31466A9A
          SHA-512:BDA71A4D47F5747975947BEB622DB1304C57E7A72F81E488E414174B6B3D7EC354AF9275B6E37C6E2E5B200DD066AD69F8EBE1DFF3FE8C10F79F104B77F4023E
          Malicious:false
          Reputation:low
          Preview:MDMP..a..... .........$g............4...............<.......T...(...........T.......8...........T...........0....V......................................................................................................eJ......L.......GenuineIntel............T.......t.....$g.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\ProgramData\Microsoft\Windows\WER\Temp\WEREE4A.tmp.WERInternalMetadata.xml

          Download File
          Process:C:\Windows\SysWOW64\WerFault.exe
          File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
          Category:dropped
          Size (bytes):6486
          Entropy (8bit):3.726208763185519
          Encrypted:false
          SSDEEP:192:R6l7wVeJyWo6OFY+j9PRTprO89bHwsfVtm:R6lXJU6OFY8pHDfe
          MD5:3446DE32233F406347D887CE0AE1BB75
          SHA1:75FD45B56A148300A45836648C35CEF85F89B716
          SHA-256:26AE904EA231B08CC06475307958B9A634F060BA9689C932AB57D2A669E3FD1A
          SHA-512:AD17943C49C5E871C4245FA9A192304B5E292011F334126C217755A57A9EBC952662299C029494327D662CBD1E1E3C20CC6C5E3420BB1869FF4D05AD9CFCA421
          Malicious:false
          Reputation:low
          Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.7.7.9.6.<./.P.i.

          C:\ProgramData\Microsoft\Windows\WER\Temp\WEREE89.tmp.xml

          Download File
          Process:C:\Windows\SysWOW64\WerFault.exe
          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
          Category:dropped
          Size (bytes):4869
          Entropy (8bit):4.572045871622512
          Encrypted:false
          SSDEEP:48:cvIwWl8zs2Jg77aI9s/WpW8VYF7Ym8M4JEyVy+CSZy3BYFO+q81ysaay5hxoB1hD:uIjfMI72u7V2eJEJDT7I1hV+Ard
          MD5:7F2A35DA74CB4A45AECE5514BECF3B03
          SHA1:A334EBC9D8DDEE581CE87379DADCC66A94EF7FFB
          SHA-256:3C8037A166C1C1B83764AB825D455D6F48298CDB8F8AD635BF6C1639F3B3D7C9
          SHA-512:31A8138C5E663D8A1BC1BDC2EE6AAA7C8BB0C233D3EB09380F524DA5BD57A0AB8FAF37E281DF4D398BF56A9C3BEF0337B17D1970C90E635166DA14D1B6A011F3
          Malicious:false
          Reputation:low
          Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="568706" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

          C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exe.log

          Download File
          Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exe
          File Type:ASCII text, with CRLF line terminators
          Category:dropped
          Size (bytes):1216
          Entropy (8bit):5.34331486778365
          Encrypted:false
          SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
          MD5:1330C80CAAC9A0FB172F202485E9B1E8
          SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
          SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
          SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
          Malicious:true
          Reputation:high, very likely benign file
          Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

          C:\Windows\appcompat\Programs\Amcache.hve

          Download File
          Process:C:\Windows\SysWOW64\WerFault.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):1835008
          Entropy (8bit):4.394318064521994
          Encrypted:false
          SSDEEP:6144:tl4fiJoH0ncNXiUjt10q8G/gaocYGBoaUMMhA2NX4WABlBuNALOBSqa:j4vF8MYQUMM6VFYSLU
          MD5:4F015F455F121DFF3EF3CBDDB6EB10BD
          SHA1:D191D26AC08CFC0000DB1DA405CD397EB5B727E3
          SHA-256:52DCE9FFE61B1A3AEAF96DE05F7213ECC19FB09068A1735629292304AFC7BA9E
          SHA-512:6AA7B5208BA1C6BB5F9A6361311CABEBA864C9B00D82CD89EA8B2A0CB1925AD7DF17EAB977147FF81CF9D974FE7B8A4C8E9E9ADCE83FCCED3552F89602940717
          Malicious:false
          Reputation:low
          Preview:regfG...G....\.Z.................... ....`......\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtmB.../,................................................................................................................................................................................................................................................................................................................................................>........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          Static File Info

          General

          File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
          Entropy (8bit):7.091643210006368
          TrID:
          • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
          • Win32 Executable (generic) a (10002005/4) 49.78%
          • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
          • Generic Win/DOS Executable (2004/3) 0.01%
          • DOS Executable Generic (2002/1) 0.01%
          File name:SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exe
          File size:1'049'600 bytes
          MD5:e9dd7735e683f61b80c4bddfcffaee1d
          SHA1:1a49c2fb7733bfe1833aa1164ae39f096cc9dc0f
          SHA256:2d34439b88bca48219791ac13393ba7a2a7c7b3d80d6ad25fa7fb1967ae4fd44
          SHA512:fb67cc88b8e40b9471a6a16686bdca65f033fc0eb316192b140cceda2c1b9b3d046af4f827585896a46da50bfdfb65bbd56a72a2cfbb1857ecdc426295810068
          SSDEEP:24576:2jfVLijKZXgeVgFwZJ83NWMspiT3suPb+4:2jfVWjK5geVGwZ+ELIf9
          TLSH:99257BE076A2E736DC5D2770B018CD7C92611E2870D475922EE93FAB3DBE2919938F11
          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....Z$g..............0.............*.... ... ....@.. .......................`............@................................

          File Icon

          Icon Hash:b5b58182aaa8aa82

          Static PE Info

          General

          Entrypoint:0x50072a
          Entrypoint Section:.text
          Digitally signed:false
          Imagebase:0x400000
          Subsystem:windows gui
          Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
          DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
          Time Stamp:0x67245A88 [Fri Nov 1 04:35:20 2024 UTC]
          TLS Callbacks:
          CLR (.Net) Version:
          OS Version Major:4
          OS Version Minor:0
          File Version Major:4
          File Version Minor:0
          Subsystem Version Major:4
          Subsystem Version Minor:0
          Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

          Entrypoint Preview

          Instruction
          jmp dword ptr [00402000h]
          push ebx
          add byte ptr [ecx+00h], bh
          jnc 00007FC4C4E6C462h
          je 00007FC4C4E6C462h
          add byte ptr [ebp+00h], ch
          add byte ptr [ecx+00h], al
          arpl word ptr [eax], ax
          je 00007FC4C4E6C462h
          imul eax, dword ptr [eax], 00610076h
          je 00007FC4C4E6C462h
          outsd
          add byte ptr [edx+00h], dh
          dec ebp
          add byte ptr [ebp+00h], ah
          insd
          add byte ptr [edi+00h], ch
          jc 00007FC4C4E6C462h
          imul eax, dword ptr [eax], 00000000h
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al

          Data Directories

          NameVirtual AddressVirtual Size Is in Section
          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
          IMAGE_DIRECTORY_ENTRY_IMPORT0x1006d80x4f.text
          IMAGE_DIRECTORY_ENTRY_RESOURCE0x1020000x1618.rsrc
          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
          IMAGE_DIRECTORY_ENTRY_BASERELOC0x1040000xc.reloc
          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
          IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

          Sections

          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
          .text0x20000xfe7600xfe8003f2cc9372add4bc7659001cd7265640eFalse0.7351472326252456data7.095259259275497IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          .rsrc0x1020000x16180x1800dab8ea15c945a6536342d1816ff27610False0.7291666666666666data6.793928267063121IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
          .reloc0x1040000xc0x200852db60556c05c910ce67c89fd823cd5False0.044921875data0.08153941234324169IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

          Resources

          NameRVASizeTypeLanguageCountryZLIB Complexity
          RT_ICON0x1020c80x1218PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.8698186528497409
          RT_GROUP_ICON0x1032f00x14data1.05
          RT_VERSION0x1033140x300MacBinary, comment length 97, char. code 0x69, total length 1711304448, Wed Mar 28 22:22:24 2040 INVALID date, modified Tue Feb 7 01:41:58 2040, creator ' ' "4"0.453125

          Imports

          DLLImport
          mscoree.dll_CorExeMain

          Network Behavior

          No network behavior found

          Statistics

          CPU Usage

          Click to jump to process

          Memory Usage

          Click to jump to process

          High Level Behavior Distribution

          Click to dive into process behavior distribution

          Behavior

          Click to jump to process

          System Behavior

          General

          Target ID:0
          Start time:03:23:55
          Start date:01/11/2024
          Path:C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exe
          Wow64 process (32bit):true
          Commandline:"C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exe"
          Imagebase:0xc90000
          File size:1'049'600 bytes
          MD5 hash:E9DD7735E683F61B80C4BDDFCFFAEE1D
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Reputation:low
          Has exited:true

          General

          Target ID:3
          Start time:03:23:58
          Start date:01/11/2024
          Path:C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exe
          Wow64 process (32bit):true
          Commandline:"C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.15779.29510.exe"
          Imagebase:0xb70000
          File size:1'049'600 bytes
          MD5 hash:E9DD7735E683F61B80C4BDDFCFFAEE1D
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Yara matches:
          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.1500085807.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
          Reputation:low
          Has exited:true

          General

          Target ID:6
          Start time:03:24:09
          Start date:01/11/2024
          Path:C:\Windows\SysWOW64\WerFault.exe
          Wow64 process (32bit):true
          Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 7796 -s 200
          Imagebase:0xde0000
          File size:483'680 bytes
          MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Reputation:high
          Has exited:true

          Disassembly

          Reset < >

            Execution Graph

            Execution Coverage:8.7%
            Dynamic/Decrypted Code Coverage:100%
            Signature Coverage:0%
            Total number of Nodes:197
            Total number of Limit Nodes:8
            execution_graph 37035 5b06e60 CloseHandle 37036 5b06ecf 37035->37036 36940 77a9a38 36942 77a9a3b 36940->36942 36941 77a9bc3 36942->36941 36944 77a07f8 36942->36944 36945 77a9cb8 PostMessageW 36944->36945 36947 77a9d24 36945->36947 36947->36942 36948 16b4668 36949 16b4672 36948->36949 36953 16b4758 36948->36953 36958 16b3e28 36949->36958 36951 16b468d 36954 16b475d 36953->36954 36962 16b4868 36954->36962 36966 16b4858 36954->36966 36959 16b3e33 36958->36959 36974 16b5c74 36959->36974 36961 16b6ffa 36961->36951 36963 16b488f 36962->36963 36964 16b496c 36963->36964 36970 16b44b0 36963->36970 36964->36964 36967 16b4868 36966->36967 36968 16b496c 36967->36968 36969 16b44b0 CreateActCtxA 36967->36969 36969->36968 36971 16b58f8 CreateActCtxA 36970->36971 36973 16b59bb 36971->36973 36973->36973 36975 16b5c7f 36974->36975 36978 16b5c94 36975->36978 36977 16b722d 36977->36961 36979 16b5c99 36978->36979 36982 16b5cc4 36979->36982 36981 16b7302 36981->36977 36983 16b5ccf 36982->36983 36986 16b5cf4 36983->36986 36985 16b7405 36985->36981 36987 16b5cff 36986->36987 36989 16b870b 36987->36989 36993 16badb9 36987->36993 36988 16b8749 36988->36985 36989->36988 36997 16bcea0 36989->36997 37003 16bceb0 36989->37003 37008 16bade1 36993->37008 37011 16badf0 36993->37011 36994 16badce 36994->36989 36998 16bce55 36997->36998 37000 16bcea6 36997->37000 36998->36988 36999 16bcef5 36999->36988 37000->36999 37019 16bd170 37000->37019 37023 16bd180 37000->37023 37004 16bced1 37003->37004 37005 16bcef5 37004->37005 37006 16bd170 GetModuleHandleW 37004->37006 37007 16bd180 GetModuleHandleW 37004->37007 37005->36988 37006->37005 37007->37005 37014 16baed7 37008->37014 37009 16badff 37009->36994 37012 16badff 37011->37012 37013 16baed7 GetModuleHandleW 37011->37013 37012->36994 37013->37012 37015 16baf1c 37014->37015 37016 16baef9 37014->37016 37015->37009 37016->37015 37017 16bb120 GetModuleHandleW 37016->37017 37018 16bb14d 37017->37018 37018->37009 37020 16bd180 37019->37020 37021 16bd1c7 37020->37021 37027 16bb468 37020->37027 37021->36999 37024 16bd18d 37023->37024 37025 16bd1c7 37024->37025 37026 16bb468 GetModuleHandleW 37024->37026 37025->36999 37026->37025 37028 16bb46d 37027->37028 37030 16bdee0 37028->37030 37031 16bdaa0 37028->37031 37030->37030 37032 16bdaab 37031->37032 37033 16b5cf4 GetModuleHandleW 37032->37033 37034 16bdf4f 37033->37034 37034->37030 37037 16bd298 37038 16bd2de 37037->37038 37042 16bd478 37038->37042 37045 16bd467 37038->37045 37039 16bd3cb 37049 16bb530 37042->37049 37046 16bd478 37045->37046 37047 16bb530 DuplicateHandle 37046->37047 37048 16bd4a6 37047->37048 37048->37039 37050 16bd4e0 DuplicateHandle 37049->37050 37051 16bd4a6 37050->37051 37051->37039 37052 77a8085 37053 77a7fa8 37052->37053 37054 77a7ece 37053->37054 37057 77a88b0 37053->37057 37074 77a88c0 37053->37074 37058 77a88da 37057->37058 37061 77a88fe 37058->37061 37091 77a8cf8 37058->37091 37096 77a8de6 37058->37096 37100 77a96ef 37058->37100 37104 77a8f6e 37058->37104 37109 77a8d88 37058->37109 37114 77a8d15 37058->37114 37118 77a97f4 37058->37118 37123 77a9137 37058->37123 37128 77a8eb7 37058->37128 37133 77a8c76 37058->37133 37137 77a8ff1 37058->37137 37142 77a9231 37058->37142 37147 77a8ef1 37058->37147 37151 77a9299 37058->37151 37061->37054 37075 77a88da 37074->37075 37076 77a8cf8 2 API calls 37075->37076 37077 77a9299 2 API calls 37075->37077 37078 77a88fe 37075->37078 37079 77a8ef1 2 API calls 37075->37079 37080 77a9231 2 API calls 37075->37080 37081 77a8ff1 2 API calls 37075->37081 37082 77a8c76 2 API calls 37075->37082 37083 77a8eb7 2 API calls 37075->37083 37084 77a9137 2 API calls 37075->37084 37085 77a97f4 2 API calls 37075->37085 37086 77a8d15 2 API calls 37075->37086 37087 77a8d88 2 API calls 37075->37087 37088 77a8f6e 2 API calls 37075->37088 37089 77a96ef 2 API calls 37075->37089 37090 77a8de6 2 API calls 37075->37090 37076->37078 37077->37078 37078->37054 37079->37078 37080->37078 37081->37078 37082->37078 37083->37078 37084->37078 37085->37078 37086->37078 37087->37078 37088->37078 37089->37078 37090->37078 37092 77a8d0f 37091->37092 37093 77a9010 37092->37093 37156 77a7258 37092->37156 37160 77a7260 37092->37160 37093->37061 37098 77a7258 Wow64SetThreadContext 37096->37098 37099 77a7260 Wow64SetThreadContext 37096->37099 37097 77a8ce4 37097->37061 37098->37097 37099->37097 37101 77a8c79 37100->37101 37101->37100 37164 77a7ab8 37101->37164 37168 77a7aac 37101->37168 37105 77a8f86 37104->37105 37172 77a7829 37105->37172 37176 77a7830 37105->37176 37106 77a8f4b 37106->37061 37110 77a8d95 37109->37110 37112 77a7829 WriteProcessMemory 37110->37112 37113 77a7830 WriteProcessMemory 37110->37113 37111 77a8f4b 37111->37061 37112->37111 37113->37111 37180 77a7918 37114->37180 37184 77a7920 37114->37184 37115 77a8cd8 37115->37061 37119 77a9798 37118->37119 37120 77a8c79 37118->37120 37119->37061 37121 77a7ab8 CreateProcessA 37120->37121 37122 77a7aac CreateProcessA 37120->37122 37121->37120 37122->37120 37124 77a915a 37123->37124 37126 77a7829 WriteProcessMemory 37124->37126 37127 77a7830 WriteProcessMemory 37124->37127 37125 77a9455 37126->37125 37127->37125 37129 77a8ec0 37128->37129 37130 77a8e87 37129->37130 37131 77a7829 WriteProcessMemory 37129->37131 37132 77a7830 WriteProcessMemory 37129->37132 37130->37061 37131->37129 37132->37129 37134 77a8c79 37133->37134 37135 77a7ab8 CreateProcessA 37134->37135 37136 77a7aac CreateProcessA 37134->37136 37135->37134 37136->37134 37138 77a8ff5 37137->37138 37140 77a7258 Wow64SetThreadContext 37138->37140 37141 77a7260 Wow64SetThreadContext 37138->37141 37139 77a9010 37139->37061 37140->37139 37141->37139 37143 77a9237 37142->37143 37188 77a71a8 37143->37188 37192 77a71b0 37143->37192 37144 77a91c5 37144->37061 37196 77a7769 37147->37196 37200 77a7770 37147->37200 37148 77a8f0f 37152 77a9248 37151->37152 37153 77a91c5 37152->37153 37154 77a71a8 ResumeThread 37152->37154 37155 77a71b0 ResumeThread 37152->37155 37153->37061 37154->37153 37155->37153 37157 77a72a5 Wow64SetThreadContext 37156->37157 37159 77a72ed 37157->37159 37159->37093 37161 77a72a5 Wow64SetThreadContext 37160->37161 37163 77a72ed 37161->37163 37163->37093 37165 77a7abb CreateProcessA 37164->37165 37167 77a7d03 37165->37167 37169 77a7ab4 CreateProcessA 37168->37169 37171 77a7d03 37169->37171 37173 77a7830 WriteProcessMemory 37172->37173 37175 77a78cf 37173->37175 37175->37106 37177 77a7878 WriteProcessMemory 37176->37177 37179 77a78cf 37177->37179 37179->37106 37181 77a7920 ReadProcessMemory 37180->37181 37183 77a79af 37181->37183 37183->37115 37185 77a796b ReadProcessMemory 37184->37185 37187 77a79af 37185->37187 37187->37115 37189 77a71b0 ResumeThread 37188->37189 37191 77a7221 37189->37191 37191->37144 37193 77a71f0 ResumeThread 37192->37193 37195 77a7221 37193->37195 37195->37144 37197 77a7770 VirtualAllocEx 37196->37197 37199 77a77ed 37197->37199 37199->37148 37201 77a77b0 VirtualAllocEx 37200->37201 37203 77a77ed 37201->37203 37203->37148

            Executed Functions

            Function 077AAEA8 Relevance: .7, Instructions: 658COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1345266454.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_77a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 7d7af74d2e864285aba7f512ba646c5d38d45cee973ebbe661cbd22c6a40c032
            • Instruction ID: 75405d78249aeda9e738fbf81a457e225db7404d78d42c9f14fc1703b25e40b5
            • Opcode Fuzzy Hash: 7d7af74d2e864285aba7f512ba646c5d38d45cee973ebbe661cbd22c6a40c032
            • Instruction Fuzzy Hash: D1329CB1B01205AFEB19DBA5C890BAEB7F7AFC9240F14856DE0069B3A1CB34DD41CB51
            Function 05B0B360 Relevance: .5, Instructions: 506COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1344440027.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_5b00000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 5d481d98d7555350024d2efb306a6b4e1dd65da7a435c82830651af3661eb46a
            • Instruction ID: 9b2c8a93e4a1de7b7b13bd8a823329d075a067db469e51ebbf35fc80df343afb
            • Opcode Fuzzy Hash: 5d481d98d7555350024d2efb306a6b4e1dd65da7a435c82830651af3661eb46a
            • Instruction Fuzzy Hash: E5427174E11229CFDB64CF69C984B9DBBB2FF48311F1491A9E809A7355DB30AA81CF50
            Function 05B0A090 Relevance: .5, Instructions: 482COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1344440027.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_5b00000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 1dce70e7101268adef0881f54365babe7e7d9ef8d4f042b2b44631f955aaa560
            • Instruction ID: 466bfbb8f203330aaa8d830b091490664ff61205004c2bd15d448bfe17eb916a
            • Opcode Fuzzy Hash: 1dce70e7101268adef0881f54365babe7e7d9ef8d4f042b2b44631f955aaa560
            • Instruction Fuzzy Hash: 2D32C174A00319CFEB64DFA8C584A8EFBB2FF48211F55D5A9C448AB251CB30E985CF65
            Function 05B0B359 Relevance: .1, Instructions: 147COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1344440027.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_5b00000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 1ab6bfaec30adce381e5cca81834ab8602c28ec3bf93bc341652be9495bd0172
            • Instruction ID: 8b4fd7b7e9deb68589469a9468736f2f7efd84e7f3a2df1afb829949f9076bca
            • Opcode Fuzzy Hash: 1ab6bfaec30adce381e5cca81834ab8602c28ec3bf93bc341652be9495bd0172
            • Instruction Fuzzy Hash: 65619575E11218DFEB18CF5AD994B9DBBF2FF88300F1481A9D809A7254DB31A945CF50
            Function 05B0A080 Relevance: .1, Instructions: 109COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1344440027.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_5b00000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 1fa9647475222d83a51beebd5a02244fad2c11f7c3ee183e48813700bbb13177
            • Instruction ID: 6705db8e6bed7cdcab615f70382632512e99b3bdb6ae58fed96995f5fbed4c7e
            • Opcode Fuzzy Hash: 1fa9647475222d83a51beebd5a02244fad2c11f7c3ee183e48813700bbb13177
            • Instruction Fuzzy Hash: EA41E871E006198FEB58CFAAC9417DEBBB3BF88300F10C4AAC458A7255EB301A858F51
            Function 077A7AAC Relevance: 1.8, APIs: 1, Instructions: 252processCOMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 51 77a7aac-77a7ab2 52 77a7abb-77a7b4d 51->52 53 77a7ab4-77a7ab9 51->53 56 77a7b4f-77a7b59 52->56 57 77a7b86-77a7ba6 52->57 53->52 56->57 58 77a7b5b-77a7b5d 56->58 62 77a7ba8-77a7bb2 57->62 63 77a7bdf-77a7c0e 57->63 59 77a7b5f-77a7b69 58->59 60 77a7b80-77a7b83 58->60 64 77a7b6b 59->64 65 77a7b6d-77a7b7c 59->65 60->57 62->63 66 77a7bb4-77a7bb6 62->66 73 77a7c10-77a7c1a 63->73 74 77a7c47-77a7d01 CreateProcessA 63->74 64->65 65->65 67 77a7b7e 65->67 68 77a7bb8-77a7bc2 66->68 69 77a7bd9-77a7bdc 66->69 67->60 71 77a7bc6-77a7bd5 68->71 72 77a7bc4 68->72 69->63 71->71 75 77a7bd7 71->75 72->71 73->74 76 77a7c1c-77a7c1e 73->76 85 77a7d0a-77a7d90 74->85 86 77a7d03-77a7d09 74->86 75->69 78 77a7c20-77a7c2a 76->78 79 77a7c41-77a7c44 76->79 80 77a7c2e-77a7c3d 78->80 81 77a7c2c 78->81 79->74 80->80 83 77a7c3f 80->83 81->80 83->79 96 77a7d92-77a7d96 85->96 97 77a7da0-77a7da4 85->97 86->85 96->97 98 77a7d98 96->98 99 77a7da6-77a7daa 97->99 100 77a7db4-77a7db8 97->100 98->97 99->100 101 77a7dac 99->101 102 77a7dba-77a7dbe 100->102 103 77a7dc8-77a7dcc 100->103 101->100 102->103 104 77a7dc0 102->104 105 77a7dde-77a7de5 103->105 106 77a7dce-77a7dd4 103->106 104->103 107 77a7dfc 105->107 108 77a7de7-77a7df6 105->108 106->105 110 77a7dfd 107->110 108->107 110->110
            APIs
            • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 077A7CEE
            Memory Dump Source
            • Source File: 00000000.00000002.1345266454.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_77a0000_SecuriteInfo.jbxd
            Similarity
            • API ID: CreateProcess
            • String ID:
            • API String ID: 963392458-0
            • Opcode ID: 4e60bffd560b06004f969ee4891b23e5ad70d66d67cbed3a468f49b8bafb3f4a
            • Instruction ID: 3c5e52604d746b5aed1f9d1b3cc3aa490f28139a786ae1834a4d2cbb042280dc
            • Opcode Fuzzy Hash: 4e60bffd560b06004f969ee4891b23e5ad70d66d67cbed3a468f49b8bafb3f4a
            • Instruction Fuzzy Hash: 90A14CB1D0031A9FEB14CF68C881BEDBBB6BF85354F148669D808A7240D7749985CF91
            Function 077A7AB8 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 111 77a7ab8-77a7b4d 114 77a7b4f-77a7b59 111->114 115 77a7b86-77a7ba6 111->115 114->115 116 77a7b5b-77a7b5d 114->116 120 77a7ba8-77a7bb2 115->120 121 77a7bdf-77a7c0e 115->121 117 77a7b5f-77a7b69 116->117 118 77a7b80-77a7b83 116->118 122 77a7b6b 117->122 123 77a7b6d-77a7b7c 117->123 118->115 120->121 124 77a7bb4-77a7bb6 120->124 131 77a7c10-77a7c1a 121->131 132 77a7c47-77a7d01 CreateProcessA 121->132 122->123 123->123 125 77a7b7e 123->125 126 77a7bb8-77a7bc2 124->126 127 77a7bd9-77a7bdc 124->127 125->118 129 77a7bc6-77a7bd5 126->129 130 77a7bc4 126->130 127->121 129->129 133 77a7bd7 129->133 130->129 131->132 134 77a7c1c-77a7c1e 131->134 143 77a7d0a-77a7d90 132->143 144 77a7d03-77a7d09 132->144 133->127 136 77a7c20-77a7c2a 134->136 137 77a7c41-77a7c44 134->137 138 77a7c2e-77a7c3d 136->138 139 77a7c2c 136->139 137->132 138->138 141 77a7c3f 138->141 139->138 141->137 154 77a7d92-77a7d96 143->154 155 77a7da0-77a7da4 143->155 144->143 154->155 156 77a7d98 154->156 157 77a7da6-77a7daa 155->157 158 77a7db4-77a7db8 155->158 156->155 157->158 159 77a7dac 157->159 160 77a7dba-77a7dbe 158->160 161 77a7dc8-77a7dcc 158->161 159->158 160->161 162 77a7dc0 160->162 163 77a7dde-77a7de5 161->163 164 77a7dce-77a7dd4 161->164 162->161 165 77a7dfc 163->165 166 77a7de7-77a7df6 163->166 164->163 168 77a7dfd 165->168 166->165 168->168
            APIs
            • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 077A7CEE
            Memory Dump Source
            • Source File: 00000000.00000002.1345266454.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_77a0000_SecuriteInfo.jbxd
            Similarity
            • API ID: CreateProcess
            • String ID:
            • API String ID: 963392458-0
            • Opcode ID: 1d3504aebe0bd4f0f36f06c59d382559176d68ef01b7cbafd40c666206291484
            • Instruction ID: 0390405e6e267013ec0466a35a93fc68f3800d17ae38d17d54741374d7303629
            • Opcode Fuzzy Hash: 1d3504aebe0bd4f0f36f06c59d382559176d68ef01b7cbafd40c666206291484
            • Instruction Fuzzy Hash: 58915CB1D0031ADFEB14CF68C841BEDBBB6BF89354F148669D808A7240DB749985CF91
            Function 016BAED7 Relevance: 1.7, APIs: 1, Instructions: 202COMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 169 16baed7-16baef7 170 16baef9-16baf06 call 16ba274 169->170 171 16baf23-16baf27 169->171 176 16baf08 170->176 177 16baf1c 170->177 173 16baf3b-16baf7c 171->173 174 16baf29-16baf33 171->174 180 16baf89-16baf97 173->180 181 16baf7e-16baf86 173->181 174->173 224 16baf0e call 16bb571 176->224 225 16baf0e call 16bb540 176->225 226 16baf0e call 16bb580 176->226 177->171 182 16bafbb-16bafbd 180->182 183 16baf99-16baf9e 180->183 181->180 188 16bafc0-16bafc7 182->188 185 16bafa9 183->185 186 16bafa0-16bafa7 call 16ba280 183->186 184 16baf14-16baf16 184->177 187 16bb058-16bb118 184->187 190 16bafab-16bafb9 185->190 186->190 219 16bb11a-16bb11d 187->219 220 16bb120-16bb14b GetModuleHandleW 187->220 191 16bafc9-16bafd1 188->191 192 16bafd4-16bafdb 188->192 190->188 191->192 194 16bafe8-16baff1 call 16ba290 192->194 195 16bafdd-16bafe5 192->195 200 16baffe-16bb003 194->200 201 16baff3-16baffb 194->201 195->194 202 16bb021-16bb02e 200->202 203 16bb005-16bb00c 200->203 201->200 210 16bb051-16bb057 202->210 211 16bb030-16bb04e 202->211 203->202 205 16bb00e-16bb01e call 16ba2a0 call 16ba2b0 203->205 205->202 211->210 219->220 221 16bb14d-16bb153 220->221 222 16bb154-16bb168 220->222 221->222 224->184 225->184 226->184
            APIs
            • GetModuleHandleW.KERNELBASE(00000000), ref: 016BB13E
            Memory Dump Source
            • Source File: 00000000.00000002.1341187162.00000000016B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016B0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_16b0000_SecuriteInfo.jbxd
            Similarity
            • API ID: HandleModule
            • String ID:
            • API String ID: 4139908857-0
            • Opcode ID: 2833660934ff2f2ceba23027acc8dae2e0446c0c02c887996cea59a9bfabdf68
            • Instruction ID: f80d2f0bb25a044b49ab3b467f8f70e9fb3e6b8bf5d8a872df09ed87b534c1b1
            • Opcode Fuzzy Hash: 2833660934ff2f2ceba23027acc8dae2e0446c0c02c887996cea59a9bfabdf68
            • Instruction Fuzzy Hash: F58158B0A00B058FE725DF69D8807AABBF5FF88200F008A2DD486D7B40D735E885CB91
            Function 016B44B0 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 227 16b44b0-16b59b9 CreateActCtxA 230 16b59bb-16b59c1 227->230 231 16b59c2-16b5a1c 227->231 230->231 238 16b5a2b-16b5a2f 231->238 239 16b5a1e-16b5a21 231->239 240 16b5a31-16b5a3d 238->240 241 16b5a40 238->241 239->238 240->241 242 16b5a41 241->242 242->242
            APIs
            • CreateActCtxA.KERNEL32(?), ref: 016B59A9
            Memory Dump Source
            • Source File: 00000000.00000002.1341187162.00000000016B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016B0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_16b0000_SecuriteInfo.jbxd
            Similarity
            • API ID: Create
            • String ID:
            • API String ID: 2289755597-0
            • Opcode ID: f69b1b1d1ecac79f3edecf44ae7f4bf3486e91cf4780e4f6b17a7f7cf556b7b0
            • Instruction ID: 9216cb9b2db3f0495838928eca44770caae3ed3210c2c554eabd5f5a31f74cf5
            • Opcode Fuzzy Hash: f69b1b1d1ecac79f3edecf44ae7f4bf3486e91cf4780e4f6b17a7f7cf556b7b0
            • Instruction Fuzzy Hash: EF41CFB0C00759CBDB24DFA9C884BDEBBB5BF49304F20846AD409BB251DB756945CF90
            Function 016B58ED Relevance: 1.6, APIs: 1, Instructions: 96COMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 244 16b58ed-16b59b9 CreateActCtxA 246 16b59bb-16b59c1 244->246 247 16b59c2-16b5a1c 244->247 246->247 254 16b5a2b-16b5a2f 247->254 255 16b5a1e-16b5a21 247->255 256 16b5a31-16b5a3d 254->256 257 16b5a40 254->257 255->254 256->257 258 16b5a41 257->258 258->258
            APIs
            • CreateActCtxA.KERNEL32(?), ref: 016B59A9
            Memory Dump Source
            • Source File: 00000000.00000002.1341187162.00000000016B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016B0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_16b0000_SecuriteInfo.jbxd
            Similarity
            • API ID: Create
            • String ID:
            • API String ID: 2289755597-0
            • Opcode ID: c78fff96396440470464dddecff3ab6e9c33699103922cb1a95ef33cda868a36
            • Instruction ID: 01000edf774bd89e9cfc2d068cff439578ba9865b22fe8eafae04dcacb52e205
            • Opcode Fuzzy Hash: c78fff96396440470464dddecff3ab6e9c33699103922cb1a95ef33cda868a36
            • Instruction Fuzzy Hash: 2D41CFB0C00759CBEB24DFA9C884BDEBBB1BF89704F20846AD409BB251DB755945CF90
            Function 077A7829 Relevance: 1.6, APIs: 1, Instructions: 76injectionCOMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 260 77a7829-77a787e 263 77a788e-77a78cd WriteProcessMemory 260->263 264 77a7880-77a788c 260->264 266 77a78cf-77a78d5 263->266 267 77a78d6-77a7906 263->267 264->263 266->267
            APIs
            • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 077A78C0
            Memory Dump Source
            • Source File: 00000000.00000002.1345266454.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_77a0000_SecuriteInfo.jbxd
            Similarity
            • API ID: MemoryProcessWrite
            • String ID:
            • API String ID: 3559483778-0
            • Opcode ID: 2439a526002f727f2aef918067cb1dfa7bbcbd23e06a6832cd646d75c3b4143f
            • Instruction ID: a90b214d8b52f8dad74a237725872457bfd8ef5dbdab3d5ea3271ca4747b9928
            • Opcode Fuzzy Hash: 2439a526002f727f2aef918067cb1dfa7bbcbd23e06a6832cd646d75c3b4143f
            • Instruction Fuzzy Hash: 7F3125B19003499FDB14CFA9C884BEEBBF5FF88350F14842AE958A7241D7B99545CBA0
            Function 077A7918 Relevance: 1.6, APIs: 1, Instructions: 72COMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 271 77a7918-77a79ad ReadProcessMemory 275 77a79af-77a79b5 271->275 276 77a79b6-77a79e6 271->276 275->276
            APIs
            • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 077A79A0
            Memory Dump Source
            • Source File: 00000000.00000002.1345266454.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_77a0000_SecuriteInfo.jbxd
            Similarity
            • API ID: MemoryProcessRead
            • String ID:
            • API String ID: 1726664587-0
            • Opcode ID: cd630e7425807855e4aac81c24cfc399c8ce32bf37d4aec7337d38996334896a
            • Instruction ID: e0d8473e42c4ffe9c7167bb891ab29dbf063dab963b2e3f0b12feec2f400707c
            • Opcode Fuzzy Hash: cd630e7425807855e4aac81c24cfc399c8ce32bf37d4aec7337d38996334896a
            • Instruction Fuzzy Hash: 0F214BB18003499FDF14CFAAC884BEEBBF5FF89310F14842AD558A7241C775A505CBA1
            Function 077A7830 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 280 77a7830-77a787e 282 77a788e-77a78cd WriteProcessMemory 280->282 283 77a7880-77a788c 280->283 285 77a78cf-77a78d5 282->285 286 77a78d6-77a7906 282->286 283->282 285->286
            APIs
            • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 077A78C0
            Memory Dump Source
            • Source File: 00000000.00000002.1345266454.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_77a0000_SecuriteInfo.jbxd
            Similarity
            • API ID: MemoryProcessWrite
            • String ID:
            • API String ID: 3559483778-0
            • Opcode ID: 17bbd8d783b12d55a77ca527d4ecfeca2ba2b4c5677e7a4a584febe3e64003a1
            • Instruction ID: 72f544b1b52125578badb394401297597a9eedc1eb03680766c0f77ca986eb3d
            • Opcode Fuzzy Hash: 17bbd8d783b12d55a77ca527d4ecfeca2ba2b4c5677e7a4a584febe3e64003a1
            • Instruction Fuzzy Hash: 592126B59003499FDB14CFA9C885BDEBBF5FF48350F14882AE958A7240D7789944CBA0
            Function 016BB530 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 290 16bb530-16bd574 DuplicateHandle 292 16bd57d-16bd59a 290->292 293 16bd576-16bd57c 290->293 293->292
            APIs
            • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,016BD4A6,?,?,?,?,?), ref: 016BD567
            Memory Dump Source
            • Source File: 00000000.00000002.1341187162.00000000016B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016B0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_16b0000_SecuriteInfo.jbxd
            Similarity
            • API ID: DuplicateHandle
            • String ID:
            • API String ID: 3793708945-0
            • Opcode ID: 4f7bb758f51113598b3ea78a4a6a1f1ab7e02360374e92dd7b9c05aff0c34b73
            • Instruction ID: b8ed5e2c73b0fd47bbe9bd8342bd25ea7720c281ca5a6a3d9ffe711fa3d9f157
            • Opcode Fuzzy Hash: 4f7bb758f51113598b3ea78a4a6a1f1ab7e02360374e92dd7b9c05aff0c34b73
            • Instruction Fuzzy Hash: E521E5B5900249EFDB10CF9AD884ADEFBF4FB48314F14841AE954A7350D378A954CFA5
            Function 077A7258 Relevance: 1.6, APIs: 1, Instructions: 64threadCOMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 296 77a7258-77a72ab 298 77a72bb-77a72eb Wow64SetThreadContext 296->298 299 77a72ad-77a72b9 296->299 301 77a72ed-77a72f3 298->301 302 77a72f4-77a7324 298->302 299->298 301->302
            APIs
            • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 077A72DE
            Memory Dump Source
            • Source File: 00000000.00000002.1345266454.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_77a0000_SecuriteInfo.jbxd
            Similarity
            • API ID: ContextThreadWow64
            • String ID:
            • API String ID: 983334009-0
            • Opcode ID: d08ee5f5cc861083d205fc349176a3d0928cf781e9ad96446d535add04af5700
            • Instruction ID: 23528b8cbe81857f33eff01b84f6cb301c379892e02f91eb2bbd56f3ed4f915a
            • Opcode Fuzzy Hash: d08ee5f5cc861083d205fc349176a3d0928cf781e9ad96446d535add04af5700
            • Instruction Fuzzy Hash: 082159B19003098FEB14CFA9C4857EEBBF4EF88320F14842AD459A7281C7789545CFA1
            Function 077A7260 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 306 77a7260-77a72ab 308 77a72bb-77a72eb Wow64SetThreadContext 306->308 309 77a72ad-77a72b9 306->309 311 77a72ed-77a72f3 308->311 312 77a72f4-77a7324 308->312 309->308 311->312
            APIs
            • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 077A72DE
            Memory Dump Source
            • Source File: 00000000.00000002.1345266454.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_77a0000_SecuriteInfo.jbxd
            Similarity
            • API ID: ContextThreadWow64
            • String ID:
            • API String ID: 983334009-0
            • Opcode ID: 6ecde88586db4be997ed818207cc36dae37abc7caffaaafb8ee7bd03def2ba13
            • Instruction ID: 1c21e5fa2b98a3865d8970309e1a862f5cb094010c36aa5ebcbbbcc99249c2e0
            • Opcode Fuzzy Hash: 6ecde88586db4be997ed818207cc36dae37abc7caffaaafb8ee7bd03def2ba13
            • Instruction Fuzzy Hash: 372149B1D003099FEB14DFAAC4857EEBBF4EF88360F14842AD459A7240C7789945CFA1
            Function 077A7920 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 316 77a7920-77a79ad ReadProcessMemory 319 77a79af-77a79b5 316->319 320 77a79b6-77a79e6 316->320 319->320
            APIs
            • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 077A79A0
            Memory Dump Source
            • Source File: 00000000.00000002.1345266454.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_77a0000_SecuriteInfo.jbxd
            Similarity
            • API ID: MemoryProcessRead
            • String ID:
            • API String ID: 1726664587-0
            • Opcode ID: c07a4488a2e5daa698619a4ef5cd3d80c90b49c9da5af98adc2ec7e6ec62736d
            • Instruction ID: b078cf8523ed727768cbc89e1fec9eaa514e97276a2b709bb7672908c9c2ffaa
            • Opcode Fuzzy Hash: c07a4488a2e5daa698619a4ef5cd3d80c90b49c9da5af98adc2ec7e6ec62736d
            • Instruction Fuzzy Hash: A02116B18003499FDB10DFAAC880BEEBBF5FF88310F54842AE558A7240C7799544CBA1
            Function 016BD4D9 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 324 16bd4d9-16bd574 DuplicateHandle 325 16bd57d-16bd59a 324->325 326 16bd576-16bd57c 324->326 326->325
            APIs
            • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,016BD4A6,?,?,?,?,?), ref: 016BD567
            Memory Dump Source
            • Source File: 00000000.00000002.1341187162.00000000016B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016B0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_16b0000_SecuriteInfo.jbxd
            Similarity
            • API ID: DuplicateHandle
            • String ID:
            • API String ID: 3793708945-0
            • Opcode ID: 2c584a52300c2e3f9a15423ad8cf1c863e7e94da14fd020a1affa36a45af67f4
            • Instruction ID: d69ec7cd6abbad2b3d4c6ee72854eb2bcf880c84943638a5bd7cf30d2dd014dc
            • Opcode Fuzzy Hash: 2c584a52300c2e3f9a15423ad8cf1c863e7e94da14fd020a1affa36a45af67f4
            • Instruction Fuzzy Hash: F221E4B5D00249DFDB10CFA9D984ADEBBF4EB48324F14841AE918A7350D378A954CF61
            Function 077A7769 Relevance: 1.6, APIs: 1, Instructions: 60memoryCOMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 329 77a7769-77a77eb VirtualAllocEx 333 77a77ed-77a77f3 329->333 334 77a77f4-77a7819 329->334 333->334
            APIs
            • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 077A77DE
            Memory Dump Source
            • Source File: 00000000.00000002.1345266454.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_77a0000_SecuriteInfo.jbxd
            Similarity
            • API ID: AllocVirtual
            • String ID:
            • API String ID: 4275171209-0
            • Opcode ID: 176f053f920840b46f81e47294c19d1baed661bd18205b8b9991dbcdab06fd07
            • Instruction ID: 6fe04c2ead8e96b88097a30f061b0b803f024a3f1faa38cd5923d81956c1fb07
            • Opcode Fuzzy Hash: 176f053f920840b46f81e47294c19d1baed661bd18205b8b9991dbcdab06fd07
            • Instruction Fuzzy Hash: 172179728043499FDF10CFA9C845BEEBFF5AF88310F248859D554A7240C775A540CBA1
            Function 077A71A8 Relevance: 1.6, APIs: 1, Instructions: 54threadCOMMON
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.1345266454.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_77a0000_SecuriteInfo.jbxd
            Similarity
            • API ID: ResumeThread
            • String ID:
            • API String ID: 947044025-0
            • Opcode ID: 718dd3cc03d1e2c616fcfdbb3850543228e85516bdb03dbc27089c6be9e0ea54
            • Instruction ID: 2fd3971607752e13f6caafa0feff8da791fa939f659825c4408e3526a004a6c9
            • Opcode Fuzzy Hash: 718dd3cc03d1e2c616fcfdbb3850543228e85516bdb03dbc27089c6be9e0ea54
            • Instruction Fuzzy Hash: B81149B19003498FDB14DFAAD4457EEFBF4EB88224F14882AD459A7640C7799544CFA1
            Function 077A7770 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
            Download Yara Rule
            APIs
            • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 077A77DE
            Memory Dump Source
            • Source File: 00000000.00000002.1345266454.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_77a0000_SecuriteInfo.jbxd
            Similarity
            • API ID: AllocVirtual
            • String ID:
            • API String ID: 4275171209-0
            • Opcode ID: 6882301493ff24171d4e7425a917cc4f05f6409eefda607854508895e2cca1ce
            • Instruction ID: b858ff82e5cffc3be5446457e546e2d629739eb2816f3540900ae385c045c9c7
            • Opcode Fuzzy Hash: 6882301493ff24171d4e7425a917cc4f05f6409eefda607854508895e2cca1ce
            • Instruction Fuzzy Hash: 11113776800349DFDB14DFAAC844BEEBBF5EF88320F148819E559A7250C7799544CFA1
            Function 077A71B0 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
            Download Yara Rule
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.1345266454.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_77a0000_SecuriteInfo.jbxd
            Similarity
            • API ID: ResumeThread
            • String ID:
            • API String ID: 947044025-0
            • Opcode ID: 79bd15f19f697c8282062c41c7627af9f6cc25556040a142b07284bbfdbd2c69
            • Instruction ID: 7df74191bf4eb04d25289195f293175933c637bbc4104b462efd41d97f44b4af
            • Opcode Fuzzy Hash: 79bd15f19f697c8282062c41c7627af9f6cc25556040a142b07284bbfdbd2c69
            • Instruction Fuzzy Hash: 21113AB1D003498FDB14DFAAD4457DEFBF4EF88220F148829D559A7240C779A544CFA1
            Function 077A9CB1 Relevance: 1.5, APIs: 1, Instructions: 48windowCOMMON
            Download Yara Rule
            APIs
            • PostMessageW.USER32(?,00000010,00000000,?), ref: 077A9D15
            Memory Dump Source
            • Source File: 00000000.00000002.1345266454.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_77a0000_SecuriteInfo.jbxd
            Similarity
            • API ID: MessagePost
            • String ID:
            • API String ID: 410705778-0
            • Opcode ID: 93496233884dedfcf4bd98b43b142e59790a8ec9d891612dec34f56769e1821a
            • Instruction ID: 84d8a5a4db0b0546d4ac93dc5295126cdf1b932a28a8dd749bcd31574cc3910a
            • Opcode Fuzzy Hash: 93496233884dedfcf4bd98b43b142e59790a8ec9d891612dec34f56769e1821a
            • Instruction Fuzzy Hash: C51136B5800349DFDB10CFAAD448BDEFBF8EB48320F20841AD558A7641D375A594CFA1
            Function 077A07F8 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
            Download Yara Rule
            APIs
            • PostMessageW.USER32(?,00000010,00000000,?), ref: 077A9D15
            Memory Dump Source
            • Source File: 00000000.00000002.1345266454.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_77a0000_SecuriteInfo.jbxd
            Similarity
            • API ID: MessagePost
            • String ID:
            • API String ID: 410705778-0
            • Opcode ID: 526f493c36158f8ac10ba5994446112a7a02603a573dbe82b2bfe5b23c9aa90b
            • Instruction ID: d0d32bd10fd7d12e23e905c22d9a0024fdf9bde5b2338be85c443b97fc1e0e2a
            • Opcode Fuzzy Hash: 526f493c36158f8ac10ba5994446112a7a02603a573dbe82b2bfe5b23c9aa90b
            • Instruction Fuzzy Hash: 2011F5B58003499FDB10DF9AC485BDEBBF8EB48320F108419E554A7210D375A954CFA1
            Function 016BB0D8 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
            Download Yara Rule
            APIs
            • GetModuleHandleW.KERNELBASE(00000000), ref: 016BB13E
            Memory Dump Source
            • Source File: 00000000.00000002.1341187162.00000000016B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016B0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_16b0000_SecuriteInfo.jbxd
            Similarity
            • API ID: HandleModule
            • String ID:
            • API String ID: 4139908857-0
            • Opcode ID: 7d4c0885b5b4ce46c338be921a8890fa4e11bc5f7978c5712f7618f369b9ed25
            • Instruction ID: 0b763a755b3a59d32430459504673953ed52aadad4e49e023371dee4c50ba5bd
            • Opcode Fuzzy Hash: 7d4c0885b5b4ce46c338be921a8890fa4e11bc5f7978c5712f7618f369b9ed25
            • Instruction Fuzzy Hash: 921110B5C002498FDB10CF9AD844BDEFBF8AB88224F10842AD518B7300C379A545CFA1
            Function 05B0650C Relevance: 1.3, APIs: 1, Instructions: 50COMMON
            Download Yara Rule
            APIs
            • CloseHandle.KERNELBASE(?,?,?,?,?,?,?,?,05B06D19,?,?), ref: 05B06EC0
            Memory Dump Source
            • Source File: 00000000.00000002.1344440027.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_5b00000_SecuriteInfo.jbxd
            Similarity
            • API ID: CloseHandle
            • String ID:
            • API String ID: 2962429428-0
            • Opcode ID: 140b5ecd4410c7471d2fd715f3b381323f45a56815c2f6b48beaa648a24ab8b4
            • Instruction ID: e221de3de1c13d804ef7781ed1e86f3173ad2d331b0ae43ac881a9bf3f8394a3
            • Opcode Fuzzy Hash: 140b5ecd4410c7471d2fd715f3b381323f45a56815c2f6b48beaa648a24ab8b4
            • Instruction Fuzzy Hash: 4D1125B5804349CFDB20DF9AC444BEEBBF4EB48320F10846AD559A7740D778A944CFA5
            Function 05B06E60 Relevance: 1.3, APIs: 1, Instructions: 49COMMON
            Download Yara Rule
            APIs
            • CloseHandle.KERNELBASE(?,?,?,?,?,?,?,?,05B06D19,?,?), ref: 05B06EC0
            Memory Dump Source
            • Source File: 00000000.00000002.1344440027.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_5b00000_SecuriteInfo.jbxd
            Similarity
            • API ID: CloseHandle
            • String ID:
            • API String ID: 2962429428-0
            • Opcode ID: 01b455db7eef93c1b0a77b26f83f43394cdf3593dda6e94c5808827fa9dcde65
            • Instruction ID: f1e8646b35b0a8b558b83040624d809534cd0fc97247e1dbcb56291d8b352513
            • Opcode Fuzzy Hash: 01b455db7eef93c1b0a77b26f83f43394cdf3593dda6e94c5808827fa9dcde65
            • Instruction Fuzzy Hash: B31113B68043498FDB10CF99D545BDEBBF4EB48220F24845AD558A7640D378A584CFA5
            Function 0135D3D8 Relevance: .1, Instructions: 75COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1340604182.000000000135D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0135D000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_135d000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 33264348fa35afa7606ed2b9e9404c2858d8324efc1c88fddfbe2c1f690add07
            • Instruction ID: c8a999add457fd7028c4636f07ea8827b1d8bb9ef34c9bd49a8c54bef7a4b124
            • Opcode Fuzzy Hash: 33264348fa35afa7606ed2b9e9404c2858d8324efc1c88fddfbe2c1f690add07
            • Instruction Fuzzy Hash: DD2133B2500204DFDB05DF84D9C0F66BF69FB88728F24C169EC0A1B246C736E446CAA2
            Function 0135D4C4 Relevance: .1, Instructions: 75COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1340604182.000000000135D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0135D000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_135d000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 72fe82531d2a048b2fb87ada4a055b6792197ae3f2a47ccdb0825c5cc5a6766a
            • Instruction ID: d862ff28276617cdf63044e6ebc197aeb693f2ff6c34bb08e16ce03e87e39f25
            • Opcode Fuzzy Hash: 72fe82531d2a048b2fb87ada4a055b6792197ae3f2a47ccdb0825c5cc5a6766a
            • Instruction Fuzzy Hash: 8E2100B2500244DFDB45DF94D9C0F2ABF65FB88B1CF24C969EC090B656C336D456CAA2
            Function 0136D1D4 Relevance: .1, Instructions: 72COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1340657286.000000000136D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0136D000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_136d000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 4172765afcbc6903ed792d5285c27b8bd8e4ea93584ab26039258f546251243d
            • Instruction ID: 27f12b6f4c822e4059a28b79685cadd577836f84e81e39f9dfd61400c8940a45
            • Opcode Fuzzy Hash: 4172765afcbc6903ed792d5285c27b8bd8e4ea93584ab26039258f546251243d
            • Instruction Fuzzy Hash: 84212971604344DFDB05DF94D5C0B25BB69FB84328F24C56DD8894B29AC376D446CB61
            Function 0136D01C Relevance: .1, Instructions: 72COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1340657286.000000000136D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0136D000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_136d000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: e081fb374c04e674acfacdaa80d982f97b541731eb6428ddd58afd386030a263
            • Instruction ID: c9c31374a89da1df540c44b238b09cc29f7ccd55921cbc81ed38db2de1724bf3
            • Opcode Fuzzy Hash: e081fb374c04e674acfacdaa80d982f97b541731eb6428ddd58afd386030a263
            • Instruction Fuzzy Hash: FF213471604344DFDB15DF54D8C0B26BB69FB88318F24C56DE88A4B28AC337D807CAA2
            Function 0135D4BF Relevance: .1, Instructions: 56COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1340604182.000000000135D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0135D000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_135d000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: f4ddf6aab7a4ec5fdcafc4d9db3305c30ac7726daeb53e4266b93089bec5e780
            • Instruction ID: ee354ffa34749cd47d3298b6e3c5335b12020c457914d57aaa54dc07801ae365
            • Opcode Fuzzy Hash: f4ddf6aab7a4ec5fdcafc4d9db3305c30ac7726daeb53e4266b93089bec5e780
            • Instruction Fuzzy Hash: 5D11DF72404280CFCB02CF54D5C0B16BF71FB84718F24C6A9DC090B656C336D45ACBA1
            Function 0135D3D3 Relevance: .1, Instructions: 56COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1340604182.000000000135D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0135D000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_135d000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: f4ddf6aab7a4ec5fdcafc4d9db3305c30ac7726daeb53e4266b93089bec5e780
            • Instruction ID: 852a9f50c3725b9fd96e7d1e586b1112d6586bf6a71271de0a49f4be6babef19
            • Opcode Fuzzy Hash: f4ddf6aab7a4ec5fdcafc4d9db3305c30ac7726daeb53e4266b93089bec5e780
            • Instruction Fuzzy Hash: E511CDB2404240CFDB06CF44D5C0B56BF72FB84228F24C2A9DC090A656C33AE456CBA1
            Function 0136D017 Relevance: .1, Instructions: 53COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1340657286.000000000136D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0136D000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_136d000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 0571d9b095afed8b546122286ae05565a289416437c47d1601190cbee81fcf2c
            • Instruction ID: 0d97e579bf163cc40627ef9ab8bde88c503befd23e1278f575e7ee809b9a6db0
            • Opcode Fuzzy Hash: 0571d9b095afed8b546122286ae05565a289416437c47d1601190cbee81fcf2c
            • Instruction Fuzzy Hash: CD118E75604280DFDB16CF54D5C4B15BB71FB84318F24C6AAD8494B69AC33AD44ACB61
            Function 0136D1CF Relevance: .1, Instructions: 53COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1340657286.000000000136D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0136D000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_136d000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 0571d9b095afed8b546122286ae05565a289416437c47d1601190cbee81fcf2c
            • Instruction ID: c7d461e185454d464b34579e24d369ef27eedaabebcfd43ee809952b6a27eda2
            • Opcode Fuzzy Hash: 0571d9b095afed8b546122286ae05565a289416437c47d1601190cbee81fcf2c
            • Instruction Fuzzy Hash: BD118B75604280DFDB16CF54D5C4B15BBB1FB84228F28C6AAD8894B69AC33AD44ACB61
            Function 0135D745 Relevance: .0, Instructions: 45COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1340604182.000000000135D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0135D000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_135d000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 755832009830bc6fec3b0d30e8cb513d754ca4eaf0f629302dac7b82e8b0afad
            • Instruction ID: f45d7301641104fd14691369e76343e376fd6030109bde6be34dbc1af2c77d4d
            • Opcode Fuzzy Hash: 755832009830bc6fec3b0d30e8cb513d754ca4eaf0f629302dac7b82e8b0afad
            • Instruction Fuzzy Hash: 5E0126310043849BFB509FA5CD84F26FFDCDF41A38F08C55AED094A282D6799840CAB2
            Function 0135D744 Relevance: .0, Instructions: 36COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1340604182.000000000135D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0135D000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_135d000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 8267c245d9bf83882dd6d367ee1fe58cd1d69b35fce0a6647ba1054e92e5420a
            • Instruction ID: 74c6d6bdef4314eee0dc209cd3401aaebbda5df97938498ec279bad17557d757
            • Opcode Fuzzy Hash: 8267c245d9bf83882dd6d367ee1fe58cd1d69b35fce0a6647ba1054e92e5420a
            • Instruction Fuzzy Hash: B2F062714047849EEB159E5AC984F66FFD8EB81638F18C45AED484A286C2799844CAB1

            Non-executed Functions

            Function 05B046E0 Relevance: 1.5, Strings: 1, Instructions: 281COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1344440027.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_5b00000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: _m
            • API String ID: 0-3239995906
            • Opcode ID: d1f1131f0039fa76b1222c3aaff59daf5a5d6ddbaa2efbf067d2f2e0ddaafa56
            • Instruction ID: ef2a169f208fa7ee1ba590a6e4bee9f0e8859154c39eaa672c93d5dd7cb65183
            • Opcode Fuzzy Hash: d1f1131f0039fa76b1222c3aaff59daf5a5d6ddbaa2efbf067d2f2e0ddaafa56
            • Instruction Fuzzy Hash: F3C15C30A002548FDF24DF65C984BAEBBB2FF89300F14D5A9D549AB295EB34A985CF50
            Function 05B046E8 Relevance: .6, Instructions: 623COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1344440027.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_5b00000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 5935407e6e50be4f5d0bc8593e9ba16b12f9a9f393058fb88eab0bd1683b8b0c
            • Instruction ID: ffe191bd9b1c04f48e45b96ba48f4921bf220982ac304a41d50712c1f0672738
            • Opcode Fuzzy Hash: 5935407e6e50be4f5d0bc8593e9ba16b12f9a9f393058fb88eab0bd1683b8b0c
            • Instruction Fuzzy Hash: EB325430A00218CFEB55DFA8C454BAEBBB2FF85300F1485A9D549AB295DB34AD85CF91
            Function 077A5248 Relevance: .3, Instructions: 325COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1345266454.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_77a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: a34ee39244dbd3f8f91f6b55f920f5f2ea4d30a8fd89b0754362c223a9c55dc9
            • Instruction ID: aec62bc41f15e8efbb45a2bd51ecf12b7b4fa5bec0107176b474ab16e245ba39
            • Opcode Fuzzy Hash: a34ee39244dbd3f8f91f6b55f920f5f2ea4d30a8fd89b0754362c223a9c55dc9
            • Instruction Fuzzy Hash: 05E1F7B4E002199FDB14CFA8C580AAEBBF2FF89305F248269D854AB356D7349D41CF60
            Function 077A4E20 Relevance: .3, Instructions: 312COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1345266454.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_77a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: a7193d522f227fcab488b8d8993c05e8046d1793e789e4f0dc2d1d5ccaa48456
            • Instruction ID: 97fab18e44037b3160ccfb253ef2e6c0e643b1e1a3291947248ed75b602304e3
            • Opcode Fuzzy Hash: a7193d522f227fcab488b8d8993c05e8046d1793e789e4f0dc2d1d5ccaa48456
            • Instruction Fuzzy Hash: 69E1F7B4E002199FDB14CFA8C580AAEFBF2FB89305F248669D854AB356D7359D41CF60
            Function 077A7338 Relevance: .3, Instructions: 312COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1345266454.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_77a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: c499591875b274fe72d1638adbebb278beba91e608e0af664b43cf253a08b431
            • Instruction ID: 65d76f5093184877929be4fe5aeaf4ecc391f6e534959d03e85ae277ccac6401
            • Opcode Fuzzy Hash: c499591875b274fe72d1638adbebb278beba91e608e0af664b43cf253a08b431
            • Instruction Fuzzy Hash: CBE1E7B4E002199FDB18CFA9C580AAEFBF2FB89305F248569D854A7356D7349D41CFA0
            Function 077A6930 Relevance: .3, Instructions: 312COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1345266454.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_77a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 8fe1e68824580856d67dc44981f97ef8431bdc82294cbdc13beaab2fad346949
            • Instruction ID: 7b93f5acc521d2cf91b34d8fad53c7a2fb82a984e1710d586b1392ed4d11319d
            • Opcode Fuzzy Hash: 8fe1e68824580856d67dc44981f97ef8431bdc82294cbdc13beaab2fad346949
            • Instruction Fuzzy Hash: 0BE1E7B4E002199FDB14CFA8C5809AEFBB2FF89345F288669D854AB355D734AD41CF60
            Function 05B04BD2 Relevance: .3, Instructions: 284COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1344440027.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_5b00000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 53c5a9349d29a47cb762a9dd8ab2cc593c3c79009039e7470b377b97afd91734
            • Instruction ID: f9b64eea9c1ad06788bc9e631a83e5319737d096d0dbbdf7e7dd22c605f179e8
            • Opcode Fuzzy Hash: 53c5a9349d29a47cb762a9dd8ab2cc593c3c79009039e7470b377b97afd91734
            • Instruction Fuzzy Hash: F7C15D31A00214CFDF24DF64C980B9EBBB2FF85310F14D5AAD549AB295EB34A985CF90
            Function 016BDD7C Relevance: .3, Instructions: 264COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1341187162.00000000016B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016B0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_16b0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 701632b74a4e47cbe011e777db13f6b934765eecffa212d1ad931b1e481c3479
            • Instruction ID: 6f0f015e2be8eed7257a20898bd501cdd27db6acb1fd25b1415eafdd8afde354
            • Opcode Fuzzy Hash: 701632b74a4e47cbe011e777db13f6b934765eecffa212d1ad931b1e481c3479
            • Instruction Fuzzy Hash: 7BA17E32A002168FCF05DFB5CC845DEBBB2FF94304B1585AAE901AB265DB75E996CB40
            Function 05B0E508 Relevance: .2, Instructions: 169COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1344440027.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_5b00000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: da4fbdd8c06262dbdfab977db64192ce69066ff75557bfdb711c4460d8874c4f
            • Instruction ID: d1a077ee10249157e647b8e656f4e218f8a6e8975eed850d409060b8a6a9b02e
            • Opcode Fuzzy Hash: da4fbdd8c06262dbdfab977db64192ce69066ff75557bfdb711c4460d8874c4f
            • Instruction Fuzzy Hash: 02719F74E006189FDB08DFAAD584ADEFBF2BF89300F14D56AD418AB255DB34A942CF50
            Function 05B0E278 Relevance: .1, Instructions: 140COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1344440027.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_5b00000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: b91e38195828cdc0c1a4c2b583a7f7b2a0e2bcbf2917928b8bce899d494e907c
            • Instruction ID: 2316df2361126e8fd180256675ca9ad3014bf710331609ce1f570463b867b98b
            • Opcode Fuzzy Hash: b91e38195828cdc0c1a4c2b583a7f7b2a0e2bcbf2917928b8bce899d494e907c
            • Instruction Fuzzy Hash: 67519071E016199FDB04CFEAD8446EEFBB2FF89300F10902AE819AB254DB346946CF50
            Function 077A6920 Relevance: .1, Instructions: 140COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1345266454.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_77a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: f79d5f1cf2f2a9e51aba523631ecbe86f2e673e99cd8e9bc3abaf1680a523dff
            • Instruction ID: e670a2453c5c181563b78d5720e8ca30677ccfb9e32ad126ed327a0d76331882
            • Opcode Fuzzy Hash: f79d5f1cf2f2a9e51aba523631ecbe86f2e673e99cd8e9bc3abaf1680a523dff
            • Instruction Fuzzy Hash: 24510BB4E002199FDB15CFA9C5405AEBBF2EF89304F28C66AD448AB216D7345D41CFA1
            Function 05B0E4F8 Relevance: .1, Instructions: 128COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1344440027.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_5b00000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 23c3615846567f07575d0fcf7cd20f7511c63bb58376b5047eccb568b33f5487
            • Instruction ID: 5479ab958513388df4ace35fba49279ec09cb88e7cbdc4ce7dde409a98770145
            • Opcode Fuzzy Hash: 23c3615846567f07575d0fcf7cd20f7511c63bb58376b5047eccb568b33f5487
            • Instruction Fuzzy Hash: F45190B5E006188FDB08CFAAC9846DEFBF2BF88300F14C56AD418AB355DB349946CB40
            Function 05B0E268 Relevance: .1, Instructions: 101COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1344440027.0000000005B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B00000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_5b00000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 7c760a4a5bda3ade47b7783cca77bc6f1fa209f25ef8284e5c176a1213ac8aa3
            • Instruction ID: 3cf3bc136b58308ca7e1e722723b1f7b8c2d901acfaa8632ab850dfadc6d2c51
            • Opcode Fuzzy Hash: 7c760a4a5bda3ade47b7783cca77bc6f1fa209f25ef8284e5c176a1213ac8aa3
            • Instruction Fuzzy Hash: 9C41B2B5E006599FDB08CFAAD8456AEFBF2BF88300F14C06AD418AB254DB349946CF40
            Function 077A94A5 Relevance: .0, Instructions: 16COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000000.00000002.1345266454.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_77a0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 3b408957e2696926d5003680861ec17182d2b3f6f3fa2151eefe49f0d1d0d974
            • Instruction ID: 9a4e74fcff53776c351944f30a25e4f9ca69c56fdfe8b07ded469e87b42f5018
            • Opcode Fuzzy Hash: 3b408957e2696926d5003680861ec17182d2b3f6f3fa2151eefe49f0d1d0d974
            • Instruction Fuzzy Hash: C3C04C65DAE00CE6A6100D9460050FCF73CD6CB1A7F003151D71EA24128A52A5354E64

            Execution Graph

            Execution Coverage:0.6%
            Dynamic/Decrypted Code Coverage:5.4%
            Signature Coverage:5.4%
            Total number of Nodes:74
            Total number of Limit Nodes:9
            execution_graph 95402 42ba43 95403 42ba5d 95402->95403 95406 1762df0 LdrInitializeThunk 95403->95406 95404 42ba85 95406->95404 95407 424b63 95411 424b7c 95407->95411 95408 424bc4 95415 42e573 95408->95415 95411->95408 95412 424c07 95411->95412 95414 424c0c 95411->95414 95413 42e573 RtlFreeHeap 95412->95413 95413->95414 95418 42c7b3 95415->95418 95417 424bd4 95419 42c7cd 95418->95419 95420 42c7de RtlFreeHeap 95419->95420 95420->95417 95457 4247d3 95458 4247ef 95457->95458 95459 424817 95458->95459 95460 42482b 95458->95460 95461 42c433 NtClose 95459->95461 95467 42c433 95460->95467 95463 424820 95461->95463 95464 424834 95470 42e693 RtlAllocateHeap 95464->95470 95466 42483f 95468 42c44d 95467->95468 95469 42c45e NtClose 95468->95469 95469->95464 95470->95466 95471 42f613 95472 42f623 95471->95472 95473 42f629 95471->95473 95476 42e653 95473->95476 95475 42f64f 95479 42c763 95476->95479 95478 42e66e 95478->95475 95480 42c780 95479->95480 95481 42c791 RtlAllocateHeap 95480->95481 95481->95478 95482 41e293 95483 41e2b9 95482->95483 95487 41e3b6 95483->95487 95488 42f743 95483->95488 95485 41e354 95486 42ba93 LdrInitializeThunk 95485->95486 95485->95487 95486->95487 95489 42f6b3 95488->95489 95490 42e653 RtlAllocateHeap 95489->95490 95493 42f710 95489->95493 95491 42f6ed 95490->95491 95492 42e573 RtlFreeHeap 95491->95492 95492->95493 95493->95485 95421 401b07 95423 401aa2 95421->95423 95422 401a48 95423->95422 95426 42fae3 95423->95426 95424 401bff 95424->95424 95429 42e0f3 95426->95429 95428 42faee 95428->95424 95430 42e117 95429->95430 95435 4072d3 95430->95435 95432 42e140 95434 42e15f 95432->95434 95438 41ae93 NtClose 95432->95438 95434->95428 95437 4072e0 95435->95437 95439 416283 95435->95439 95437->95432 95438->95434 95440 4162a0 95439->95440 95442 4162b9 95440->95442 95443 42cec3 95440->95443 95442->95437 95445 42cedd 95443->95445 95444 42cf0c 95444->95442 95445->95444 95450 42ba93 95445->95450 95448 42e573 RtlFreeHeap 95449 42cf85 95448->95449 95449->95442 95451 42bab0 95450->95451 95454 1762c0a 95451->95454 95452 42badc 95452->95448 95455 1762c11 95454->95455 95456 1762c1f LdrInitializeThunk 95454->95456 95455->95452 95456->95452

            Executed Functions

            Function 0042C433 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 113 42c433-42c46c call 404713 call 42d6b3 NtClose
            APIs
            • NtClose.NTDLL(?,?,00000000,00000000,0000001F,?,FA0A1F00), ref: 0042C467
            Memory Dump Source
            • Source File: 00000003.00000002.1500085807.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_400000_SecuriteInfo.jbxd
            Yara matches
            Similarity
            • API ID: Close
            • String ID:
            • API String ID: 3535843008-0
            • Opcode ID: f104d03abdedf1f8787786e7aaafcefc6a5242dd07684567bd9e54fffbad41ec
            • Instruction ID: 37a102a096cf0697ac499042812ebe3be0a6e3a94df1b2a833282852239f11ec
            • Opcode Fuzzy Hash: f104d03abdedf1f8787786e7aaafcefc6a5242dd07684567bd9e54fffbad41ec
            • Instruction Fuzzy Hash: 7DE04F766002147BD620BA5AEC41F97775CDFC5714F00801AFA0867282C675791087F5
            Function 01762DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 122 1762df0-1762dfc LdrInitializeThunk
            APIs
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID: InitializeThunk
            • String ID:
            • API String ID: 2994545307-0
            • Opcode ID: 340241332a4b44b69e3a1e6ccc4aa3503a2deb70cbfd23ec5af99b7da23d5624
            • Instruction ID: cea4abfb9cc1eb233845dc36da57caeb39240fba3e9cd19a742e2b05b132e912
            • Opcode Fuzzy Hash: 340241332a4b44b69e3a1e6ccc4aa3503a2deb70cbfd23ec5af99b7da23d5624
            • Instruction Fuzzy Hash: C890023120550413D61171588508707400997D0241F96C432A0424568DD6568B52A222
            Function 0042C763 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 103 42c763-42c7a7 call 404713 call 42d6b3 RtlAllocateHeap
            APIs
            • RtlAllocateHeap.NTDLL(?,0041E354,?,?,00000000,?,0041E354,?,?,?), ref: 0042C7A2
            Memory Dump Source
            • Source File: 00000003.00000002.1500085807.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_400000_SecuriteInfo.jbxd
            Yara matches
            Similarity
            • API ID: AllocateHeap
            • String ID:
            • API String ID: 1279760036-0
            • Opcode ID: 8e8f804e6e2566f97d4133197ec8a822201c655ac3a2fa4d2fbee59e578fcff7
            • Instruction ID: 8478ad7e8697ef7acc63e2c8c0b0e70c508952faf178b19bb78cdc86ac20e0b7
            • Opcode Fuzzy Hash: 8e8f804e6e2566f97d4133197ec8a822201c655ac3a2fa4d2fbee59e578fcff7
            • Instruction Fuzzy Hash: 18E06DB27042047FD610EE59EC45F9B73ACEFC5714F004019F908A7282D770B9108AB5
            Function 0042C7B3 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 108 42c7b3-42c7f4 call 404713 call 42d6b3 RtlFreeHeap
            APIs
            • RtlFreeHeap.NTDLL(00000000,00000004,00000000,9403D333,00000007,00000000,00000004,00000000,00416E48,000000F4), ref: 0042C7EF
            Memory Dump Source
            • Source File: 00000003.00000002.1500085807.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_400000_SecuriteInfo.jbxd
            Yara matches
            Similarity
            • API ID: FreeHeap
            • String ID:
            • API String ID: 3298025750-0
            • Opcode ID: 27bbdd54da5c965e61241d10b6020c612638fb223b0637cadf89fda0c63e04a5
            • Instruction ID: 0103aceadb78e79b7ecc8faacede7f1e09fa23b9d57152ecbc1c1368217fcbeb
            • Opcode Fuzzy Hash: 27bbdd54da5c965e61241d10b6020c612638fb223b0637cadf89fda0c63e04a5
            • Instruction Fuzzy Hash: 6DE06DB17002047BD610EE59EC81F9B33ADDFC5710F004019FE08A7241D671B9108AB9
            Function 01762C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
            Download Yara Rule

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 118 1762c0a-1762c0f 119 1762c11-1762c18 118->119 120 1762c1f-1762c26 LdrInitializeThunk 118->120
            APIs
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID: InitializeThunk
            • String ID:
            • API String ID: 2994545307-0
            • Opcode ID: f047e2743a81a55474f904c50166ff3456fee598ec76de90ea3facf75c6a067b
            • Instruction ID: 5fb6751b7ade4547c1a463c2ba43b53395e6f5b85dd39afc6bceeb6f3afdd017
            • Opcode Fuzzy Hash: f047e2743a81a55474f904c50166ff3456fee598ec76de90ea3facf75c6a067b
            • Instruction Fuzzy Hash: 86B09B719055C5C9DF52F764460C717B90477D0701F16C071D6030651F4738C1D1E276

            Non-executed Functions

            Function 017A2349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
            • API String ID: 0-2160512332
            • Opcode ID: 8fe6c26c4ef9606fa69702e7f462ca7b353f04abcab65f2c125a845cd26a72b4
            • Instruction ID: b05875a2a1c3661bfa0dce776f2dfb8ca35786420657c314be24f075a91f212e
            • Opcode Fuzzy Hash: 8fe6c26c4ef9606fa69702e7f462ca7b353f04abcab65f2c125a845cd26a72b4
            • Instruction Fuzzy Hash: 4A926C71608342AFE721DF28C884B6BF7E8BB84754F444A2DFA94D7252D770E944CB92
            Function 01758620 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
            Download Yara Rule
            Strings
            • Critical section address., xrefs: 01795502
            • Critical section address, xrefs: 01795425, 017954BC, 01795534
            • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 017954CE
            • corrupted critical section, xrefs: 017954C2
            • 8, xrefs: 017952E3
            • Thread identifier, xrefs: 0179553A
            • Thread is in a state in which it cannot own a critical section, xrefs: 01795543
            • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 0179540A, 01795496, 01795519
            • Critical section debug info address, xrefs: 0179541F, 0179552E
            • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 017954E2
            • double initialized or corrupted critical section, xrefs: 01795508
            • Address of the debug info found in the active list., xrefs: 017954AE, 017954FA
            • undeleted critical section in freed memory, xrefs: 0179542B
            • Invalid debug info address of this critical section, xrefs: 017954B6
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
            • API String ID: 0-2368682639
            • Opcode ID: 82bf5b950202e646c90747a88940045a49bfb3b9c8e36785cd192feaba66c56c
            • Instruction ID: 059fa58a12d8bf5706f9680aeb64cb80ed48328f530afd5896dd40283c1ae5c8
            • Opcode Fuzzy Hash: 82bf5b950202e646c90747a88940045a49bfb3b9c8e36785cd192feaba66c56c
            • Instruction Fuzzy Hash: 00819DB1A00358EFEF21CF99C855BAEFBF5AB48704F20415AF904B7291D3B1A944CB61
            Function 017529F9 Relevance: 14.2, Strings: 11, Instructions: 411COMMON
            Download Yara Rule
            Strings
            • @, xrefs: 0179259B
            • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 01792409
            • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 01792506
            • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 01792602
            • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 017922E4
            • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 01792498
            • RtlpResolveAssemblyStorageMapEntry, xrefs: 0179261F
            • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 01792412
            • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 017924C0
            • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 017925EB
            • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 01792624
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
            • API String ID: 0-4009184096
            • Opcode ID: 1847a3f72c42a50c4b34d576a121c6d30ad8c96388d17de302894081c279d27c
            • Instruction ID: 0a73871d438f389c10f4cfa477aae95a6dade5123237f3d52e2e0798a1bf7c0e
            • Opcode Fuzzy Hash: 1847a3f72c42a50c4b34d576a121c6d30ad8c96388d17de302894081c279d27c
            • Instruction Fuzzy Hash: 950271F1D042299BDF61DB54CC84BD9F7B8AB54304F4041DAEA49A7243EB70AE84CF99
            Function 017C8B42 Relevance: 12.6, Strings: 10, Instructions: 146COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
            • API String ID: 0-2515994595
            • Opcode ID: 0255006c204b60f049dd1fe94d120493c52d1bc93651e73009743e5789e1350f
            • Instruction ID: 424885e97c3c6c5f589febec666c91ea01141018966b81f570c3032aa60b7966
            • Opcode Fuzzy Hash: 0255006c204b60f049dd1fe94d120493c52d1bc93651e73009743e5789e1350f
            • Instruction Fuzzy Hash: 9A51BD715143119BD339CF288844BABFBECEF98B50F14496DEA9AC3245E770D644CB92
            Function 017D0274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
            • API String ID: 0-1700792311
            • Opcode ID: 13e2a0fd41de6a258305842781a817fd8cfe220d7a48521c181d8e8b14f0f0a6
            • Instruction ID: cd869c5d9dd4107611c4cd77b53a878a05802e1bcba8382563e1e070b6d1ba20
            • Opcode Fuzzy Hash: 13e2a0fd41de6a258305842781a817fd8cfe220d7a48521c181d8e8b14f0f0a6
            • Instruction Fuzzy Hash: 7BD1CA3560068ADFDB22DFACC444AAEFBF2FF4A710F189059F9469B256C7349981CB10
            Function 017A89B3 Relevance: 9.0, Strings: 7, Instructions: 259COMMON
            Download Yara Rule
            Strings
            • VerifierDlls, xrefs: 017A8CBD
            • VerifierFlags, xrefs: 017A8C50
            • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 017A8A3D
            • HandleTraces, xrefs: 017A8C8F
            • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 017A8A67
            • VerifierDebug, xrefs: 017A8CA5
            • AVRF: -*- final list of providers -*- , xrefs: 017A8B8F
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
            • API String ID: 0-3223716464
            • Opcode ID: ff251fda238ea604ba7a93f008e79c40e2a70988d0d35125b213dcf754c16b75
            • Instruction ID: 54ca0973da4dbd26530540bdd30b5d7449d9a542f89f09b45a5b7129c684307f
            • Opcode Fuzzy Hash: ff251fda238ea604ba7a93f008e79c40e2a70988d0d35125b213dcf754c16b75
            • Instruction Fuzzy Hash: 25915873641302EFD721EF68C894B5BF7E8ABD9B15F840658FA41AB244C7709E40CB92
            Function 017563FF Relevance: 7.8, Strings: 6, Instructions: 261COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
            • API String ID: 0-792281065
            • Opcode ID: 06776754f938e88a5b7c5338a4f0c3c34f2fdffa24149eb3b3177e320f1d85c1
            • Instruction ID: 0c3004847f5ce77fa99c7647d61851295e718d9af79cd1004b30111cf45f3676
            • Opcode Fuzzy Hash: 06776754f938e88a5b7c5338a4f0c3c34f2fdffa24149eb3b3177e320f1d85c1
            • Instruction Fuzzy Hash: F2916C72B403169BDF35DF58E948BAAFBA5FB41B24F500168FE0167289D7B05A42CB90
            Function 0171645D Relevance: 7.6, Strings: 6, Instructions: 150COMMON
            Download Yara Rule
            Strings
            • Getting the shim engine exports failed with status 0x%08lx, xrefs: 01779A01
            • minkernel\ntdll\ldrinit.c, xrefs: 01779A11, 01779A3A
            • apphelp.dll, xrefs: 01716496
            • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 01779A2A
            • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 017799ED
            • LdrpInitShimEngine, xrefs: 017799F4, 01779A07, 01779A30
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
            • API String ID: 0-204845295
            • Opcode ID: 7b205d0ab8cf3f2d5f8bfcaead2ea71f9cec4d6e367157161515a76e577005e3
            • Instruction ID: a54c2a807c0ad568638060b8763c4b4af067afce1b187b9850018621e5a01c14
            • Opcode Fuzzy Hash: 7b205d0ab8cf3f2d5f8bfcaead2ea71f9cec4d6e367157161515a76e577005e3
            • Instruction Fuzzy Hash: 66510572209301DFDB21EF28C845BABF7E8FB84658F10091DFA8597165DB70EA44CB92
            Function 01752674 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
            Download Yara Rule
            Strings
            • SXS: %s() passed the empty activation context, xrefs: 01792165
            • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 01792180
            • RtlGetAssemblyStorageRoot, xrefs: 01792160, 0179219A, 017921BA
            • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 01792178
            • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 017921BF
            • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 0179219F
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
            • API String ID: 0-861424205
            • Opcode ID: 9ecceaba6c5e232276472825c3a65bf0ee1f54b14092e07381693bced36361c1
            • Instruction ID: a7bde55655de706103a5b837f173892afdf5502bd6b97fe86b492da32719a91f
            • Opcode Fuzzy Hash: 9ecceaba6c5e232276472825c3a65bf0ee1f54b14092e07381693bced36361c1
            • Instruction Fuzzy Hash: 8F3139B6B80315F7EB21DA999C85F5FFAB8DB65A40F050059FB0467286D3B0AE00C3A0
            Function 0175C6A6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
            Download Yara Rule
            Strings
            • Unable to build import redirection Table, Status = 0x%x, xrefs: 017981E5
            • LdrpInitializeProcess, xrefs: 0175C6C4
            • minkernel\ntdll\ldrinit.c, xrefs: 0175C6C3
            • Loading import redirection DLL: '%wZ', xrefs: 01798170
            • LdrpInitializeImportRedirection, xrefs: 01798177, 017981EB
            • minkernel\ntdll\ldrredirect.c, xrefs: 01798181, 017981F5
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
            • API String ID: 0-475462383
            • Opcode ID: deb0c57285df5c39743b3656aaadc09519d67a47dd26328f0626edf99e3e34c2
            • Instruction ID: 50efeb5e8ee26ef1f24b5f1832fc7f1c6d9860322028828615439413e4f0ac64
            • Opcode Fuzzy Hash: deb0c57285df5c39743b3656aaadc09519d67a47dd26328f0626edf99e3e34c2
            • Instruction Fuzzy Hash: C531E4B26443069FD321EF28DC49E2AF7D8EF95B10F04055CF941AB299D660ED04C7A2
            Function 0176096E Relevance: 6.6, APIs: 4, Instructions: 606COMMON
            Download Yara Rule
            APIs
              • Part of subcall function 01762DF0: LdrInitializeThunk.NTDLL ref: 01762DFA
            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01760BA3
            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01760BB6
            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01760D60
            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01760D74
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
            • String ID:
            • API String ID: 1404860816-0
            • Opcode ID: 83f1c30214d5ae07c48dcebb8d15807debf62bf1f1e8dca116419813b44b7b2f
            • Instruction ID: 298e506122e2ef465eef6cce5443ef1fa643323b92a149b412061e71f0bca7f6
            • Opcode Fuzzy Hash: 83f1c30214d5ae07c48dcebb8d15807debf62bf1f1e8dca116419813b44b7b2f
            • Instruction Fuzzy Hash: 6B425D71900715DFDB61CF28C884BAAB7F9FF48314F1445AAE989DB245E770AA84CF60
            Function 0172A3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
            • API String ID: 0-379654539
            • Opcode ID: 548e7bfd93300458b1a1686b66c0c13907bbdd383b79834c16e9a1ebfa9a1550
            • Instruction ID: e1442fb5502c17571284663e9498bc16824eb895af2569cec115048c909ad4cc
            • Opcode Fuzzy Hash: 548e7bfd93300458b1a1686b66c0c13907bbdd383b79834c16e9a1ebfa9a1550
            • Instruction Fuzzy Hash: F7C1BA70108392CFD721DF59C144B6AFBE4FF94304F0489AAF9968BA51E334CA4ACB52
            Function 01758402 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
            Download Yara Rule
            Strings
            • LdrpInitializeProcess, xrefs: 01758422
            • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 0175855E
            • minkernel\ntdll\ldrinit.c, xrefs: 01758421
            • @, xrefs: 01758591
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
            • API String ID: 0-1918872054
            • Opcode ID: f626bbc94354c7186721b8d20a6d1870810694c7467ba69f399b8d16718b4cc9
            • Instruction ID: 7253cf5f8024ebf96f597e524b6814d57b616e56a7f8f0c414ea0cbde554013c
            • Opcode Fuzzy Hash: f626bbc94354c7186721b8d20a6d1870810694c7467ba69f399b8d16718b4cc9
            • Instruction Fuzzy Hash: D6919B71548345AFDB62DF26CC44FABFAECFB84684F40092EFA8896155E770D9048B63
            Function 0175273C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
            Download Yara Rule
            Strings
            • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 017921D9, 017922B1
            • SXS: %s() passed the empty activation context, xrefs: 017921DE
            • .Local, xrefs: 017528D8
            • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 017922B6
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
            • API String ID: 0-1239276146
            • Opcode ID: 5664e47b0dcf912ab1412f4f4c21ce202c0ff37e43499069d552ae061a06fc43
            • Instruction ID: fd250eb193926f936f7e31ca75b53a53e3bbd56c612242a5179b674cff0fc357
            • Opcode Fuzzy Hash: 5664e47b0dcf912ab1412f4f4c21ce202c0ff37e43499069d552ae061a06fc43
            • Instruction Fuzzy Hash: A2A1BE31944229DBDB65DF68D888BA9F7B0BF58314F2501E9DD08AB352D7709E84CF90
            Function 01754AD0 Relevance: 5.2, Strings: 4, Instructions: 228COMMON
            Download Yara Rule
            Strings
            • SXS: %s() called with invalid cookie type 0x%08Ix, xrefs: 01793437
            • SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix, xrefs: 01793456
            • SXS: %s() called with invalid flags 0x%08lx, xrefs: 0179342A
            • RtlDeactivateActivationContext, xrefs: 01793425, 01793432, 01793451
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: RtlDeactivateActivationContext$SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix$SXS: %s() called with invalid cookie type 0x%08Ix$SXS: %s() called with invalid flags 0x%08lx
            • API String ID: 0-1245972979
            • Opcode ID: 3c8e57c145ff1849f13a3891823b9cae461e41030f169a02d235a86d6a5e0989
            • Instruction ID: 07f265c53810513e4e3b694b74ac580ef6125ed54c84b33e5daad3f8c8d1ff76
            • Opcode Fuzzy Hash: 3c8e57c145ff1849f13a3891823b9cae461e41030f169a02d235a86d6a5e0989
            • Instruction Fuzzy Hash: D0613476604B129BDB22CF2CC885B3AF7E1BF80B50F158559EC569B291E770EC41CB91
            Function 017264AB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
            Download Yara Rule
            Strings
            • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 01780FE5
            • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 01781028
            • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 017810AE
            • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 0178106B
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
            • API String ID: 0-1468400865
            • Opcode ID: 526fa3efb6e44a0765825f4fb5f37c448d6c7b5e90e1a8ed0673de6e97b40941
            • Instruction ID: bcbe1a320d2ebd5edc350c5e78a5339bc746e8df7e7a3d2501e45a3a26cd2abc
            • Opcode Fuzzy Hash: 526fa3efb6e44a0765825f4fb5f37c448d6c7b5e90e1a8ed0673de6e97b40941
            • Instruction Fuzzy Hash: 7A71E3B19043159FCB21EF19C888B9BBFA8EF94764F500469FD488B14AD334D589CBD2
            Function 0174245A Relevance: 5.1, Strings: 4, Instructions: 111COMMON
            Download Yara Rule
            Strings
            • LdrpDynamicShimModule, xrefs: 0178A998
            • minkernel\ntdll\ldrinit.c, xrefs: 0178A9A2
            • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 0178A992
            • apphelp.dll, xrefs: 01742462
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
            • API String ID: 0-176724104
            • Opcode ID: af68c29aedbf4c66b0b088be0dfeaef9ddafbabf06e4d26b17a7971867058cc1
            • Instruction ID: 5b1b71c2057f22ad524ea62e24e14d29c56bae0c563780150a9632fe815c2e8b
            • Opcode Fuzzy Hash: af68c29aedbf4c66b0b088be0dfeaef9ddafbabf06e4d26b17a7971867058cc1
            • Instruction Fuzzy Hash: 3F312A77640202ABDB31AF5DD885E6AFBB8FB84714F26005AFD01A7249D7B05A41CB40
            Function 017329A0 Relevance: 4.7, Strings: 3, Instructions: 966COMMON
            Download Yara Rule
            Strings
            • Unable to release memory at %p for %Ix bytes - Status == %x, xrefs: 0173327D
            • HEAP[%wZ]: , xrefs: 01733255
            • HEAP: , xrefs: 01733264
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
            • API String ID: 0-617086771
            • Opcode ID: 061dad94a5e6df17c526cb95543c0b923feeab6042300fe9f22b0fe3abeed9c8
            • Instruction ID: 6d9ef0ee985e5aafab084fec2d092322e071d686ca71c999b661f3be137bc984
            • Opcode Fuzzy Hash: 061dad94a5e6df17c526cb95543c0b923feeab6042300fe9f22b0fe3abeed9c8
            • Instruction Fuzzy Hash: 63929A71A046499FEB25CF68C444BAEFBF1FF88300F188099E959AB392D735A945CF50
            Function 01730770 Relevance: 4.2, Strings: 3, Instructions: 414COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
            • API String ID: 0-4253913091
            • Opcode ID: 62b4da434b645814e0e45186ba4ba17f8dca39d1775f0804cb837393180d3e20
            • Instruction ID: 29321822eee6bba1b9de94d38d6221337ff291e1e0c6ee4fc84571cbb21b5b03
            • Opcode Fuzzy Hash: 62b4da434b645814e0e45186ba4ba17f8dca39d1775f0804cb837393180d3e20
            • Instruction Fuzzy Hash: ABF1BE70A40606DFEB25DF68C894B6AF7F5FF84304F1481A8E5169B386D734EA81CB90
            Function 01746962 Relevance: 4.0, Strings: 2, Instructions: 1492COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: $@
            • API String ID: 0-1077428164
            • Opcode ID: dcb329dc1fb1b03771abfadf3c46bfbb24f0c9a5df5cad27fb6d66352f472771
            • Instruction ID: 7758d3631844b52ac7abe1bbad1c800a5075a946ea4543a1b62b50a0e955725a
            • Opcode Fuzzy Hash: dcb329dc1fb1b03771abfadf3c46bfbb24f0c9a5df5cad27fb6d66352f472771
            • Instruction Fuzzy Hash: FAC27F716083419FE72ACF28C881BABFBE5AF89754F04896DF999C7241D734D844CB62
            Function 0171A197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: FilterFullPath$UseFilter$\??\
            • API String ID: 0-2779062949
            • Opcode ID: 18195bd714d1e777f06cde65608d3d29073deef7e9fec82329e3ee7ca454cbb2
            • Instruction ID: dc928f80127ced58e0ef87ff949d10475f54df84fb6e50b54ea6b6f822f14ad6
            • Opcode Fuzzy Hash: 18195bd714d1e777f06cde65608d3d29073deef7e9fec82329e3ee7ca454cbb2
            • Instruction Fuzzy Hash: 28A13E7191162A9BDF329F68CC88BE9F7B8EF48710F1041EAD909A7251D7359E84CF50
            Function 01740BCB Relevance: 4.0, Strings: 3, Instructions: 210COMMON
            Download Yara Rule
            Strings
            • Failed to allocated memory for shimmed module list, xrefs: 0178A10F
            • minkernel\ntdll\ldrinit.c, xrefs: 0178A121
            • LdrpCheckModule, xrefs: 0178A117
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
            • API String ID: 0-161242083
            • Opcode ID: 6452f3f4cf98fc84dd1cc9ff705893313fc26eea79fcf157210cd7d3cf937e31
            • Instruction ID: 6b33cafa93b402765dddbb133e043f63865cef688884d5d85d4d4edb2d82b718
            • Opcode Fuzzy Hash: 6452f3f4cf98fc84dd1cc9ff705893313fc26eea79fcf157210cd7d3cf937e31
            • Instruction Fuzzy Hash: EB71DE71A00206DFDB25EF68C984AFEF7F8FB84204F14406DE942EB255E774AA42CB54
            Function 01730A5B Relevance: 3.9, Strings: 3, Instructions: 190COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
            • API String ID: 0-1334570610
            • Opcode ID: be414006958ce051c306843d2d8c435ac6df46970c6e9b48cebc46c540d9592f
            • Instruction ID: 2d8cb52d0606861c33f70375b2176dade747ac617b6950b02afe8fd05d503d43
            • Opcode Fuzzy Hash: be414006958ce051c306843d2d8c435ac6df46970c6e9b48cebc46c540d9592f
            • Instruction Fuzzy Hash: E761CE70600301DFDB29DF28C844B6AFBE1FF85308F148599E4498F296D770E981CB91
            Function 0175C720 Relevance: 3.9, Strings: 3, Instructions: 141COMMON
            Download Yara Rule
            Strings
            • Failed to reallocate the system dirs string !, xrefs: 017982D7
            • LdrpInitializePerUserWindowsDirectory, xrefs: 017982DE
            • minkernel\ntdll\ldrinit.c, xrefs: 017982E8
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
            • API String ID: 0-1783798831
            • Opcode ID: 269372401ed8d4db53268a4c3476bd900d2167a89f271692cc105e4977fbde1c
            • Instruction ID: 69bde59306c79a7395239508ad7fd6823f835fa1ea3607fcc5cc1d038a67e0e1
            • Opcode Fuzzy Hash: 269372401ed8d4db53268a4c3476bd900d2167a89f271692cc105e4977fbde1c
            • Instruction Fuzzy Hash: 4E41F372544305ABD722EB68DC48B5BF7ECEF48A50F10492AF955D3299E7B0D900CB91
            Function 017DC188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
            Download Yara Rule
            Strings
            • @, xrefs: 017DC1F1
            • PreferredUILanguages, xrefs: 017DC212
            • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 017DC1C5
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
            • API String ID: 0-2968386058
            • Opcode ID: 4b814b5e3e37f7bcf8e4c098e9275b7e9808212f70324ff0982c34a2e18d5c85
            • Instruction ID: 2744613aea18f2d4fcb337b72f6fa15084ce138cda665eac1e1fdaa9dd50c5f5
            • Opcode Fuzzy Hash: 4b814b5e3e37f7bcf8e4c098e9275b7e9808212f70324ff0982c34a2e18d5c85
            • Instruction Fuzzy Hash: 23416371E0420DEBDB12DAD8C895FEEFBBDAB18700F14416EEA09B7244D774AA44CB50
            Function 017B4144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
            • API String ID: 0-1373925480
            • Opcode ID: 515579f8ab8152fa82f5f1732b57a79be4200f95fc45834dee2c64bdd5f09a34
            • Instruction ID: f8fa6b3dccd98f52f59df9a17c2f3ca44820691accc96306994187fa7b2ed058
            • Opcode Fuzzy Hash: 515579f8ab8152fa82f5f1732b57a79be4200f95fc45834dee2c64bdd5f09a34
            • Instruction Fuzzy Hash: 2A41F431A04658CBEB26DB99C888BEDFBB8FF95340F140469D903EB796D7349941CB50
            Function 017A4755 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
            Download Yara Rule
            Strings
            • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 017A4888
            • LdrpCheckRedirection, xrefs: 017A488F
            • minkernel\ntdll\ldrredirect.c, xrefs: 017A4899
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
            • API String ID: 0-3154609507
            • Opcode ID: b46b5da07d54777afab50feeec9354a20c09631ec7043561f3f0a17507323c3e
            • Instruction ID: 09272011ce66559ef06b665e42738e439b865f3bc093614727b83b3845bac2c1
            • Opcode Fuzzy Hash: b46b5da07d54777afab50feeec9354a20c09631ec7043561f3f0a17507323c3e
            • Instruction Fuzzy Hash: 5241D332A442919FCB21CE1CE840A26FBE4EFC9A50F49076DED4AD7215D7B2D800CB81
            Function 01730BBE Relevance: 3.8, Strings: 3, Instructions: 70COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
            • API String ID: 0-2558761708
            • Opcode ID: 87542aeba5acd1e7d055acadcfbb066c3239633e015d3f1c0fd13a17bf9898b3
            • Instruction ID: 675aeddb6bd654cf8152107888ce909b9f089d7b66c6cefb89aa40b4b5abe9e9
            • Opcode Fuzzy Hash: 87542aeba5acd1e7d055acadcfbb066c3239633e015d3f1c0fd13a17bf9898b3
            • Instruction Fuzzy Hash: 3911AC32395142DFDB29EA1CC859B6AF3A5EF80616F1881A9F40ACB65ADB30D841CB50
            Function 017A20DE Relevance: 3.8, Strings: 3, Instructions: 41COMMON
            Download Yara Rule
            Strings
            • LdrpInitializationFailure, xrefs: 017A20FA
            • minkernel\ntdll\ldrinit.c, xrefs: 017A2104
            • Process initialization failed with status 0x%08lx, xrefs: 017A20F3
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
            • API String ID: 0-2986994758
            • Opcode ID: 36f83d614d1e48cce970d1b8153e00c22428edc27ec49dbff6a4bc9c7bbd808a
            • Instruction ID: aba1b627513cf19e9f75397be503d447c436f93d16b0204a25c0910851822c3b
            • Opcode Fuzzy Hash: 36f83d614d1e48cce970d1b8153e00c22428edc27ec49dbff6a4bc9c7bbd808a
            • Instruction Fuzzy Hash: 3FF0FC76780309BBE725D64CDC5AF99B7ACFB81B54F90046DFB00772C6D5B0A640CA51
            Function 017303E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON
            Download Yara Rule
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID: ___swprintf_l
            • String ID: #%u
            • API String ID: 48624451-232158463
            • Opcode ID: 90bbda21c5f6cc3c504df7270ca4d87435bcc0373c26f78fab9371f111f3799a
            • Instruction ID: c6dae95a90671388209164b7f2a108ee5cbe164f6dc5b3dfb6bb940baae24d97
            • Opcode Fuzzy Hash: 90bbda21c5f6cc3c504df7270ca4d87435bcc0373c26f78fab9371f111f3799a
            • Instruction Fuzzy Hash: 8D715971A0014A9FDB11DFA8C994FAEFBF8BF48704F144065E905E7256EA78EE41CB60
            Function 0172A9D0 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
            Download Yara Rule
            Strings
            • LdrResSearchResource Enter, xrefs: 0172AA13
            • LdrResSearchResource Exit, xrefs: 0172AA25
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
            • API String ID: 0-4066393604
            • Opcode ID: f0851d7fa35336b496b1da40b739ea430652871fa4fece9d03b7337824f811df
            • Instruction ID: 5c86fc2b37721d00ee9ebf37d6f4eb1811ad5a57431af5b2108e2b5e93df3245
            • Opcode Fuzzy Hash: f0851d7fa35336b496b1da40b739ea430652871fa4fece9d03b7337824f811df
            • Instruction Fuzzy Hash: 0BE17E71E40269AFEB22DE9CC984BAEFBBAFF14710F10446AE901E7651D734D942CB50
            Function 017EA352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: `$`
            • API String ID: 0-197956300
            • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
            • Instruction ID: bed465f9165ee9c69c1ca7c9f8acdab98f908a023f900b2423c7336cc770c5a9
            • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
            • Instruction Fuzzy Hash: FAC1C1312043429BEB25CF28C849B6BFBE5AFD8318F184A2DF696CB291D774D505CB52
            Function 0179E6F2 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID: InitializeThunk
            • String ID: Legacy$UEFI
            • API String ID: 2994545307-634100481
            • Opcode ID: c5e99d15303baae47ca3e29a68afa18a987e7220b2fd1f58a5966dfbbbd3f3b9
            • Instruction ID: 065c3699c00c5f04cb40dc7058710cceebe46d6c75e7407d6f24422f1acb81e7
            • Opcode Fuzzy Hash: c5e99d15303baae47ca3e29a68afa18a987e7220b2fd1f58a5966dfbbbd3f3b9
            • Instruction Fuzzy Hash: 5C615871E407199FDB24DFA8D844BAEFBB9FB48700F14406DE649EB291DB31A944CB50
            Function 017C43D4 Relevance: 2.7, Strings: 2, Instructions: 169COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: @$MUI
            • API String ID: 0-17815947
            • Opcode ID: fe58a87666f7d0f49e15d3bfe93412df10a64a712559aedc44cbf0d7de2e8249
            • Instruction ID: f8de8f86df775d5018cd26ca86befbc7f8d8503946e7820aa37758b90c3312ba
            • Opcode Fuzzy Hash: fe58a87666f7d0f49e15d3bfe93412df10a64a712559aedc44cbf0d7de2e8249
            • Instruction Fuzzy Hash: 75511871E0021DAEDB11DFA9CC94AEEFBBCEB54B54F100529EA11B7290D7309A05CB60
            Function 017204E5 Relevance: 2.7, Strings: 2, Instructions: 153COMMON
            Download Yara Rule
            Strings
            • kLsE, xrefs: 01720540
            • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 0172063D
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
            • API String ID: 0-2547482624
            • Opcode ID: 6436ab65d4ed9c6f0ddd396acf2115b528fe362207e74a95b852018dc95dfaa4
            • Instruction ID: e28f8e93adf7a3a0787b8c05ee6ac45ee5116a9e94557eb56b6f5c8948f07373
            • Opcode Fuzzy Hash: 6436ab65d4ed9c6f0ddd396acf2115b528fe362207e74a95b852018dc95dfaa4
            • Instruction Fuzzy Hash: 53519C715047528FD734DF69C544AA7FBE4AF84304F20483EFAAA87241E7749546CFA2
            Function 0172A2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
            Download Yara Rule
            Strings
            • RtlpResUltimateFallbackInfo Exit, xrefs: 0172A309
            • RtlpResUltimateFallbackInfo Enter, xrefs: 0172A2FB
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
            • API String ID: 0-2876891731
            • Opcode ID: 7f86f1ca255b65a9fa8c5f8a96d389c9e2a2c75443de88b8eb20294f0901387d
            • Instruction ID: a97f029b315711bd60d75fbc3a913aacd86ffe127a9ecfaecc8e1e0fdcdc8ea5
            • Opcode Fuzzy Hash: 7f86f1ca255b65a9fa8c5f8a96d389c9e2a2c75443de88b8eb20294f0901387d
            • Instruction Fuzzy Hash: 2C41CC31A01669DBDB21DF69C844B6EFBB4FF84700F2440A9E900DB693E2B5D941CB90
            Function 0175A5D0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID: InitializeThunk
            • String ID: Cleanup Group$Threadpool!
            • API String ID: 2994545307-4008356553
            • Opcode ID: 1c30285a0538e7fc8715f07f6d864b96811073b7a29afebc4c834441be576b85
            • Instruction ID: bee52fb0c18b88431526460da0bd155e611e97da8c9603a898ac1adce85c60f2
            • Opcode Fuzzy Hash: 1c30285a0538e7fc8715f07f6d864b96811073b7a29afebc4c834441be576b85
            • Instruction Fuzzy Hash: 2001F4B2640740AFD351DF24CD49F16B7E8EB94715F058A3DAA49C7190E3B4D904CB56
            Function 0172C7C0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: MUI
            • API String ID: 0-1339004836
            • Opcode ID: 1dbb93d224046157780ce912050a169358675ca603c0fac296a0ff84d89b52c1
            • Instruction ID: 334f0514766d71f5b8d0de6f656e11b61c361e683e0fd138e9c2815f41c2e950
            • Opcode Fuzzy Hash: 1dbb93d224046157780ce912050a169358675ca603c0fac296a0ff84d89b52c1
            • Instruction Fuzzy Hash: DC826B75E002288FEB25CFA9C884BEDFBB5FF58310F148169D959AB355D7309982CB50
            Function 017A6420 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID: 0-3916222277
            • Opcode ID: 80afecf5ce689db4cbf6bbfc53c9aa34c1b6e98d144cf924243cc296c8425e95
            • Instruction ID: e6fd89486bf55db7baa08dd12fdcf986ebaafdc7ff06a4cab2d0b80dc0653251
            • Opcode Fuzzy Hash: 80afecf5ce689db4cbf6bbfc53c9aa34c1b6e98d144cf924243cc296c8425e95
            • Instruction Fuzzy Hash: D1919272940219AFEB21DF94CD85FAEFBB8EF58750F540165F600AB195D774AD00CBA0
            Function 017CE10E Relevance: 1.5, Strings: 1, Instructions: 255COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID: 0-3916222277
            • Opcode ID: 5e2dc08243945d72dbb1970f71d5b313dc090f16e32d314ad1eaaa3bdaf691a9
            • Instruction ID: 78d84c9edf698a3cf8cdf2bc16bb59007bba98319b16c986d52c20030ad652e1
            • Opcode Fuzzy Hash: 5e2dc08243945d72dbb1970f71d5b313dc090f16e32d314ad1eaaa3bdaf691a9
            • Instruction Fuzzy Hash: D6917072901649AFDB22ABA5DC48FAFFF7AEF85B50F10002DF501A7251EB74A901CB51
            Function 0175A660 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: GlobalTags
            • API String ID: 0-1106856819
            • Opcode ID: 78921aa5910605e59f2cb985d8be83f28cce63a6220b54431d3bad1ab8056cf8
            • Instruction ID: b58ee1a6311c1ae20e2d66f15cbf8d822e0e9ea5aff8a023d18d1f09d6bc7bb2
            • Opcode Fuzzy Hash: 78921aa5910605e59f2cb985d8be83f28cce63a6220b54431d3bad1ab8056cf8
            • Instruction Fuzzy Hash: E47160B5E0020A9FDF28CF9CE590AADFBB1BF48710F14826EF905AB245E7719945CB50
            Function 017C4978 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: .mui
            • API String ID: 0-1199573805
            • Opcode ID: 1bba803433581530f2d33e745760bf986e85442fe9e5c9bf16f4102a88465cf5
            • Instruction ID: b43c0b8c344bcb9c09fb3db9db4954580171aa29c2d3c979181e33ba472d20bc
            • Opcode Fuzzy Hash: 1bba803433581530f2d33e745760bf986e85442fe9e5c9bf16f4102a88465cf5
            • Instruction Fuzzy Hash: F5519C72D0022ADBDB10DF9DD854AAEFBB4AF08F50F05416EEA12BB254D3349D01CBA4
            Function 0173E627 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: EXT-
            • API String ID: 0-1948896318
            • Opcode ID: 5cdb6adbe25e606278d503117ec4eaa6dd161ab24c07e5bf5fc972d832897e47
            • Instruction ID: efd5843aef838ffb2ec29d22b7bfa9a209583a2626ee88f5456fd93e4cfea7a7
            • Opcode Fuzzy Hash: 5cdb6adbe25e606278d503117ec4eaa6dd161ab24c07e5bf5fc972d832897e47
            • Instruction Fuzzy Hash: C941A0725083169BD722DA75C844BABFBE8AFC8714F04092DFA84E7181EB74D904C797
            Function 0179C730 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: BinaryHash
            • API String ID: 0-2202222882
            • Opcode ID: 85dbadb722f4fd83cbe14d8cc4a1bd6aef55d60694ad72464c86c9e79917d9ca
            • Instruction ID: e7619280901aa4b5581a27708df533cc6afe36f773f073f6e86c43d4470e76ea
            • Opcode Fuzzy Hash: 85dbadb722f4fd83cbe14d8cc4a1bd6aef55d60694ad72464c86c9e79917d9ca
            • Instruction Fuzzy Hash: 3C4162B1D0022DAEDF21DB50DC84FDEF77CAB44714F0045A5AB08AB145DB709E888FA4
            Function 017B6B40 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: #
            • API String ID: 0-1885708031
            • Opcode ID: fac41f26736cfb4a68d0ad763c8fb23dd1e5af034697dfc82880305e9c27bf5c
            • Instruction ID: b3f84210d92c9709e29ef309312cdd939782f527da144a47024e5e49e212d910
            • Opcode Fuzzy Hash: fac41f26736cfb4a68d0ad763c8fb23dd1e5af034697dfc82880305e9c27bf5c
            • Instruction Fuzzy Hash: EB310531A007199BEB22DF69C894BEEFBB8DF45704F144068FA45AB282DB75ED05CB50
            Function 0179CA72 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: BinaryName
            • API String ID: 0-215506332
            • Opcode ID: 06985b685cfadeb34c43cc3e69979a438c63ebdc30d7c27b2aed52256df45fe5
            • Instruction ID: a18ef6f5ee8c1b62f4cd8f612f696ce074dd49b5d16868ffe456a716a9411bc3
            • Opcode Fuzzy Hash: 06985b685cfadeb34c43cc3e69979a438c63ebdc30d7c27b2aed52256df45fe5
            • Instruction Fuzzy Hash: F3310336900515AFEF16DB58D845E7FFB74EB80760F014169A905AB291D7309E08EBE0
            Function 017A892A Relevance: 1.3, Strings: 1, Instructions: 47COMMON
            Download Yara Rule
            Strings
            • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 017A895E
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
            • API String ID: 0-702105204
            • Opcode ID: 07db58fffb1655e15748fc6ca74c1823628dc34df3b7eaa3469d37ff5aba1a13
            • Instruction ID: e12fd571fead50e5b09d6e6fd561b46269c75837e558d974914eaf9a1ed8d91a
            • Opcode Fuzzy Hash: 07db58fffb1655e15748fc6ca74c1823628dc34df3b7eaa3469d37ff5aba1a13
            • Instruction Fuzzy Hash: 64012B732002119BE7216B59CC88E96FF69EFC6755B84022CF78506559CB246882CB93
            Function 017C2000 Relevance: .8, Instructions: 757COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 57cdefb0f4f11a8237b61ac2cb20159d934f0be5ad168fe21db98a18a2b246ed
            • Instruction ID: 97ec14549b2f282836cc629e00522456579741ba0f8ca51d020da1a4436ceb96
            • Opcode Fuzzy Hash: 57cdefb0f4f11a8237b61ac2cb20159d934f0be5ad168fe21db98a18a2b246ed
            • Instruction Fuzzy Hash: D442D2766083419FE725CF68C890A6BFBE5BFC8B40F18092DFA8297252D770D945CB52
            Function 017B8158 Relevance: .6, Instructions: 617COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 8c9557d20437300e072d43b3986131d588f5f358d4dd505fe58ac39c23388ab1
            • Instruction ID: 71a1ead87f07317500e1e874433b712355e7a394e111563f06fc769464fcb846
            • Opcode Fuzzy Hash: 8c9557d20437300e072d43b3986131d588f5f358d4dd505fe58ac39c23388ab1
            • Instruction Fuzzy Hash: F8424D75A102198FEB24CF69C881BEDFBF9BF48304F188199E949EB242D7349985CF51
            Function 01732840 Relevance: .6, Instructions: 605COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 530f8cdc33212ab1e2993d299b8f07f1ec0781b04c91f7597c727d5cd3b7b4c9
            • Instruction ID: b43ae686c2182e96e1084eaf4d94d3af3f027e43e54e6f2f9e4865f07666ea20
            • Opcode Fuzzy Hash: 530f8cdc33212ab1e2993d299b8f07f1ec0781b04c91f7597c727d5cd3b7b4c9
            • Instruction Fuzzy Hash: 6E32F070A40755AFEB25EF69C8487BEFBF2BF84304F24411DE58A9B285D735A842CB50
            Function 017CA118 Relevance: .6, Instructions: 591COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 1e26f049440275490d572b9a03668b25a7259032d540685343598b349f21061b
            • Instruction ID: 4ae8b1277a4f1497b5cc96fab624c2b81cbe4d1919f89a15483374f7d94650db
            • Opcode Fuzzy Hash: 1e26f049440275490d572b9a03668b25a7259032d540685343598b349f21061b
            • Instruction Fuzzy Hash: 0B22AD706046698BEB25CF2DC094772FBF1BF84B02F18849ED9868B286F735D552DB60
            Function 01726A50 Relevance: .5, Instructions: 548COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 1e1badbf8bdad0999ab27d951a97233c0866533ffbe4347e902f488df20b4ef5
            • Instruction ID: 0ddf44e4240fc6dc4a600ebd960d571f9509ee258f4b418eb5470495567e89ea
            • Opcode Fuzzy Hash: 1e1badbf8bdad0999ab27d951a97233c0866533ffbe4347e902f488df20b4ef5
            • Instruction Fuzzy Hash: D0329F71A04215CFDB25DF68C480BAAFBF1FF48310F2485AAE956AB755D734E842CB50
            Function 01744A35 Relevance: .4, Instructions: 423COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
            • Instruction ID: 9721b5e01ae2eb0bafb21969d6708c399d3bf107ccd0a0786175bb3ca6c9a106
            • Opcode Fuzzy Hash: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
            • Instruction Fuzzy Hash: 60F17071E0021A9BDB15DFA9C584BAEFBF5BF48710F088129EA46AB345E734D841DB90
            Function 017B892B Relevance: .4, Instructions: 386COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: ffc500d34c74022769c7bf59303a07c662f8c94dad7b31676c9607c77afed80a
            • Instruction ID: 444b36b14249ee1f9a8dc10e92bbb23e2a0e7e0a27f9d195f6c5bd1b8689ce56
            • Opcode Fuzzy Hash: ffc500d34c74022769c7bf59303a07c662f8c94dad7b31676c9607c77afed80a
            • Instruction Fuzzy Hash: 9AD1E171A0060A8BDF15CF69C881BFEF7F9AF88304F1881AAD955E7241D735EA05CB61
            Function 017265D0 Relevance: .4, Instructions: 383COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: ff05cc1aa86abf4c5069811eb92ba7621a0a9531e3e1850c45421237f08e2816
            • Instruction ID: ccbe04446b6093c0de2c51b1b71074fcea9298715a671d7af77c1df27869e052
            • Opcode Fuzzy Hash: ff05cc1aa86abf4c5069811eb92ba7621a0a9531e3e1850c45421237f08e2816
            • Instruction Fuzzy Hash: 2DE16B71608352CFC715DF28C490A6AFBE0BF89314F15896EF99587352EB31E906CB92
            Function 01718397 Relevance: .4, Instructions: 380COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 1738452c25bf83169ff9dc3706694474d3ba86e9094cf308f0253cea8f2e6f88
            • Instruction ID: 5cc4ea796fa55ace53f6aaf07122a5d34fbdef9a8ac48347a906ba0713462d21
            • Opcode Fuzzy Hash: 1738452c25bf83169ff9dc3706694474d3ba86e9094cf308f0253cea8f2e6f88
            • Instruction Fuzzy Hash: C9D1EF71A002069BDF14DF6CC880ABAF7A5BF54314F14466DEA16DB288EB34E951CB62
            Function 017A8243 Relevance: .3, Instructions: 322COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
            • Instruction ID: d623bdc20124b2e94263ff13738f51357e4db6214912d9809230375a038651a2
            • Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
            • Instruction Fuzzy Hash: 22B1BE75A00605AFEB24DF98C944BABFBB9BFC4305F90462DAA4297394DA30E905CB11
            Function 01730535 Relevance: .3, Instructions: 300COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
            • Instruction ID: c2094183a5523e73012e033723a4f7dfb41a39ebd0bcabb5032f9140a1097150
            • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
            • Instruction Fuzzy Hash: 0BB1E531604646AFDB26DB68C854FBEFBF6AF84300F280199E552D7386DB70E941DB90
            Function 017283C0 Relevance: .3, Instructions: 281COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: cd56ee4c4050a41608baf072da25c3f418e885f64266ba054cf11be1333a8829
            • Instruction ID: da7fb99e1c3d095bbfcd58ab7e874d5a139ff70be9b325233726a6df487ccaa3
            • Opcode Fuzzy Hash: cd56ee4c4050a41608baf072da25c3f418e885f64266ba054cf11be1333a8829
            • Instruction Fuzzy Hash: 36C166702083818FE764DF19C494BABF7E4BF88304F54496DE98987291E775EA09CF92
            Function 0171C427 Relevance: .3, Instructions: 280COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 087e748dd28097af80d0bcca7c190cf246af3f879e78f326df6a74ec66ec27c5
            • Instruction ID: 988fcff5d82b4b5e6ef6969dfcf36f7d438e0c40c30f93ac00d11697c8e41a60
            • Opcode Fuzzy Hash: 087e748dd28097af80d0bcca7c190cf246af3f879e78f326df6a74ec66ec27c5
            • Instruction Fuzzy Hash: A5B17070A402668BEB75CF68C880BADF7B5EF44700F1485E9D50AE7285EB70DD85CB21
            Function 0174E5E7 Relevance: .3, Instructions: 278COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 07c345be85de48878c5e7b566201de9a1ccf5a1946e19aba8b80063f2040e8c7
            • Instruction ID: 188991f072076a5147c2e248b41ecc058eda3bd3857a9c64f25a64bf63d4ab27
            • Opcode Fuzzy Hash: 07c345be85de48878c5e7b566201de9a1ccf5a1946e19aba8b80063f2040e8c7
            • Instruction Fuzzy Hash: A8A10831E406159FEB22EB6CC848FADFBB4FB41724F150165EA41AB291DB789E40CB91
            Function 01760185 Relevance: .3, Instructions: 276COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 5731b741abe93caa5cf0aa13a85c340b19c06b75fbf2c06e3dbd8f9b56b79135
            • Instruction ID: 0a8e8d5f18d13c9ff991e977b7f7fcc39d7ea4e8eb07f3d42be652a36e77dcd4
            • Opcode Fuzzy Hash: 5731b741abe93caa5cf0aa13a85c340b19c06b75fbf2c06e3dbd8f9b56b79135
            • Instruction Fuzzy Hash: 4BA1D071B016169FEB25CF69D994BAAFBB9FF44314F10402DEE0597281EB34E815CB90
            Function 017F4500 Relevance: .3, Instructions: 275COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 954c02d474f10d2ed02cca660ed3cc9af5ec203f0f101cec44a491e4f30fb0c2
            • Instruction ID: 7279c3148844472d2515d42ada9479fe2bf873a2ab00441392b9c8ef8424d6d8
            • Opcode Fuzzy Hash: 954c02d474f10d2ed02cca660ed3cc9af5ec203f0f101cec44a491e4f30fb0c2
            • Instruction Fuzzy Hash: 1BA1BC72A042129FC721DF18C984B6BFBE9FF48714F15096CE6869B756D334E901CB91
            Function 017F2B57 Relevance: .3, Instructions: 266COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
            • Instruction ID: 983883864fa0d9b2c8fc550bc1d2915554e315b70810915df305889f4213b6cc
            • Opcode Fuzzy Hash: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
            • Instruction Fuzzy Hash: 75B11A71E0061ADFDB19CFA9C880AAEFBB5FF48310F148169EA15A7356D730E941CB94
            Function 017A60E0 Relevance: .3, Instructions: 264COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 8bf9d0b7cd024688c99de58f15d88da3fcddf8f87171fc4791659d6e5613a378
            • Instruction ID: b5e7b84019ce338960b60bec5f85cd23cc05fa70a8fbd7ac8b4c1d42ee910d87
            • Opcode Fuzzy Hash: 8bf9d0b7cd024688c99de58f15d88da3fcddf8f87171fc4791659d6e5613a378
            • Instruction Fuzzy Hash: 0E91C271D00216AFDB15CFA8D894BAEFFB5AF88710F594269F610EB341D734E9019BA0
            Function 0173E3F0 Relevance: .3, Instructions: 261COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 05880d1db63d4cac4cbf4aea3e690056b97b7adea2a74b5ac866410241a92fd5
            • Instruction ID: 1f408eb1742e668f50a86b955493343fc85211ab2aa520e0199596286f7d0cb8
            • Opcode Fuzzy Hash: 05880d1db63d4cac4cbf4aea3e690056b97b7adea2a74b5ac866410241a92fd5
            • Instruction Fuzzy Hash: 2E913532A00216DBEB24EB58C884B79FBA1EFD4714F2540A5EA45DB386FA34D941CB51
            Function 01776ACC Relevance: .2, Instructions: 226COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 2865e10e10b60524e6f7beb7f5fbeb003391d1ddc5b25335a7f100b0fa67dcd0
            • Instruction ID: 942f6c03b2b29fd27ac77865360f989e3382d32422042efb37c2430f7e1f1386
            • Opcode Fuzzy Hash: 2865e10e10b60524e6f7beb7f5fbeb003391d1ddc5b25335a7f100b0fa67dcd0
            • Instruction Fuzzy Hash: AE818271A006169BEF24CF69C940ABEFBF9FB48700F14852EE555E7645E334E940CBA4
            Function 017EAB40 Relevance: .2, Instructions: 222COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
            • Instruction ID: 1c79033b699f32c3a3a3e399c38cf9041d190b9034f5749619e294261570adc9
            • Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
            • Instruction Fuzzy Hash: E1819231A0020A9FDF19CF98C898AAEFBF2FF88310F188569D9169B355D774E951CB50
            Function 0175E284 Relevance: .2, Instructions: 212COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 4037a0cc4d87648b691c698f33837fb9cb10dfbb2934fb8da1b66f70c71ed8b9
            • Instruction ID: 6a68e2faaedcf7262ddfd1bedae27d4e0cbbfe2e3c02ba15601097efab4a3c8b
            • Opcode Fuzzy Hash: 4037a0cc4d87648b691c698f33837fb9cb10dfbb2934fb8da1b66f70c71ed8b9
            • Instruction Fuzzy Hash: 83818D71A00609AFDB61CFA9C880AEEFBBAFF48344F10442DE955A7211DB70AD45CB60
            Function 0173C640 Relevance: .2, Instructions: 206COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 0a45107bc3dda72818cef6e3007c8c11b6ee48c7ab3085248cc6ab08955491b7
            • Instruction ID: f90aed4c48121f91f7fdf17c619cb5c1f89a05c277d91e85f1e943f316984e90
            • Opcode Fuzzy Hash: 0a45107bc3dda72818cef6e3007c8c11b6ee48c7ab3085248cc6ab08955491b7
            • Instruction Fuzzy Hash: 5C71DCB5C00229DBCB269F58C8907BEFBB5FF98710F14415AE942AB351E3309940CBA0
            Function 017D47A0 Relevance: .2, Instructions: 202COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: d57c57ad086b436c519be7d57d252c946d2896a96a573c770c3f4164537dab6e
            • Instruction ID: a5f368aa1bfa2b75356dbcb93521d5be487d48a64e97c7090234dfc637494d4c
            • Opcode Fuzzy Hash: d57c57ad086b436c519be7d57d252c946d2896a96a573c770c3f4164537dab6e
            • Instruction Fuzzy Hash: E571BF71900209EFDB20CF99D944A9AFBFCFF91300F25415AE641AB658E7B28B40CF15
            Function 0173260B Relevance: .2, Instructions: 201COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: aee563ace5e70f639cb2f6206e26ad66452c15be15b649ebb26533c465a5d45d
            • Instruction ID: 64ede4a9d43e2c4c8776c463e272a76c20d326c42b2b838322e17cb93ac57d37
            • Opcode Fuzzy Hash: aee563ace5e70f639cb2f6206e26ad66452c15be15b649ebb26533c465a5d45d
            • Instruction Fuzzy Hash: 3471CB716042429FD322DF28C484B2AF7E5FFC8310F0485AAE8998B757DB34D846CB91
            Function 017A035C Relevance: .2, Instructions: 198COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
            • Instruction ID: 6f4bbc57ea997b1863daee93beaf833129e25b322963f7ded4e9d45393651f05
            • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
            • Instruction Fuzzy Hash: E7716D71A00609EFDB10DFA9C988EAEFBB9FF88300F504569E505E7294DB34EA01CB50
            Function 017B62A0 Relevance: .2, Instructions: 198COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 5fd36b5b4cfb346f182f0cba83590ef26ce3fad43fef2cf8747a478ca33de56d
            • Instruction ID: 86fe31cfec967561c788cd64a30b2772b6cd353945bb4fa03daf1c7a7bd32748
            • Opcode Fuzzy Hash: 5fd36b5b4cfb346f182f0cba83590ef26ce3fad43fef2cf8747a478ca33de56d
            • Instruction Fuzzy Hash: AF71E332200B01AFE7329F18C888F96FBA6EF44720F144828F7558B2A1D779E944CB50
            Function 01728AA0 Relevance: .2, Instructions: 197COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: c67eccdd8e8daba4226b04c28e0933677d7227683046c9883cd7bc2cddc61e8b
            • Instruction ID: 8e24ce1bdf70f57ca1710e88f33c1a267ccbef19d2a1b6e68b7812b41f6ed299
            • Opcode Fuzzy Hash: c67eccdd8e8daba4226b04c28e0933677d7227683046c9883cd7bc2cddc61e8b
            • Instruction Fuzzy Hash: 9981AC72A083168FDB24DF98D488BADF7F5BB48311F16416DD900AB386C7759E41CB94
            Function 017F8324 Relevance: .2, Instructions: 192COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 616b770dacc7a4f25bd2d30a203f8702eae16c024f4da2aa25c4ab9019c4ede9
            • Instruction ID: 430ce037311a0263942b2d584f864c4a0fce44390ef386e6b4cf8b54b240a585
            • Opcode Fuzzy Hash: 616b770dacc7a4f25bd2d30a203f8702eae16c024f4da2aa25c4ab9019c4ede9
            • Instruction Fuzzy Hash: D2710871E00209AFDF16DF94C845FEFFBB9EF04350F104169AA24AB294E774AA45CB91
            Function 017DA250 Relevance: .2, Instructions: 184COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: d99ba5b3f8dffae93d65bbc9c83c1bc1ccb726b28a161e63dc642b0c9c5b09c3
            • Instruction ID: 7e7c760fdc4e933b71ab2591a69475b0fa67ec84c26463296f49fa3c24cfd983
            • Opcode Fuzzy Hash: d99ba5b3f8dffae93d65bbc9c83c1bc1ccb726b28a161e63dc642b0c9c5b09c3
            • Instruction Fuzzy Hash: F451AC72504616AFD722DA68C848E5BFBF8FBC5750F000929BA41DB250D774ED048BA2
            Function 017C8350 Relevance: .2, Instructions: 161COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 123cd114ba3f6eb79a9d25d7bdb57df7564c05ebcbb6c161817b5c501c7048c4
            • Instruction ID: 659701a041c4fc8b4ed06b0998c71ce3080bb917d4d7dcc17d3356028542e09d
            • Opcode Fuzzy Hash: 123cd114ba3f6eb79a9d25d7bdb57df7564c05ebcbb6c161817b5c501c7048c4
            • Instruction Fuzzy Hash: 3851CF70900705DFD731CF6AC884AABFBF8BF94B10F10461ED296976A1D7B0A645CB91
            Function 0175E443 Relevance: .2, Instructions: 158COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 6295ad4404ec2931795d474fd11c325c6f62e1397e7379f4b856c76c508a10f5
            • Instruction ID: f1aedb5d03edd368fa0c344efb1790a67cb295b6a1dc0f36f655430255acd864
            • Opcode Fuzzy Hash: 6295ad4404ec2931795d474fd11c325c6f62e1397e7379f4b856c76c508a10f5
            • Instruction Fuzzy Hash: F8518971200A05DFDB62EF69C984EAAF7BDFF54784F400869EA1197261EB34EA44CB50
            Function 017C4180 Relevance: .2, Instructions: 156COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 129d25f6da89bbc579a4f78f1783a2280a7b17eff042c23e3a10d3cd0ad505fc
            • Instruction ID: 5b907bebf3eb046c3dbbf77a3882c47f6d415d32169f9e603bd4f2ed638b6215
            • Opcode Fuzzy Hash: 129d25f6da89bbc579a4f78f1783a2280a7b17eff042c23e3a10d3cd0ad505fc
            • Instruction Fuzzy Hash: 2E5156716083029FD754DF29C891A6BFBE5BFC8B18F44492DF98AD7250EB30D9058B52
            Function 017445B1 Relevance: .2, Instructions: 156COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
            • Instruction ID: 3820a1da5b28e989bf860933814d1ae4e63b0c10e69c4cbe97c6e8f4513065fe
            • Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
            • Instruction Fuzzy Hash: DD519F71E0021AABDF16DF98C444BFEFBB9AF49754F044069EA02AB240D734DE45DBA0
            Function 017AE9E0 Relevance: .2, Instructions: 154COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
            • Instruction ID: ac6d2eeafeefa50533a42e5977d16edea71d1bcf87e6ae1030769156fbc49461
            • Opcode Fuzzy Hash: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
            • Instruction Fuzzy Hash: F9519671D0021AEFEF219B94C898FAEFB79AF80364F554765E91267190DB309E408BA0
            Function 017E8B28 Relevance: .2, Instructions: 152COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: db00a338fde8402787964195fddf6ffcb28add4f1589bcf391a8eb26641e309d
            • Instruction ID: 932794fc67d18cea46b01bfb3ab67f1986645c212215795d717ef76d4cbe5040
            • Opcode Fuzzy Hash: db00a338fde8402787964195fddf6ffcb28add4f1589bcf391a8eb26641e309d
            • Instruction Fuzzy Hash: A34125707016019BDB29DB2DC98CB3BFBDAEF89220F088659E9158B394DB30D811C692
            Function 017ACBF0 Relevance: .1, Instructions: 148COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: a8c650c3f2f4b8e9246ef3331c289eba3ff56bb57fb52e42a10b6843aef1a675
            • Instruction ID: 6896321c3f81ba5daa52d8fad44db2d99849c83a4b2b855e212a948312ba62ca
            • Opcode Fuzzy Hash: a8c650c3f2f4b8e9246ef3331c289eba3ff56bb57fb52e42a10b6843aef1a675
            • Instruction Fuzzy Hash: C9518D72900216EFCB21DFA9C9849AEFBF9FF88214BA04659D545A7309D770AE41CFD0
            Function 0175A430 Relevance: .1, Instructions: 139COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 50167faf002292634da9913cd8c245a8e0f50d54b19e0c672b6098b9f3f105d1
            • Instruction ID: 51f12596245535a2ec74774854576570c018d29e357a1130d97d1eff5b355896
            • Opcode Fuzzy Hash: 50167faf002292634da9913cd8c245a8e0f50d54b19e0c672b6098b9f3f105d1
            • Instruction Fuzzy Hash: 4A412A72E003029BDF65EF69A895FAAF768EB58708F00017CFD169B245D7F19A00CB90
            Function 017EA9D3 Relevance: .1, Instructions: 139COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
            • Instruction ID: 1df99fbdb7486ae86913550185994b8ecf984a3d15bb95d2e9e4e9d995a98567
            • Opcode Fuzzy Hash: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
            • Instruction Fuzzy Hash: 5B412D71A007069FCB25CF28C888A6BF7E9FF88210B05466DE91287645EB30FE14C7D0
            Function 017501F8 Relevance: .1, Instructions: 138COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 5b78377f977a9d48aaab0a78129f8063ffd255bc7ca5554de6b2d58da3af77ed
            • Instruction ID: c960f0d32ce83a57d76ab66f097992065e5fc7b321d3356d3572ce272b1bb86a
            • Opcode Fuzzy Hash: 5b78377f977a9d48aaab0a78129f8063ffd255bc7ca5554de6b2d58da3af77ed
            • Instruction Fuzzy Hash: 54418736A002199BDB54DF98C440AEEFBB4BF48710F14816EFD15AB341E7B59D41CBA4
            Function 0174EBFC Relevance: .1, Instructions: 138COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: cbb8eeecbd7929612060d613afa3c857215c0a1060c887428f26db6a29d53ac1
            • Instruction ID: 1f78ffb8882b396c5f275a042e9b1e65e4e550475a00146905971f843301fdcf
            • Opcode Fuzzy Hash: cbb8eeecbd7929612060d613afa3c857215c0a1060c887428f26db6a29d53ac1
            • Instruction Fuzzy Hash: 6D41E6726043019FD721EF28C884A2BF7E9FF88224F104869E597C7356EB34E8848B54
            Function 01762750 Relevance: .1, Instructions: 137COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
            • Instruction ID: abcccb145c8f5796743e0dcd8e2f62e2b7a559093b7a1861d1974bd0d095fb17
            • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
            • Instruction Fuzzy Hash: 5A517A75A01619CFCB15CF9DC480AAEF7B2FF84710F2881A9D915AB351D730AE86CB90
            Function 01726154 Relevance: .1, Instructions: 133COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 54cdb137fd1da61f7086e91762bc8521a3278dba42ba4f4fec6f4a4474da85eb
            • Instruction ID: 24498ab5f7a40e449c6405bb27eeb39a5611cbe770d2d1e690b0aefcbcb6946d
            • Opcode Fuzzy Hash: 54cdb137fd1da61f7086e91762bc8521a3278dba42ba4f4fec6f4a4474da85eb
            • Instruction Fuzzy Hash: 4C513971944226DBDB25DB28CC04BE8FBB5FF15304F1442E6E929972C6E7749982CF80
            Function 01720BCD Relevance: .1, Instructions: 130COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 32f64544cd46a171d8acdc4e77b81aec54228b480b2cc025bfe09739cfae362f
            • Instruction ID: 24d9aa149488f5b624fd5112c73292f7b70db8f8e7f44c41e76e59a669a18b95
            • Opcode Fuzzy Hash: 32f64544cd46a171d8acdc4e77b81aec54228b480b2cc025bfe09739cfae362f
            • Instruction Fuzzy Hash: 9C418175A002299BDF21DF68C944BEAF7B8AF49740F0100E5E909AB241DB749E81CFA1
            Function 017E866E Relevance: .1, Instructions: 129COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
            • Instruction ID: 6ba6deed1fc95d9e7b1a7d9c945859dcb169b4e877bb1a09aa972936fcbf7790
            • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
            • Instruction Fuzzy Hash: F2418675B10105ABDB15DF99CC88AAFFBFAAF8C714F1440A9E904A7346DA70DD01CB61
            Function 01720887 Relevance: .1, Instructions: 128COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 98eacc5a5fabc49f0b0815114b63629f388536ad016d9390bed1615b6cc58f4a
            • Instruction ID: 12f32f77ba5321fa813aec699e4f2fc029480b845d09f4eeaa6f7a864ba981f0
            • Opcode Fuzzy Hash: 98eacc5a5fabc49f0b0815114b63629f388536ad016d9390bed1615b6cc58f4a
            • Instruction Fuzzy Hash: A241A0B17007129FE725CF28C484A26F7F9FF89314B144AADE58787A51E770E946CBA0
            Function 0174A470 Relevance: .1, Instructions: 127COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: df6c5acf11cd2525add458959051b8a96b5d4665354056d180e125e05b1e063e
            • Instruction ID: 01a0ace3f7445ca3f454698293121537f74e818cf663fa41b926098a4c35e7ec
            • Opcode Fuzzy Hash: df6c5acf11cd2525add458959051b8a96b5d4665354056d180e125e05b1e063e
            • Instruction Fuzzy Hash: 35419F32A80205CFDB25DF6CD5947ADFBB4BB58310F1801A5D412BB395DB349A40CFA0
            Function 01728BF0 Relevance: .1, Instructions: 124COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: fadce2db8da96b72a1831cca5265afeb9fc2ecf3f2adbce792fef97249d9e25d
            • Instruction ID: 09f7721ac188b0c2895f0bf451b2ae26ec2ee41622b0d5fcef6157cf7b36b015
            • Opcode Fuzzy Hash: fadce2db8da96b72a1831cca5265afeb9fc2ecf3f2adbce792fef97249d9e25d
            • Instruction Fuzzy Hash: A9411372A00212CBD724DF58C884B5AFBFAFB98714F14816AD9019B75AC736D982CF91
            Function 01718918 Relevance: .1, Instructions: 123COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: e514aeb960d9bcc1247c6df8311646aee985129f3edc7297606348d26f56a410
            • Instruction ID: a3d112b63e0ded1ef17c9e71502c8d8ce452635b191eb39bcdc2af2071a8d935
            • Opcode Fuzzy Hash: e514aeb960d9bcc1247c6df8311646aee985129f3edc7297606348d26f56a410
            • Instruction Fuzzy Hash: CB4138315087469FD712DF69C840A6BF7E9AF88B54F40092AFA94D7254E730DE058BA3
            Function 0171A020 Relevance: .1, Instructions: 122COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
            • Instruction ID: 60a739f0a42213b14bbead091980dfd687dc9cfbe2af467f07a8773776fb791c
            • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
            • Instruction Fuzzy Hash: 22415B31A01255DFDF21DE6D8484BBAFB71EB90B54F5580AAE9459B24CE733CD80CB90
            Function 017209AD Relevance: .1, Instructions: 122COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: f4fabcd124cc8001654996c2f1dffb84f12d15f84e65d09cbfb8beeb5c9d2253
            • Instruction ID: 6209a7757f6eff8a0996b756ff712051c813ab4b75ac3190360e8c809b5bcede
            • Opcode Fuzzy Hash: f4fabcd124cc8001654996c2f1dffb84f12d15f84e65d09cbfb8beeb5c9d2253
            • Instruction Fuzzy Hash: 80417771600611EFD721CF18C840B26FBF4FF58314F608A6AE4898B252E770EA42CBA0
            Function 01750710 Relevance: .1, Instructions: 121COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
            • Instruction ID: 68a8a46b426686f3b45b236e540829c88492d97e0d48a9b13c2120537778b717
            • Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
            • Instruction Fuzzy Hash: F5411871A00605EFDB64CF98C980AAAFBF8FF18700B10496DE956D7651E370EA44CF90
            Function 0172262C Relevance: .1, Instructions: 119COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 9bb5c6dc7a7272a65e106014afa6f6ede86fc6ea270d8e76721bfb70b79bf2e4
            • Instruction ID: 3a7955f94aad24237177f09aaa074ace72e931b5b545847a279126bf355a414f
            • Opcode Fuzzy Hash: 9bb5c6dc7a7272a65e106014afa6f6ede86fc6ea270d8e76721bfb70b79bf2e4
            • Instruction Fuzzy Hash: 8D41E072505715CFCB22EF28C904B59F7B5FF48310F2086A9C9169B6A6EB70DA42CF41
            Function 0175C8F9 Relevance: .1, Instructions: 116COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 78fd839794c79a1645fb70239ea33d27ccce68084355f48d4be083b21ded7c3a
            • Instruction ID: 5a5202fb9e33d4535b81aaadb38743fc1005edb6faa3f5a6a4e30dc12a49bd66
            • Opcode Fuzzy Hash: 78fd839794c79a1645fb70239ea33d27ccce68084355f48d4be083b21ded7c3a
            • Instruction Fuzzy Hash: BF3168B2A00349DFDB52CF68D440B99FBF4EF09714F2085AED519EB251D3729902CB90
            Function 017A07C3 Relevance: .1, Instructions: 114COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: de6fba360d6f186d220d2cb39200c8c4455683ba927b67f756373ac82467568f
            • Instruction ID: 5edf7d7f8bba7aed7d810734bc6438a1030896d64345f2571034dbb69abdfde3
            • Opcode Fuzzy Hash: de6fba360d6f186d220d2cb39200c8c4455683ba927b67f756373ac82467568f
            • Instruction Fuzzy Hash: E9417BB29083019BD760DF29C845B9BFBE8FF88614F404A2EF998C7295D7709944CB92
            Function 017180A0 Relevance: .1, Instructions: 111COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 159fcb8eaaccda8b17f82fcca780e38e749160b9ebf2b08e290f3f9e82f872fc
            • Instruction ID: dd1a78a9d32def2b7618f51c151f6cf163333f4d46a186f8451a0519d676b46a
            • Opcode Fuzzy Hash: 159fcb8eaaccda8b17f82fcca780e38e749160b9ebf2b08e290f3f9e82f872fc
            • Instruction Fuzzy Hash: 3C41EF72E05616AFCB01DF1CC880AA8F7B1BF54760F24822DD815A7288DB34ED419B91
            Function 017A05A7 Relevance: .1, Instructions: 111COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: b2ce07a24675eabd378fe2d2477649861cdd9198ca987dac96d9da64c88e6d66
            • Instruction ID: fe5c928bb62479fd26248d4c7ff6e57859b416532cee9f1969bd7f15b98d376b
            • Opcode Fuzzy Hash: b2ce07a24675eabd378fe2d2477649861cdd9198ca987dac96d9da64c88e6d66
            • Instruction Fuzzy Hash: BE41CF726086469FC320DF68C840A6AF7E9FFC8700F540A29F995DB680E730E914C7A6
            Function 01724859 Relevance: .1, Instructions: 111COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: d251029b2a957951c1ead72ceae6c133cb77eb58b3afbc3c4123246bf49712a6
            • Instruction ID: f52336bd9d106fbfaebfa0eee8b88e205d4c0e1c213156404207e5eb38dcf6c4
            • Opcode Fuzzy Hash: d251029b2a957951c1ead72ceae6c133cb77eb58b3afbc3c4123246bf49712a6
            • Instruction Fuzzy Hash: 3C41C2317043128FD725DF28D898B2AFBE9EF80354F14486DE6968B296DB70D942CB51
            Function 01718B50 Relevance: .1, Instructions: 111COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 5952534c1044ca305af2c62c5d1d348630295f900880f7b1a1a520b1351fba57
            • Instruction ID: 74d56359c663def14efd9a7820100fb802843adfc9ecb33718eab767573fd13a
            • Opcode Fuzzy Hash: 5952534c1044ca305af2c62c5d1d348630295f900880f7b1a1a520b1351fba57
            • Instruction Fuzzy Hash: DD417F71A01615CFCB15DF6DC98099DFBF1FF88320F2486AAD466A7394D734A941CB41
            Function 017302E1 Relevance: .1, Instructions: 106COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
            • Instruction ID: 0980f9cbfed231041c8fc483c8dacbf91242dd045d75ec78a12cb6d141c398c8
            • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
            • Instruction Fuzzy Hash: D7311631A04245AFDB129B68CC88B9BFFE9AF54750F0441A9F855D7357C6B4D884CBA0
            Function 017CE3DB Relevance: .1, Instructions: 105COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: a639f04fea530c3a48e4dbb6bd8917e941dba89277ca6f195f4bb4fd9dcab866
            • Instruction ID: 907b186eb537f79e1157e2cbf9ce13f9f86bbe49f2ad858f2431ec20ac039238
            • Opcode Fuzzy Hash: a639f04fea530c3a48e4dbb6bd8917e941dba89277ca6f195f4bb4fd9dcab866
            • Instruction Fuzzy Hash: 3331A835750716ABD7229F958C45F6BFAB8AB58F50F10002CFA00AB295DEA4DD00D7A0
            Function 017D4B4B Relevance: .1, Instructions: 104COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 19dc8f11930a93fe598c4351b602f564002c74acc6c3dc561b5829144a261f17
            • Instruction ID: 75e105c7a28c86756e0d82164d5e253ca65d8153b26aeba9c3bca292ec05817b
            • Opcode Fuzzy Hash: 19dc8f11930a93fe598c4351b602f564002c74acc6c3dc561b5829144a261f17
            • Instruction Fuzzy Hash: 0631CF322052058FC721DF19D880E26F7F9FB81360F1A446EE99A8BA56E771A900CF91
            Function 01724260 Relevance: .1, Instructions: 102COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 91552821bde27c8343093d67563398e238bc6dea7a8c064fac38649fdebe6a46
            • Instruction ID: 32da78d75cb7d830309f8bbfc99d78f016a78d3a73deffce04768626a7132da8
            • Opcode Fuzzy Hash: 91552821bde27c8343093d67563398e238bc6dea7a8c064fac38649fdebe6a46
            • Instruction Fuzzy Hash: BF41CE31244B45DFC722DF28C894FD6BBE9BF49350F01482DE69A8B251CBB4E804CB90
            Function 017D4BB0 Relevance: .1, Instructions: 101COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: a3bba7a1c7abcb6f8d97b04bdc7fb19f57f32d377549c84bc6d190693a226bf0
            • Instruction ID: 45aa1c007fcf1698cdfdce20e78ab1ca10b2bef2d216ff8817fc08e382296f56
            • Opcode Fuzzy Hash: a3bba7a1c7abcb6f8d97b04bdc7fb19f57f32d377549c84bc6d190693a226bf0
            • Instruction Fuzzy Hash: EB318D726052059FD720DF28C880A2AF7F5FB84720F19456DF99A9BA95E730ED04CB91
            Function 0179EB1D Relevance: .1, Instructions: 100COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 9b3711b45835b1a6b70e370d9247644be3770050b570dd646b2ac0a9a9f1cd53
            • Instruction ID: 56fa0e562fa211ada3ab8a4b282fe837410f2266be2907335fcece68d5942bf5
            • Opcode Fuzzy Hash: 9b3711b45835b1a6b70e370d9247644be3770050b570dd646b2ac0a9a9f1cd53
            • Instruction Fuzzy Hash: EC31C4322016C69BFB32D75CE94CF25FBD8BB41744F1D04A0AB859B6D2DF28D884C220
            Function 017E61C3 Relevance: .1, Instructions: 97COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: c9e0fb2b50715f5d0cfb2bee399eb63449f79dc282214fc924e2fb08100fd3c0
            • Instruction ID: 60f260a3644276c6f4c06d1c36c225a35d1f62a353922b954679ee81d26be08d
            • Opcode Fuzzy Hash: c9e0fb2b50715f5d0cfb2bee399eb63449f79dc282214fc924e2fb08100fd3c0
            • Instruction Fuzzy Hash: 9231B275A00116ABDB15DF98C844BAEF7F9FB48B40F454168F901EB285D770ED00CBA4
            Function 017C483A Relevance: .1, Instructions: 96COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 25b6b45d2815519abd112e7da07368238e7b2a66922ee8c3cc111e7ea99bbb88
            • Instruction ID: b03ba8318650239ae21fd2a64e2180eabecaef95fd12c42b434cea79ff5de612
            • Opcode Fuzzy Hash: 25b6b45d2815519abd112e7da07368238e7b2a66922ee8c3cc111e7ea99bbb88
            • Instruction Fuzzy Hash: D0316576A4012DABCF21DF54DC98BDEBBF9AB98710F1100A9E509A7254CB30DE91CF90
            Function 0174EB20 Relevance: .1, Instructions: 96COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 84919fafeb07ed7ef11343e1b3ca1f29ba7a9f64e0c82b4841a7409436ed718d
            • Instruction ID: 7d589a5fde023227e043f8fde81d6e2f5287e361d8194fcf39fe4019754ea3b0
            • Opcode Fuzzy Hash: 84919fafeb07ed7ef11343e1b3ca1f29ba7a9f64e0c82b4841a7409436ed718d
            • Instruction Fuzzy Hash: 8331A172E00215AFDB21DEA9CC44EAEFBB8FF48760F114465E956E7250D7749E40CBA0
            Function 017E60B8 Relevance: .1, Instructions: 95COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 53f007b124ab3f0a43bb48d8fcf9e13915714de95dac1976bad4701eb08c5073
            • Instruction ID: d1fbea7c1e33074ce4764c29dd274c088741617e112248a3338ca941e69b18c5
            • Opcode Fuzzy Hash: 53f007b124ab3f0a43bb48d8fcf9e13915714de95dac1976bad4701eb08c5073
            • Instruction Fuzzy Hash: CD31B672640616EBD7139F99C854B6AF7F9AF98754F10406DF505DB346DA30DD008B90
            Function 017207AF Relevance: .1, Instructions: 95COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 066d2c9b1aa980105a4da5e21f248c6c3b01f4620e310aa5c7fabd55f5837458
            • Instruction ID: ef1c08698cf0101622e992ea0b0a818bb9aa1afe90cbca4a6029d19cd13f89a7
            • Opcode Fuzzy Hash: 066d2c9b1aa980105a4da5e21f248c6c3b01f4620e310aa5c7fabd55f5837458
            • Instruction Fuzzy Hash: 93310372A44222DBCB22DE288884E6BFBA5AFD4660F024568FD5597314DA70DC0287F1
            Function 01728550 Relevance: .1, Instructions: 94COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 46cf807e2739a3bf21a02cc9ab488ce8241d2b3360289cf7785506eff9a082d5
            • Instruction ID: 6db04f034b6ee09bec84c44e3a09e5924878b125aa15742ef6b56477396fe24b
            • Opcode Fuzzy Hash: 46cf807e2739a3bf21a02cc9ab488ce8241d2b3360289cf7785506eff9a082d5
            • Instruction Fuzzy Hash: FF31AC726093118FE721DF1AC840B2BFBE5FB88700F14496DE9849B355D771E845CB92
            Function 0175A6C7 Relevance: .1, Instructions: 92COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
            • Instruction ID: 68b3c61afce50eff328cae812746c78f1e28cbda940bf81cd5931ed9d0a361aa
            • Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
            • Instruction Fuzzy Hash: 4C312DB2B00B01AFD761CF69DD41B57FBF8BB08650F040A7DA99AC7651E670E900CB60
            Function 017CEBD0 Relevance: .1, Instructions: 91COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 350e3a13b6e88cc13734f81935164c2c3402d1926b00df3fa0d9aad41a049b0a
            • Instruction ID: 06229bfaf2653fadf8b4b2b9488bf5393f970a76b0f958299f2cbd1a617d8b6a
            • Opcode Fuzzy Hash: 350e3a13b6e88cc13734f81935164c2c3402d1926b00df3fa0d9aad41a049b0a
            • Instruction Fuzzy Hash: D23167725093418FC721DF19C54085AFFF5FB89B18F4449AEE4889B256E7319A44CB92
            Function 0174438F Relevance: .1, Instructions: 89COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: a522b50819db911ebcbb7e653dff70e02bdedf97d359c4a95df7a242daa7f077
            • Instruction ID: 6eb424de767615b3d95cb3d15562dd7a7ffeb9b9bcf1b03c45d465d7ae9dc1fb
            • Opcode Fuzzy Hash: a522b50819db911ebcbb7e653dff70e02bdedf97d359c4a95df7a242daa7f077
            • Instruction Fuzzy Hash: 9A31F172B002069FD720EFA8C884B6EFBF9BB84304F108429D546D7255E730E941DB90
            Function 0171CB7E Relevance: .1, Instructions: 89COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
            • Instruction ID: 9fc713000d237ad77582019f138b92eef349f12091451abd9a72d0657275c6d6
            • Opcode Fuzzy Hash: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
            • Instruction Fuzzy Hash: 3D21E636E4125AAAEB11DFB98841BAFFBB5AF55740F0980759E55E7340E270DD0087A0
            Function 0171C156 Relevance: .1, Instructions: 88COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 574d7e02ee3704313011193098a7d8f938f75c4a68806287b6872d9f41e3fd5d
            • Instruction ID: 3d07a7eab4fb8e123adf6724bda92c1164e4451c3995337f6c5827e992262876
            • Opcode Fuzzy Hash: 574d7e02ee3704313011193098a7d8f938f75c4a68806287b6872d9f41e3fd5d
            • Instruction Fuzzy Hash: 3E3170B25002018BDB31AF58CC45BB9F7B4EF90314F5485A9DD859B387EA74D982CB90
            Function 017DC3CD Relevance: .1, Instructions: 88COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
            • Instruction ID: 7c242695e9fe795aa9cd5da2a20fc86b188c0be7a1d9bb69ff73c83bb5860df5
            • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
            • Instruction Fuzzy Hash: B6213D3660075AB6CF26ABD5CC04ABBFFB5EF40710F40841EFAA58B695E634D940C760
            Function 0171E420 Relevance: .1, Instructions: 88COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: c3735c42fde5a05b95d41afad926caf633bba06f8767041e38d3f59d19b61ffb
            • Instruction ID: 1f0077a8dab79c4c86c506cc9d72a402cc886aa94e91ec60f7844f503c45216b
            • Opcode Fuzzy Hash: c3735c42fde5a05b95d41afad926caf633bba06f8767041e38d3f59d19b61ffb
            • Instruction Fuzzy Hash: 8831B432A4152C9BDB36DB1CCC41FEEF7B9AB15750F0101A1FE55A7294DA749E808FA0
            Function 01754588 Relevance: .1, Instructions: 87COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
            • Instruction ID: 707f7c85980da5443550a48a33f3377e7631c89d0e59e8bbc237790cf3f0cfa3
            • Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
            • Instruction Fuzzy Hash: AB219135A00609EFCB51CF58C984A8EFBF5FF48314F508065EE169F241E6B1EE458BA0
            Function 017544B0 Relevance: .1, Instructions: 87COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 9cb7753509b6af0d93178ca54b60dac28f1e22c34c5c55ab6cc9ac20d769016c
            • Instruction ID: c7bd3500c2d894b09af4a72431e6cd2e81b65d8c34c2d0db408df57d54b20f9f
            • Opcode Fuzzy Hash: 9cb7753509b6af0d93178ca54b60dac28f1e22c34c5c55ab6cc9ac20d769016c
            • Instruction Fuzzy Hash: 5721C1726047459BCB22CF18C880B6BF7E4FF88764F104529FD569B645E770EA418BA2
            Function 0171E388 Relevance: .1, Instructions: 86COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
            • Instruction ID: d65b96d2c52a31645b5f877626b2e396c898f1bcbf3f556f19544533c26b2cec
            • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
            • Instruction Fuzzy Hash: 64318D31600604AFD721CB68C884F6AB7B9EF85354F1445A9E952CB285EB30EE41CB50
            Function 0179E609 Relevance: .1, Instructions: 86COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: c5aaa1b0b00cfd0010d0e0df219af4c8342c04eba3a3a8fc4c49c192d8b55d20
            • Instruction ID: ff23f0a414599bd98804f85043c906c05edeb06d164cb9daf41ea2e1dd40f6da
            • Opcode Fuzzy Hash: c5aaa1b0b00cfd0010d0e0df219af4c8342c04eba3a3a8fc4c49c192d8b55d20
            • Instruction Fuzzy Hash: 3D31AE76A00205DFCF14CF1CD8849AEB7B9FF84304B158559E8499B391EB71EA54CBD0
            Function 017A06F1 Relevance: .1, Instructions: 79COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 3438b9b8b932a2d4e867251abcd09ea8c9d381383b27db75050b1515fc7a9c7a
            • Instruction ID: 42da2182a094111df5432592c374bbaf51719258d6eba2d2209823125a9eae5b
            • Opcode Fuzzy Hash: 3438b9b8b932a2d4e867251abcd09ea8c9d381383b27db75050b1515fc7a9c7a
            • Instruction Fuzzy Hash: B0217C759002299BCF259F59C881ABEFBF8FF88740B900169F941AB244D738AD41CBA1
            Function 017A019F Relevance: .1, Instructions: 78COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 9ae9787faef851f24112cf9711a7fe550ad1310cb0c82dfa943589afb868405a
            • Instruction ID: e7cba84b3b0403f82d2d836029fe03014a55042b56bba109cc018f9cf62cbef6
            • Opcode Fuzzy Hash: 9ae9787faef851f24112cf9711a7fe550ad1310cb0c82dfa943589afb868405a
            • Instruction Fuzzy Hash: 1D21AC71600645AFD725DB6CD848F6AF7B8FF88740F140569F904DB6A1D638ED40CBA8
            Function 017A0283 Relevance: .1, Instructions: 74COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: aa936fba41e8cdf83f2ed323592e0ddfc1cc44a104cf6d584f84f0f312a0885f
            • Instruction ID: ad1df3597ec0f5fa75f2ec48ff47e7fab01c101135d14740ce8e32cff5098f46
            • Opcode Fuzzy Hash: aa936fba41e8cdf83f2ed323592e0ddfc1cc44a104cf6d584f84f0f312a0885f
            • Instruction Fuzzy Hash: 8321F2729043469FD721EF59D848F6BFBDCAFD0240F084A9ABD90C7291D734D904C6A2
            Function 01742835 Relevance: .1, Instructions: 73COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 7124bdffd44c73897effc4700602be21e16f63e3489f55cff94db8bd0ec00e85
            • Instruction ID: 03ad800860038be7be221b7b988620293635427d0263382307e5fccb22b6c058
            • Opcode Fuzzy Hash: 7124bdffd44c73897effc4700602be21e16f63e3489f55cff94db8bd0ec00e85
            • Instruction Fuzzy Hash: A921DA316856859BF322676C9C48F18FBD8AF81774F2903A1F920DB6D7D76CC891C250
            Function 0175A30B Relevance: .1, Instructions: 70COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 6e93c07b511b6470113cb145f3e6c06b4b043cbfbb134342f64f3374bf0ba3d8
            • Instruction ID: f97b6e12607afd1bbee277a73f857ce05496913cc19faae65e9c9c92dc63f27e
            • Opcode Fuzzy Hash: 6e93c07b511b6470113cb145f3e6c06b4b043cbfbb134342f64f3374bf0ba3d8
            • Instruction Fuzzy Hash: EC21A975200B019FCB25DF29C800B46B7F5BF48B08F2485A8A949CBB66E775E942CF94
            Function 017DA49A Relevance: .1, Instructions: 70COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 5a02f59246f88f140b68387f964ece6de84958f72bfc2ec7fa3b3c9e3c76f4d3
            • Instruction ID: 58af5f54e6fce52879784a7b32ed1d3280cd3586a9581265e8c92f1c9abdd7ec
            • Opcode Fuzzy Hash: 5a02f59246f88f140b68387f964ece6de84958f72bfc2ec7fa3b3c9e3c76f4d3
            • Instruction Fuzzy Hash: D1112C72380A157FD72256599C05F27F6ADEBD4B60F610028F709CB284DB70DC0187A5
            Function 017A0946 Relevance: .1, Instructions: 70COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 68bec799ef593b80977a394e2def094aff1fe13cd400abf27896e9e42ea5b00f
            • Instruction ID: b2f5d72fca9b19c804d1f9375ae07f48ca1d0b94279175ef2f17d32f0ec1911b
            • Opcode Fuzzy Hash: 68bec799ef593b80977a394e2def094aff1fe13cd400abf27896e9e42ea5b00f
            • Instruction Fuzzy Hash: AB21E7B2E00219ABDB24DFAAD8849AEFBF8FF98710F10012EE505A7254D6749945CF54
            Function 017B80A8 Relevance: .1, Instructions: 69COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
            • Instruction ID: 0c80f8f86c82d5237754f18de824ce48ba888f8d5d20d04a44b43c6bebfd7bb4
            • Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
            • Instruction Fuzzy Hash: 02216D72A00209AFDB129F98CC84BEEFBB9EF88310F244859F910A7251D734D9509B50
            Function 01750124 Relevance: .1, Instructions: 68COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
            • Instruction ID: b855022f780461d056029b86ec08d06f16f66064098b3152626368f4594f5e7f
            • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
            • Instruction Fuzzy Hash: BF11EF72600605AFE7229B48CC44FAEFBB8EB80754F100029FE018B180E6B1ED44CB61
            Function 01728770 Relevance: .1, Instructions: 68COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: e146c9cb89d481697ca4709502c0c7d1e19682f93af973c33bfac4a727e90723
            • Instruction ID: 3562a76ed7633cd201aff1f50a4831b338252cbdd746eab87c8937cbc57c3740
            • Opcode Fuzzy Hash: e146c9cb89d481697ca4709502c0c7d1e19682f93af973c33bfac4a727e90723
            • Instruction Fuzzy Hash: 8B1190327016659B9B11CF8DC4C0A66FBE9AF5A710B18406AEE089F305D6B2D9028791
            Function 0175AAEE Relevance: .1, Instructions: 68COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
            • Instruction ID: 081bdf5eb371b704dd6d319cccd26cce6ea4376b237a0b40e681158d2ca00bfb
            • Opcode Fuzzy Hash: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
            • Instruction Fuzzy Hash: 1B218B72640641DFDB758F4DC544A66FBE6EB98B10F148A7DE94A8BA10E7B0EC01CB80
            Function 0040A9E3 Relevance: .1, Instructions: 66COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500085807.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_400000_SecuriteInfo.jbxd
            Yara matches
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: e808c0b2724c82c78797f4c7a32c6f73242c266a538061b677c52324377b57e8
            • Instruction ID: c79646c41a7b9a2f75cf4af04a38e79a3505e8bf750d236a472815ac6483e6e5
            • Opcode Fuzzy Hash: e808c0b2724c82c78797f4c7a32c6f73242c266a538061b677c52324377b57e8
            • Instruction Fuzzy Hash: 97115C719482499FDB01CFA8C5416EEBFB0FB8A214F0841A6D889E72C2E6359522CBC1
            Function 017280E9 Relevance: .1, Instructions: 66COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 19c2e6626f1a42cf1b4668912bdfcf0dad97142a5c921ef35751786031a9ce07
            • Instruction ID: 5a3446bac1f8d263224e5638e3838d8d15ffc746ecf829a137b9746eee0b7d56
            • Opcode Fuzzy Hash: 19c2e6626f1a42cf1b4668912bdfcf0dad97142a5c921ef35751786031a9ce07
            • Instruction Fuzzy Hash: 2F217C31A00205DFCB14CF58C580A6AFBF6FB88314F34416DD105AB391D772AE06CB91
            Function 0175674D Relevance: .1, Instructions: 65COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 5ad8cd859efb58498d0547162d63cf683dab516b56027109e5fc7df78ef6317d
            • Instruction ID: 353315aa9678f3217e453cb508bb30a29ba4587d8e61876a8226647ce66ef38a
            • Opcode Fuzzy Hash: 5ad8cd859efb58498d0547162d63cf683dab516b56027109e5fc7df78ef6317d
            • Instruction Fuzzy Hash: F0218E71500A00EFD7608F68C840B66F7F8FF84350F44882DE99AC7651DAB0F940CB60
            Function 017B6870 Relevance: .1, Instructions: 63COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: bcae52c933b0f95a12a565a1fead48b9bd72ec90e47240e7387e556d70552cf4
            • Instruction ID: 46059bce567909894f35db24f9b54085310cb0f680a70a51e4fa35523ed79bd7
            • Opcode Fuzzy Hash: bcae52c933b0f95a12a565a1fead48b9bd72ec90e47240e7387e556d70552cf4
            • Instruction Fuzzy Hash: 45119132280514EBD722DB59C984FDAF7A8EB99A50F114069F315DB251DB70E901C7A0
            Function 0174E8C0 Relevance: .1, Instructions: 63COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: dca1c3b37e711551eef9493e551710bfb97c0e541d50567e8937fd8054306891
            • Instruction ID: 0d3a87eb956f17bb3e858172471d9ae9a0bdcf307b1fdc28692cf7c8d2b00504
            • Opcode Fuzzy Hash: dca1c3b37e711551eef9493e551710bfb97c0e541d50567e8937fd8054306891
            • Instruction Fuzzy Hash: E7112B373001149FCB19DB29CC85A6BF25AEFD5374B354929DA22CB295EE709D42C391
            Function 017566B0 Relevance: .1, Instructions: 61COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 9242986fffc594e777bfd7ae92f23bbeed6aa497e3bd733eda7ab895b8d17450
            • Instruction ID: a42362c878e0d534f7d7b03bb57344259df00f54af63741ac1180d4e228e6bfe
            • Opcode Fuzzy Hash: 9242986fffc594e777bfd7ae92f23bbeed6aa497e3bd733eda7ab895b8d17450
            • Instruction Fuzzy Hash: 0F112076A01205DFCB65CF59C880A0AFBF8EF84210B5184B9ED059B315F7B0DE00CBA0
            Function 017EA8E4 Relevance: .1, Instructions: 61COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
            • Instruction ID: d66fa6402fcfbb079c3bb48ef2cad1c19fa3b6a467cbe70907c7c334ed3ed5c2
            • Opcode Fuzzy Hash: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
            • Instruction Fuzzy Hash: 83110436A00909AFDB19CB58C809B9DFBF5EF88210F058269E84597344E671AE51CBC0
            Function 01720AD0 Relevance: .1, Instructions: 61COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
            • Instruction ID: 5d618c3ae63ea1691159041bf3784480e0b189626bad9b0cd45f60c340d86b33
            • Opcode Fuzzy Hash: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
            • Instruction Fuzzy Hash: 4321C4B5A40B459FD3A0CF29D541B56BBF4FB48B10F10492EE98AC7B50E371E854CBA4
            Function 017AE7E1 Relevance: .1, Instructions: 59COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
            • Instruction ID: 0984c7eefd14c5747cb2eea49c2ace7df11ce12170d4c16ba845969cd218c2c0
            • Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
            • Instruction Fuzzy Hash: 2711CE32680601EFEB219F48CC44B5AFBE5EFC5754F459628EA09AB260DF31DD40DBA0
            Function 017427ED Relevance: .1, Instructions: 58COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 15880595634f5e21d9041a7e6b83aa15eccb7c25978ad6de499f18ba1c8e480b
            • Instruction ID: a441e7a873a2b046634c68d07276af68cff49b27b5ecf7a50c5ecf5452876e87
            • Opcode Fuzzy Hash: 15880595634f5e21d9041a7e6b83aa15eccb7c25978ad6de499f18ba1c8e480b
            • Instruction Fuzzy Hash: 0301D631785685ABF326A66DE88CF2BFB9CEF80394F0500B5F900CB256DA64DC40C271
            Function 01724690 Relevance: .1, Instructions: 57COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: a98da6294029bf71d12aa80a990529478767b6d6f3f09b1f90ab7b6ae5fcb92c
            • Instruction ID: 0aee1b26c4296cc96f2c9409d419979c41e5be0e9d75545e8d298cf96b1ba314
            • Opcode Fuzzy Hash: a98da6294029bf71d12aa80a990529478767b6d6f3f09b1f90ab7b6ae5fcb92c
            • Instruction Fuzzy Hash: 9C11E536340665EFDB25CF59D844F56BBA8EB86764F004519FA2A8B350C770E801CF60
            Function 017F4B00 Relevance: .1, Instructions: 57COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: fd3bdf08a7fd89fc17449e53fa22c6d6da34c4b3aa23d726e0e5d13b338143bd
            • Instruction ID: c6966505a60b85342f623a6e756bd2eff4ea7d8b4453de0c2c2c9aaba945d316
            • Opcode Fuzzy Hash: fd3bdf08a7fd89fc17449e53fa22c6d6da34c4b3aa23d726e0e5d13b338143bd
            • Instruction Fuzzy Hash: 9F110232200A099FD7229A2DD844F27F7A6FFC4310F18442EEB83C7395DA30A802CB90
            Function 01756620 Relevance: .1, Instructions: 56COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 258fb23290f45ca2f1569e1fd1ddaddcdfe1740afba67602ab7c31585e73935a
            • Instruction ID: 27e72f2ebaeac4caccc9b1dcc333c7b34a4ce31e90dd64de5046e75329c50386
            • Opcode Fuzzy Hash: 258fb23290f45ca2f1569e1fd1ddaddcdfe1740afba67602ab7c31585e73935a
            • Instruction Fuzzy Hash: 7111CE72A00615ABDB21DF59C980B5EFBB8EF88740F900458EE00A7205DBB4EE018BA0
            Function 0174EA2E Relevance: .1, Instructions: 56COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: b3da6d19ddbdbf251acd582c730b48642b09cb221ae0e5bf93e42219d90b78ea
            • Instruction ID: 2543ec3a4d8457063714f64778192fae10fd15059ba0f5a20e95a43db4d5b0e1
            • Opcode Fuzzy Hash: b3da6d19ddbdbf251acd582c730b48642b09cb221ae0e5bf93e42219d90b78ea
            • Instruction Fuzzy Hash: 98018C726001099FC725DF19D448E26FBF9FBC6324F24816AE1058B669DBB4AE46CB90
            Function 0174E53E Relevance: .1, Instructions: 55COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
            • Instruction ID: deacda974188022ee9d7653dd4efbdca4baa2927fc79eff79640ca229b505cb8
            • Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
            • Instruction Fuzzy Hash: EC11E5712416C69BE723A72CD948B25FBD4FB41764F2900E0DE41C7643FB2CC982C291
            Function 017AE75D Relevance: .1, Instructions: 54COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
            • Instruction ID: 61c69edab4d600823a28b8077b56d580f23ac292fc4aabf9d9139b60ddd5da11
            • Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
            • Instruction Fuzzy Hash: D901DE32600206AFE7219F58C844F5AFFA9EBC4B60F458234EA059B260EB71DD80CB90
            Function 0171A250 Relevance: .1, Instructions: 52COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
            • Instruction ID: 35a86f2b49c77f942a3942863c31318f52c84975cb5e837335d51152aea23c32
            • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
            • Instruction Fuzzy Hash: 7901267141A7619BCB318F1DD840AB2BBA4EF95760B00852DFC958B689C331D400CB60
            Function 017F4940 Relevance: .1, Instructions: 52COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: c798c836fc05763ffabdf36baf3597344124713b1bed530b7a0d7b82e004287a
            • Instruction ID: 89fa8719b53c89681c1dea67a2e651d2800a7167b44b68d837112e98f8d3a64d
            • Opcode Fuzzy Hash: c798c836fc05763ffabdf36baf3597344124713b1bed530b7a0d7b82e004287a
            • Instruction Fuzzy Hash: B301C4736415019BC732DF1CD844E13F7A8EB91770B254259EAAA9B296E730D901CB90
            Function 0179E1D0 Relevance: .1, Instructions: 51COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: e70641236056d17fa2a2ff4e848cdd392b874154b62a174434097fd124504916
            • Instruction ID: e5405f63ded2263df0627d9f48d5aa67ddfac4b84968a5db36524a5db096031b
            • Opcode Fuzzy Hash: e70641236056d17fa2a2ff4e848cdd392b874154b62a174434097fd124504916
            • Instruction Fuzzy Hash: 7A11ED32241641EFCB25EF19DC80F06BBB8FF58B44F2000A5EA058B6A1C635ED01CA90
            Function 01726259 Relevance: .1, Instructions: 51COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: b8f7fe4376fdf1ef4c960e4a5254864298230b524544391c6dd91cb165f4441e
            • Instruction ID: 576337592c3a2e1eb150373175364edfc9d8d2d6782131062dc70055b11ae4f9
            • Opcode Fuzzy Hash: b8f7fe4376fdf1ef4c960e4a5254864298230b524544391c6dd91cb165f4441e
            • Instruction Fuzzy Hash: 48119A71541228ABDB65AB24CC46FE8B2B8EF04710F5041D5AB18A60E5EB709E85CF84
            Function 017A6050 Relevance: .0, Instructions: 50COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 8797c39ddbf2ce064b785662e1964ba5569ec3b8dc5d8c9f627f73311e421566
            • Instruction ID: 28ffb0c60e1d132be0902933a71a166383f9229d18d01441493ed7ec0ac86b66
            • Opcode Fuzzy Hash: 8797c39ddbf2ce064b785662e1964ba5569ec3b8dc5d8c9f627f73311e421566
            • Instruction Fuzzy Hash: 5A112973900119ABCB11DB94CC84EDFBB7CEF48258F044166E906E7211EA34EA55CBE0
            Function 0172208A Relevance: .0, Instructions: 50COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
            • Instruction ID: f161a8c5f123a8b9d3de0aafbc56b135d44533fca2f5fb499c660fdf138db33e
            • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
            • Instruction Fuzzy Hash: FC0128326001208BEF218E6DD884B52F767FFC4700F1544A5EE158F25BDA75CC82C3A0
            Function 017B6500 Relevance: .0, Instructions: 50COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: ab1073bea08855e27c836188d57c4606f2ccf955b635b972bf2bf5adb076a975
            • Instruction ID: abec055873f5dccf4d9aa6ec08e8e232377c5c007b05e2e004e7ec5509a14478
            • Opcode Fuzzy Hash: ab1073bea08855e27c836188d57c4606f2ccf955b635b972bf2bf5adb076a975
            • Instruction Fuzzy Hash: 85118E726441469FD711CF58D840BE6FBB9BF9A314F188159F948CB316D732E981CBA0
            Function 017AC810 Relevance: .0, Instructions: 50COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 9f3d6de2342cc4e98fb9a1040eee1ccdecc0ec34cb90e421988484b35fd8d1b1
            • Instruction ID: ed1fc1eb6aa7aeb68e123e67936f3fee9a719830b305fb9941fd0680f4137f2c
            • Opcode Fuzzy Hash: 9f3d6de2342cc4e98fb9a1040eee1ccdecc0ec34cb90e421988484b35fd8d1b1
            • Instruction Fuzzy Hash: 8A1118B1E00209ABCB00DFA9D545AAEFBF8FF58250F10406AA905E7355D674EA01CBA4
            Function 017CEA60 Relevance: .0, Instructions: 50COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 4beba5b3c76e676f801d32260658ce800ec1738a61d521ed84f4051c0de663e1
            • Instruction ID: 407fd51d338378d1cd279b5cb987dd8b2b321c79ca6ecdee727f3ea977523d6f
            • Opcode Fuzzy Hash: 4beba5b3c76e676f801d32260658ce800ec1738a61d521ed84f4051c0de663e1
            • Instruction Fuzzy Hash: 3201B1321402119FC732AE1D844493AFFA9FF91B60B14486EE6455B252CF219E41CB91
            Function 0171C020 Relevance: .0, Instructions: 49COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
            • Instruction ID: 6bb84817a9084e29fd009a9bcde9e0f7ccdb253b30c16a1a9caff360cea3cdff
            • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
            • Instruction Fuzzy Hash: 5C0128322007459FEF3396ADC804EA7F7F9FFC6210F144419AA468B544DA70E401C760
            Function 017620F0 Relevance: .0, Instructions: 49COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 2a7967bd701307d116b0faf70145d6bfac82a9d407d45be59a7c791e51b4ea72
            • Instruction ID: 0ed1758887a144e9f1700308c802cb2ba916c474da24783885fb21ce2c41e7b4
            • Opcode Fuzzy Hash: 2a7967bd701307d116b0faf70145d6bfac82a9d407d45be59a7c791e51b4ea72
            • Instruction Fuzzy Hash: 3F116D75A0120DEFCF15DF64D854EAEBBB9EB84280F004059ED0297255E635AE15CB90
            Function 0175E5CF Relevance: .0, Instructions: 49COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 288fa850d59b4ba6c5f359505e83365be15e1dbfc3642e88b64404050ad6425d
            • Instruction ID: 0bd7276e218fa1161f44ce86ade75b57e145001c25e3c91f56274ae9e2ef4361
            • Opcode Fuzzy Hash: 288fa850d59b4ba6c5f359505e83365be15e1dbfc3642e88b64404050ad6425d
            • Instruction Fuzzy Hash: 3601A772201501BFD711AB79CD84E57F7ACFFD46547100569B60583696DB74FD01C6E0
            Function 017B69C0 Relevance: .0, Instructions: 49COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 0c489c6e05d8bc6609ba1287cdca2a40db737f08bba658eba8b64773805dbf42
            • Instruction ID: 58d77444f2d7faedd3a7a1be06562e470c13264c17d621ceef68187e667ba738
            • Opcode Fuzzy Hash: 0c489c6e05d8bc6609ba1287cdca2a40db737f08bba658eba8b64773805dbf42
            • Instruction Fuzzy Hash: 7101FC322242069BD720DF69D8C8AE7FBACFF99660F114129FA5987280E7309A11C7D1
            Function 017AC460 Relevance: .0, Instructions: 48COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 3c13a2ec7367edb5f3bad2f62e6b97cc95b257fe25be86b31c47567c4aa08056
            • Instruction ID: 201a36d1b5296f06db2905cfb57b6a92c6b64e829422196c184c51f7cbbc6a25
            • Opcode Fuzzy Hash: 3c13a2ec7367edb5f3bad2f62e6b97cc95b257fe25be86b31c47567c4aa08056
            • Instruction Fuzzy Hash: AD115B75A0120DABDF16EFA8C844EAEBBB9FB88240F004159BD0197344DA35EA11CB90
            Function 017AC97C Relevance: .0, Instructions: 48COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: cbd59c5985e3ef47c5b4ca3444eb52a312002028f2051d73ab060c21496aaf1c
            • Instruction ID: 23c0c463ee1db922d87a088bc4fa0697924a17cc99b8b870252f227826696f10
            • Opcode Fuzzy Hash: cbd59c5985e3ef47c5b4ca3444eb52a312002028f2051d73ab060c21496aaf1c
            • Instruction Fuzzy Hash: A61179B16183089FC700DF69D44595BFBF8EF98310F00451AB998D7395E630E900CB92
            Function 017ACA11 Relevance: .0, Instructions: 48COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: c0af8262d5bd9bb570f4885a2c5a123df84bae418410ce381db3283ec22b4aa9
            • Instruction ID: c7c807705bbb777419382a14e49431d46182aa75e92ddb3cff8cb5182d17dc5a
            • Opcode Fuzzy Hash: c0af8262d5bd9bb570f4885a2c5a123df84bae418410ce381db3283ec22b4aa9
            • Instruction Fuzzy Hash: 5E1179B16183089FC310DF69D44595BFBF8FF99350F00851AB958D73A4E630E900CB92
            Function 0173E016 Relevance: .0, Instructions: 46COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
            • Instruction ID: c623d940e8c3f5f052a2afd0865b5c6415671946b6a7636991a0337fe9d1f287
            • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
            • Instruction Fuzzy Hash: A0018F322015849FE722871DCA48F26FBD8EF85764F1904A1FA05CB692DA39DC40CA21
            Function 0171826B Relevance: .0, Instructions: 46COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 068e6ee9499eff1233581a679f8af6cdb8604b09b01ac9128919b0508c10dc8c
            • Instruction ID: 1aaeaac5c1aaff8e66f6a53c612770e6f739830d1e2a7e43cfe896a6cdaa6571
            • Opcode Fuzzy Hash: 068e6ee9499eff1233581a679f8af6cdb8604b09b01ac9128919b0508c10dc8c
            • Instruction Fuzzy Hash: 0501D432704505DBD715DF6DDC049AAFBA8EF84620F554069AA01D7748DE20DD01C691
            Function 017CEB50 Relevance: .0, Instructions: 46COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID: InitializeThunk
            • String ID:
            • API String ID: 2994545307-0
            • Opcode ID: b4f1436bb40a72dcf6ad190ca7f237cc3ed2169eed029c05268ce02366228df4
            • Instruction ID: 9643851afc86920bee7aeb505b05d1b2fd716732fee28613690e753983e23e44
            • Opcode Fuzzy Hash: b4f1436bb40a72dcf6ad190ca7f237cc3ed2169eed029c05268ce02366228df4
            • Instruction Fuzzy Hash: 4E018F72280601AFD3325E19D840F12FBACEF55F60F15482EB7069F395DAB1A9808B64
            Function 01722582 Relevance: .0, Instructions: 45COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 413bc9db31fd2d50276a41f944f5f0e90724df6b13a8614a84f82354d33fc0e7
            • Instruction ID: 81e14436c8fc2b617fb630c0be8e8e3f5ff75fa268aa972dde71537a57545851
            • Opcode Fuzzy Hash: 413bc9db31fd2d50276a41f944f5f0e90724df6b13a8614a84f82354d33fc0e7
            • Instruction Fuzzy Hash: 20F0F433641A20B7C7319B5B8D54F07FEA9EBC8A90F148068E6159B641CA30ED02CAB0
            Function 0174C073 Relevance: .0, Instructions: 43COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
            • Instruction ID: 019cd12b3c5105ac28fad1716bfe4367ee017775113e331d62d091b4e8a82436
            • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
            • Instruction Fuzzy Hash: E5F0C2B2600611ABD329CF4DDC40E57FBEEDBD5A80F048128A605CB220EA31DD04CB90
            Function 017F634F Relevance: .0, Instructions: 43COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 5dcdf26699117c4a4118cfb77cf21fcde6fccbdecd98337723bc62cd50a736df
            • Instruction ID: ee41a660ea414f25e9d129d1fe7e8fdea382e3d40dda9819811269fa466376e6
            • Opcode Fuzzy Hash: 5dcdf26699117c4a4118cfb77cf21fcde6fccbdecd98337723bc62cd50a736df
            • Instruction Fuzzy Hash: 6A012C75A10209ABDB04DFA9E555AAEF7F8FF58704F10406AFA05E7350D674DA018BA0
            Function 0171C310 Relevance: .0, Instructions: 43COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
            • Instruction ID: 217922703f6ab6ed5de3c0742766ab48d9c46137f9e93039b42e1f895cd3b75b
            • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
            • Instruction Fuzzy Hash: 0BF0FC332846339BD73316DD4844B2BE9A59FD5A64F190035E3059B64CC9648D0296D2
            Function 017F625D Relevance: .0, Instructions: 43COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: a791a3d36f4d35e7429d153aef5d543154fb64ad57e242224a34b6155ac7dab6
            • Instruction ID: 96c4b5130792ebab00c71e3b90ab60b5ea9dfe4ac274fd8f9ce334977e6ba92a
            • Opcode Fuzzy Hash: a791a3d36f4d35e7429d153aef5d543154fb64ad57e242224a34b6155ac7dab6
            • Instruction Fuzzy Hash: 0D012C75A1020AABCB04DFA9D455AAEF7F8EF58304F10406AFA05E7355D674AA01CBA0
            Function 017F62D6 Relevance: .0, Instructions: 43COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: c0ce0b5e891aaf8eeafea05075c96a43ad640139575a8e4b45ff584d4e439d8c
            • Instruction ID: 2a69704e2921854ce06ed64eb36e0070c9c5f0279c5f18a200953f6ee72aabc3
            • Opcode Fuzzy Hash: c0ce0b5e891aaf8eeafea05075c96a43ad640139575a8e4b45ff584d4e439d8c
            • Instruction Fuzzy Hash: 92012C71A10209ABDB04DFA9E445AAEFBF8EF58304F50406AFA15E7391D6749A018BA0
            Function 0175CA6F Relevance: .0, Instructions: 42COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
            • Instruction ID: d968c339aa1af2c8bc1be23335b240b4fdf5c8bce0b0b2e360467d5080d0ca01
            • Opcode Fuzzy Hash: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
            • Instruction Fuzzy Hash: DD01D1322006899BE7339A1DD809F59FF9CEF82750F0840A5FE048B6A2D6B9C940C211
            Function 017F61E5 Relevance: .0, Instructions: 41COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: ec91811768f02e0dc22296ed77c0ffd2239f86bf82693c2e742c81600dfa52eb
            • Instruction ID: 997b6274db155394ba407b4ce512b1698fcab90bb81a88d9fc1a5f79fa860b5d
            • Opcode Fuzzy Hash: ec91811768f02e0dc22296ed77c0ffd2239f86bf82693c2e742c81600dfa52eb
            • Instruction Fuzzy Hash: A2014F71A102499BDB04DFA9D445AEEFBF8BF58314F14405AF905E7380D774EA01CB94
            Function 017A63C0 Relevance: .0, Instructions: 41COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
            • Instruction ID: 2133fff88e108d98b9560dd47fb93b720d36abd221a950d651d3f203b2ac8da8
            • Opcode Fuzzy Hash: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
            • Instruction Fuzzy Hash: 23F01D7220001DBFEF019F94DD80DAFBB7EEB99298B144225FA1192160D635DE21ABA0
            Function 017AA4B0 Relevance: .0, Instructions: 40COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 506e829eefe733ea03986b578c3505c6bcf582bff51d7aef08bf5150777772a9
            • Instruction ID: cf2c4790c0fa310b9fb01b97be5766f6b22d7eb874b5402fe392d204fd253b5e
            • Opcode Fuzzy Hash: 506e829eefe733ea03986b578c3505c6bcf582bff51d7aef08bf5150777772a9
            • Instruction Fuzzy Hash: C7018936100209ABCF129F84D840EDA7F66FB8C654F058201FE1866220C336D970EF81
            Function 0171C0F0 Relevance: .0, Instructions: 39COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 864744d2431f03a152796738a1d54b9740cc459c63fe530e657766a03ba76319
            • Instruction ID: 138d7eee5fe1ac6e456812b2190f475259e058310ffa9e14e9e50d25e6044bb7
            • Opcode Fuzzy Hash: 864744d2431f03a152796738a1d54b9740cc459c63fe530e657766a03ba76319
            • Instruction Fuzzy Hash: CBF024B12C42415BF7129AAD8C05F23B2A6E7D0661F65806AEB058F2C9EE70DC0183A4
            Function 0175656A Relevance: .0, Instructions: 39COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 08ed9248b2205344f0a3374d06489690e5895445cd5dac81285ae1dfbea11aa9
            • Instruction ID: f2ef92e5e7ba582ce16bfa975856cccacd41821848e1e274f1616e9dee0e9c43
            • Opcode Fuzzy Hash: 08ed9248b2205344f0a3374d06489690e5895445cd5dac81285ae1dfbea11aa9
            • Instruction Fuzzy Hash: 4001A4702406859BF7729B3CDD5CF25B7A8BB81B48FA80190BE02DB6D6D778D542C610
            Function 017C437C Relevance: .0, Instructions: 37COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
            • Instruction ID: 5b87c964090f5d39246ceae1c2e6a39fb10499298dae7ea809f5419499fa6d92
            • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
            • Instruction Fuzzy Hash: F5F02E31341D1347EB75AE2E8834B2EEA559FD0F10B05072C9503EB680DF60DC00C790
            Function 017AE872 Relevance: .0, Instructions: 36COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
            • Instruction ID: 99909d4e9e2ddf5132db178c0006e391ebaee6b863a5b85f99e89df0ffe707d4
            • Opcode Fuzzy Hash: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
            • Instruction Fuzzy Hash: 59F0E2337816129BE3318A4ECC80F16F7A8EFD5A60F9A0274A6049B264CB60EC41CBD0
            Function 017AC89D Relevance: .0, Instructions: 36COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 1517883762080e5e19b98fb358ba7f5ea7668e1fa72c71499196fb3b6ecfe463
            • Instruction ID: a383d9b4f8389978373a29c6b9b7a5c9c01af835587af8184b061d56828def06
            • Opcode Fuzzy Hash: 1517883762080e5e19b98fb358ba7f5ea7668e1fa72c71499196fb3b6ecfe463
            • Instruction Fuzzy Hash: F2F0AF716193049FC310EF28C445A1AF7E8FF98710F80465ABC98DB398E638EA00CB96
            Function 01750854 Relevance: .0, Instructions: 35COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
            • Instruction ID: 1dbe23ff727fd9e16e84fb9ccad1424642bf4cdf163d16b9dc5c6d70982644d0
            • Opcode Fuzzy Hash: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
            • Instruction Fuzzy Hash: DFF0B472650204AFE714DB25CC05F56F7E9EF98350F148078A945D7164FAB0ED11D654
            Function 017AC912 Relevance: .0, Instructions: 34COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: d5cecee4db37304fbca8994430bf74ae11ca42e9b443d9abdd6ebae9a7c8fc37
            • Instruction ID: 70f9cb5a53bbb2a3f80ca55eef6a36f6bef8f92bbd67047e4e8419c4fa071a04
            • Opcode Fuzzy Hash: d5cecee4db37304fbca8994430bf74ae11ca42e9b443d9abdd6ebae9a7c8fc37
            • Instruction Fuzzy Hash: 1DF0AF70A0020DAFCB04EF69C515AAEF7B8EF58300F008055A905EB389DA38EA01CB50
            Function 017247FB Relevance: .0, Instructions: 33COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: b713225cce3b36166a67f29661c01a6463536d824bb117df9ec089f94ba9bb6d
            • Instruction ID: 69af19dcc3c832c7e75f1326987f27308af3d58539aa3f38e5f995b16e3b9369
            • Opcode Fuzzy Hash: b713225cce3b36166a67f29661c01a6463536d824bb117df9ec089f94ba9bb6d
            • Instruction Fuzzy Hash: 4DF0B4319B66F19FE732CB5CC444B62FFD49B01660F09496AD94B87502C7B4D882C651
            Function 017E0115 Relevance: .0, Instructions: 32COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 15bc2e398fd4842e1f252265db9421ee2619e26a4e23d8570221692bdbe0569d
            • Instruction ID: b38b66196ac84168723303fc9d2600c9266cace9f2a7f51f525bcbe381e8fef4
            • Opcode Fuzzy Hash: 15bc2e398fd4842e1f252265db9421ee2619e26a4e23d8570221692bdbe0569d
            • Instruction Fuzzy Hash: F7F027A751668507CF325B2C745C3D9FBFAA74A110F2A1489E8E55F209D5F4CA83C720
            Function 0175C5ED Relevance: .0, Instructions: 31COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 34149453423321291395e97f7fd3819a3172f725e32b460b5e1285cbc3092280
            • Instruction ID: e3836e81eb4ad8f4b3ddfb68caa721ebc21f057a8c64aeeb7d9e4806cb52fad0
            • Opcode Fuzzy Hash: 34149453423321291395e97f7fd3819a3172f725e32b460b5e1285cbc3092280
            • Instruction Fuzzy Hash: E7F052754013458FE3A3CB1CC008B12FBDCDB00BA0F089465CD0283102C2F0EA80CAB1
            Function 01762619 Relevance: .0, Instructions: 31COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
            • Instruction ID: 7e3263d9453a14a363c5473b0b566d16ccc8bbe6115ac88821c1d9dc771031dc
            • Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
            • Instruction Fuzzy Hash: BBE0D8323406012BE7119E598CC4F47B76EDFD6B10F040079BA046F256C9E2DC0983A4
            Function 017B6030 Relevance: .0, Instructions: 29COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
            • Instruction ID: 1ffcc90f6d9c61fa8edd1dc793de7eee5e53c147195da2c9bce64abc594b2b4d
            • Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
            • Instruction Fuzzy Hash: 46F030721442049FE3218F0AD984FA2F7F8EB45364F45C065F7099B561D379EC40CBA4
            Function 01720710 Relevance: .0, Instructions: 28COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
            • Instruction ID: a60a64a99d899e22b1216288f34a7abc795f78f510e8750659c929e2dea12127
            • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
            • Instruction Fuzzy Hash: 26F0ED7A2047599BEF16CF19D040AA9FBA8FB41360F0000D4F8428B312EB31E982CBA0
            Function 017549D0 Relevance: .0, Instructions: 28COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
            • Instruction ID: 552f34b5ada7150f6e2a44dfebcf9d6d5e01f0ecde9da8496a4823c90d1011ff
            • Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
            • Instruction Fuzzy Hash: 84E0D832244145ABD3E15B698808B66F7A5EBD47A0F150429EA0A8B150FBF0DDC0C7E8
            Function 017F4164 Relevance: .0, Instructions: 27COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 14d873a0cad315b37c7714773860f12b4165bb40ec7a669b5c6aa37f6a411d80
            • Instruction ID: 8295c67d41e19dcaaf613340c6ce68670795bb76842adec8c6cc4c54274ca35d
            • Opcode Fuzzy Hash: 14d873a0cad315b37c7714773860f12b4165bb40ec7a669b5c6aa37f6a411d80
            • Instruction Fuzzy Hash: 9AF02B31A255918FE772D72CD944F53F7E1AF10630F0A055CD50287B12C320DC40C650
            Function 017C678E Relevance: .0, Instructions: 27COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
            • Instruction ID: dfd35df86792d67f96201709e3282fa6d8929ec0d4ff85dc2ef36d452057e85e
            • Opcode Fuzzy Hash: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
            • Instruction Fuzzy Hash: A1E0DF32A40210BBDB2197998D05F9AFEACDF94FA0F050058BA01EB194E570DE00D690
            Function 017F08C0 Relevance: .0, Instructions: 25COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
            • Instruction ID: be1e45946513e199d0f8cc9cb11467fc55fc02cba93d49086b4e9e2111cfe09d
            • Opcode Fuzzy Hash: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
            • Instruction Fuzzy Hash: 14E09B316803508FCB258A1DC140A53F7EDDFB5661F1580ADEA1547713C231F842D6D0
            Function 017225E0 Relevance: .0, Instructions: 23COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 77b374d3576fc3f264ade51420b88eca07fe438d6f3f2890f66dee28470c84bd
            • Instruction ID: 83e8d3dac7a5e5fe886ecfa84686662fae01c8a8d531eb4486a056f8794bd155
            • Opcode Fuzzy Hash: 77b374d3576fc3f264ade51420b88eca07fe438d6f3f2890f66dee28470c84bd
            • Instruction Fuzzy Hash: 08E092321005549BC321BB29DD05F8AB79AEFA0360F114515F15657195CB34A911C788
            Function 017DA456 Relevance: .0, Instructions: 23COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
            • Instruction ID: e7f0eac7b307b08fe0503c1808118323dcb05bc12d6c18ac38c2e8dfb0195ed1
            • Opcode Fuzzy Hash: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
            • Instruction Fuzzy Hash: D9E01231010651DFE7366F2AD94CB52FBF5FF50711F188C2DA19A125B5CBB598C1DA40
            Function 017A4000 Relevance: .0, Instructions: 22COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
            • Instruction ID: 2aae1185f700419f3df1cbee61f3558dcaf5011d4f00b1b1e35f1e5636555c3e
            • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
            • Instruction Fuzzy Hash: 65E0C2343403058FE715CF19C040B63BBB6BFD5A10F68C1A8A9498F205EB73E842DB40
            Function 0175CA38 Relevance: .0, Instructions: 22COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: fa3257983272d7532ff096f1130c59d343505b1b55c471658987ac0ef5fbefad
            • Instruction ID: e4ac01a864fbf92128efd6e28bd6dac35e89403afe83c4868f1576264501d28f
            • Opcode Fuzzy Hash: fa3257983272d7532ff096f1130c59d343505b1b55c471658987ac0ef5fbefad
            • Instruction Fuzzy Hash: 32D02B328C51706ACFB7E1187C08FD3BF5D9B44220F014870FA0896015E5B4CD8186D4
            Function 0171823B Relevance: .0, Instructions: 21COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
            • Instruction ID: 23e93a4554dba31c8fc5995ce1f040ea4c4eff5cd27c866a996a35f405894a57
            • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
            • Instruction Fuzzy Hash: 07E0C231008A10EFDB332F19DC08F91F6A5FF94B10F244869E485160AD8774AC81CB45
            Function 01722050 Relevance: .0, Instructions: 20COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 70206bc5a5272c898c3a9705768fca4f0b882c64796c4b67c37ee06081f4e2aa
            • Instruction ID: 008354cf0a3a039c0be97cf1249bd8f9cd0f87f891040edbaa3794bc5700ad0d
            • Opcode Fuzzy Hash: 70206bc5a5272c898c3a9705768fca4f0b882c64796c4b67c37ee06081f4e2aa
            • Instruction Fuzzy Hash: BBE0C2332004606BC321FB5DDD00F4AB39EEFA4360F110221F191876D8CB64ED01C794
            Function 01776AA4 Relevance: .0, Instructions: 17COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
            • Instruction ID: 04f4c44b810308be24a567837cef6f6203588fd3da89ba6471c1b997c78958b6
            • Opcode Fuzzy Hash: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
            • Instruction Fuzzy Hash: 73D05E36511A50AFD7329F1BEA04C13FBF9FBC4A107060A2EA54583A24C670AC06CBA0
            Function 0175E59C Relevance: .0, Instructions: 16COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
            • Instruction ID: 2f49f86a4fa9eb01d2fe9e437a6a698ecaf946a8f554130fc7ebbeaaf1766236
            • Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
            • Instruction Fuzzy Hash: 99D0A7321045105BD7329A1CFC04FC373D8BB88720F050459B014C7051C364AC41C644
            Function 0179E908 Relevance: .0, Instructions: 16COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
            • Instruction ID: bedca41c6b970f819cfdf0e0a0088ef1d9dc70f7c8e305f2a3622cfb693376fa
            • Opcode Fuzzy Hash: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
            • Instruction Fuzzy Hash: 81E08C319406809BCF22DF59D644F4AFBB4BB84B00F150004E0085B264CA24A800CB40
            Function 0171A0E3 Relevance: .0, Instructions: 15COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
            • Instruction ID: f42f154460297f27a3fa4f1e6794ea2db0c3414b807f70de5aca607e8d022ac0
            • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
            • Instruction Fuzzy Hash: 2DD022322130B193CB2856596904F63E915ABC0A90F1A006C340A93808C0088C42D2E0
            Function 0175A830 Relevance: .0, Instructions: 14COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
            • Instruction ID: 93a2ca660342b80205369f485a473ba640649d0bdd486155343277519afaaee6
            • Opcode Fuzzy Hash: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
            • Instruction Fuzzy Hash: 4DD012371D054DBBCB219F66DC01F957BA9E7A4BA0F444420B514875A1C63AE950D584
            Function 0175CA24 Relevance: .0, Instructions: 14COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 9ca84bdc7ce9619f4a55d0dd5ef698cf07ce9e8de6a87aa844ddab0203b9a8f7
            • Instruction ID: 35699baf5041f521e87f2e440c011da16d1bf4ebad1990aad3838bfa3e11d843
            • Opcode Fuzzy Hash: 9ca84bdc7ce9619f4a55d0dd5ef698cf07ce9e8de6a87aa844ddab0203b9a8f7
            • Instruction Fuzzy Hash: E7D0A731501109CBDF27CF08C510E2EFA78FF20A41F50006CEB0051030E378ED01CA00
            Function 017302A0 Relevance: .0, Instructions: 13COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
            • Instruction ID: 6c3991655045e4bce9ee4161ec9900442ba4524de228c90053e02e52355a2483
            • Opcode Fuzzy Hash: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
            • Instruction Fuzzy Hash: F5D0C935256E80CFD61BCB0CC5A4F15B3A8BB84B44F8104D0F402CBB22D66CD940CA00
            Function 0175C700 Relevance: .0, Instructions: 12COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
            • Instruction ID: 0e32b51943ece1c2e8244a01b90d73fcaf6bc13fe0cf665c3abf4282aea1fbb9
            • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
            • Instruction Fuzzy Hash: 94C01232150644AFC7119A95CD01F0177A9E798B40F000421F20447571C535E810D644
            Function 01740310 Relevance: .0, Instructions: 11COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
            • Instruction ID: c040c1c995ea8c74d2756d216bfd520b6850d84bf7bb8be5e1f410fa7d5b39c2
            • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
            • Instruction Fuzzy Hash: 4BD01236100248EFCB01DF41C890D9ABB2AFBD8710F108019FD19076108A31ED62DA50
            Function 01720750 Relevance: .0, Instructions: 9COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
            • Instruction ID: e11e849fc49f1ea090c857721c97b72101e0f2bde606ff22fae08da391387c4a
            • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
            • Instruction Fuzzy Hash: 6DC04C797115458FCF15DB19D298F45B7E4F744750F1508D0E805CB722E624E841CA10
            Function 01764340 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 29405e3384a7753a84af1dabeb16da14ba0d74455aafed1850786b6f6e45e4f8
            • Instruction ID: 151623b109fa8e559b6715744bb265f27a38d42bff7df8fc593afbf0e4c60735
            • Opcode Fuzzy Hash: 29405e3384a7753a84af1dabeb16da14ba0d74455aafed1850786b6f6e45e4f8
            • Instruction Fuzzy Hash: F8900231609900129640715888885468005A7E0301F56C031E0424564CCA148B565362
            Function 01764650 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 7eb62cf5dd73879dc9a40d521104e503e33ec8ada295cb34fb69a4d114e31b08
            • Instruction ID: d3212ac0034a23b53360300ce51f5e44225d8bf62cc46839888b3f953eb4d329
            • Opcode Fuzzy Hash: 7eb62cf5dd73879dc9a40d521104e503e33ec8ada295cb34fb69a4d114e31b08
            • Instruction Fuzzy Hash: 9A90026160560042464071588808406A005A7E1301796C135A0554570CC6188A55936A
            Function 01762B60 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 31621645318e66b44b8fd572ae59d8afbbd2d217c074c4f39523de17d0a02042
            • Instruction ID: 6337b76b7c43efd9f372869b640c8484cec07f3ad79985103abda25e8bdfebe6
            • Opcode Fuzzy Hash: 31621645318e66b44b8fd572ae59d8afbbd2d217c074c4f39523de17d0a02042
            • Instruction Fuzzy Hash: EA90026120650003460571588418616800A97E0201F56C031E10145A0DC5258A916226
            Function 01762BF0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 307f54e14c0a11529613c0adb7111d100e86a3f3acaebeaf713f840171b7bd9a
            • Instruction ID: ba0227ef09325f0c1c79577f04145f88b630df89539712e1318c10468169fc13
            • Opcode Fuzzy Hash: 307f54e14c0a11529613c0adb7111d100e86a3f3acaebeaf713f840171b7bd9a
            • Instruction Fuzzy Hash: 7490023120550802D6807158840864A400597D1301F96C035A0025664DCA158B5977A2
            Function 01762BE0 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: ceb4971e21628a8e668e6e36dcdadbf680cabff2ae5f6e7d7b8e82df15f543b4
            • Instruction ID: 3c2aacf0cd395cd03a4af7e9b45b3b430fa098cd9380c7b7f42c0b91a8ce04c6
            • Opcode Fuzzy Hash: ceb4971e21628a8e668e6e36dcdadbf680cabff2ae5f6e7d7b8e82df15f543b4
            • Instruction Fuzzy Hash: 0090023120954842D64071588408A46401597D0305F56C031A00646A4DD6258F55B762
            Function 01762BA0 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 6fb5b4764b72a050a8247120bd175e9cd57cf08ed0f3e3399c90f9a76a870fc4
            • Instruction ID: 0715c8951cf3d83ece13f569c07865cf7debaee774d1d52b7b7e51d49cd6ffa3
            • Opcode Fuzzy Hash: 6fb5b4764b72a050a8247120bd175e9cd57cf08ed0f3e3399c90f9a76a870fc4
            • Instruction Fuzzy Hash: 7B90023160950802D65071588418746400597D0301F56C031A0024664DC7558B5577A2
            Function 01762B80 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 14b006a843e67b9d31218cccbeef6c2565cef0a6aa76de87324b4ced519f21e8
            • Instruction ID: 01cc52ba4426bd97b257de4e048b0990d000cc8fa79a75e4694c56b58a59a67d
            • Opcode Fuzzy Hash: 14b006a843e67b9d31218cccbeef6c2565cef0a6aa76de87324b4ced519f21e8
            • Instruction Fuzzy Hash: CB90023120550802D60471588808686400597D0301F56C031A6024665ED6658A917232
            Function 01762AF0 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 3236472c8b4cda0ef1416964d8572b0b46b0f52144d21812863e99dce35bc1a6
            • Instruction ID: 0dc78222d005ba8d6fc12aa139e0184226f1e869cb76721644ed2cc9570cc3f5
            • Opcode Fuzzy Hash: 3236472c8b4cda0ef1416964d8572b0b46b0f52144d21812863e99dce35bc1a6
            • Instruction Fuzzy Hash: 57900225225500020645B558460850B4445A7D6351796C035F14165A0CC6218A655322
            Function 01762AD0 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: af822ff0ca7abf6a0152b99e903ad33737f7fd5e6caf58bab666df4e0a19412b
            • Instruction ID: f3a278736c3d0b104c3b7b95493499654c0e79b644abde0cd659de498126eb95
            • Opcode Fuzzy Hash: af822ff0ca7abf6a0152b99e903ad33737f7fd5e6caf58bab666df4e0a19412b
            • Instruction Fuzzy Hash: 8F900225215500030605B5584708507404697D5351756C031F1015560CD6218A615222
            Function 01762AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 02b42350d818b09e9dfaa71b294d52bf73c199d6e88f07fc7d287112fc5971d2
            • Instruction ID: 6f2e07dee98cd8bf884e6ddc7aa62b9783fa0cf27d1e58f7a2f2cbbd6e326979
            • Opcode Fuzzy Hash: 02b42350d818b09e9dfaa71b294d52bf73c199d6e88f07fc7d287112fc5971d2
            • Instruction Fuzzy Hash: 679002A1205640924A00B258C408B0A850597E0201F56C036E1054570CC5258A519236
            Function 01762D30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 9c2506ff7880a8f1d2f8de661288ebbb2f96d90664aef1efb2c0aae20b7a6697
            • Instruction ID: 241eb77a3f01bea4e4816fc94d0724dfb22e7d2114b791f4472a6e1b9a9fe36d
            • Opcode Fuzzy Hash: 9c2506ff7880a8f1d2f8de661288ebbb2f96d90664aef1efb2c0aae20b7a6697
            • Instruction Fuzzy Hash: 8990022130550003D6407158941C6068005E7E1301F56D031E0414564CD9158A565323
            Function 01762D10 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: fc24eb850970b50978852d610c4c11e7cffcb17b6e315fe70d03ab141af8da8f
            • Instruction ID: 961e57edceb6e5fb3b6fc91422f37daa204f0a112674188c222c09ddb10381dc
            • Opcode Fuzzy Hash: fc24eb850970b50978852d610c4c11e7cffcb17b6e315fe70d03ab141af8da8f
            • Instruction Fuzzy Hash: 5290022921750002D6807158940C60A400597D1202F96D435A0015568CC9158A695322
            Function 01762D00 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 522c0de06f06755ce24be2b737c032705bd0b921c22a1db6078d7ca8a9141e57
            • Instruction ID: d1b9f3c2becbd4ca080476e09a9f81f5a6713616d13964468c6d120985579784
            • Opcode Fuzzy Hash: 522c0de06f06755ce24be2b737c032705bd0b921c22a1db6078d7ca8a9141e57
            • Instruction Fuzzy Hash: 0290022120954442D6007558940CA06400597D0205F56D031A10645A5DC6358A51A232
            Function 01762DD0 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 18a6654cf013f53573050d6bb42c50a3d4df15356728c872ff80b6a972c94a08
            • Instruction ID: 4858db9347b7c00d9a8e49871105bdeaa2f65f55dac96da7633f0ed2fd79339e
            • Opcode Fuzzy Hash: 18a6654cf013f53573050d6bb42c50a3d4df15356728c872ff80b6a972c94a08
            • Instruction Fuzzy Hash: 16900221246541525A45B15884085078006A7E0241B96C032A1414960CC5269A56D722
            Function 01762DB0 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 77e94404c320ebd92d427a9071804a67db414e48cb62fa6c28067db0e3474c73
            • Instruction ID: 67e486a376a67d209709cf6e86177a22ac7af6c7ac83084a2ed1fe598b90c907
            • Opcode Fuzzy Hash: 77e94404c320ebd92d427a9071804a67db414e48cb62fa6c28067db0e3474c73
            • Instruction Fuzzy Hash: 5290023124550402D641715884086064009A7D0241F96C032A0424564EC6558B56AB62
            Function 01762C70 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: befa5f6f34f9cee2dfcb4ddb782e3837d240503cae1d937ae01bcb4aef58764c
            • Instruction ID: aed9606ee08badf7a23248ad7d5174f471a0b4191f1a393b34f8bfbd2925981e
            • Opcode Fuzzy Hash: befa5f6f34f9cee2dfcb4ddb782e3837d240503cae1d937ae01bcb4aef58764c
            • Instruction Fuzzy Hash: AC90023120558802D6107158C40874A400597D0301F5AC431A4424668DC6958A917222
            Function 01762C60 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 2f9c346cb62465cd71d94d89f62f0ef0f234a28eceb3feec5b5837e1857f1a8a
            • Instruction ID: 3ca6a72b81cc27c48992b0729550830b8596078c5e18eb089da1a43cab948ca8
            • Opcode Fuzzy Hash: 2f9c346cb62465cd71d94d89f62f0ef0f234a28eceb3feec5b5837e1857f1a8a
            • Instruction Fuzzy Hash: 4A90023120550842D60071588408B46400597E0301F56C036A0124664DC615CA517622
            Function 01762CF0 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 44763e0d592189c74f5a6b63d82e26cd2e0dc1380e772b304b60e67e5e663533
            • Instruction ID: 2d8c70de2c4e6fd9f603f94b09dc5cc648541451a9338d66aa5e7007801324f7
            • Opcode Fuzzy Hash: 44763e0d592189c74f5a6b63d82e26cd2e0dc1380e772b304b60e67e5e663533
            • Instruction Fuzzy Hash: 7C90023120550403D6007158950C707400597D0201F56D431A0424568DD6568A516222
            Function 01762CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: dedcaabe47d61ddfd30d284cdb48eac2440b0660ef4d3e2f0277392e5843bd55
            • Instruction ID: 88a58601332487e2cc11f22204d0e4de25c0b2b556fee5fef840dfd8f33e2298
            • Opcode Fuzzy Hash: dedcaabe47d61ddfd30d284cdb48eac2440b0660ef4d3e2f0277392e5843bd55
            • Instruction Fuzzy Hash: 8190022160950402D6407158941C706401597D0201F56D031A0024564DC6598B5567A2
            Function 01762CA0 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 561d3d492f6e8922fc529cbb94a58303e774caa27d4e4fb07a454f9b97890453
            • Instruction ID: edd33cef6e60a76d43f340a3144c32e8386aeb73aa9904fb71a9acbc983858a1
            • Opcode Fuzzy Hash: 561d3d492f6e8922fc529cbb94a58303e774caa27d4e4fb07a454f9b97890453
            • Instruction Fuzzy Hash: 4B90023120550402D6007598940C646400597E0301F56D031A5024565EC6658A916232
            Function 01762F60 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: cae4173f32a435f7b3af3198df85c4fd58d47b9187bcd2ad99b11b4bf016335b
            • Instruction ID: 012a6eecdc388d8edb39fe489f768273fdac9bf558ef43055c4e1d0831f27bcc
            • Opcode Fuzzy Hash: cae4173f32a435f7b3af3198df85c4fd58d47b9187bcd2ad99b11b4bf016335b
            • Instruction Fuzzy Hash: 6F90026121550042D60471588408706404597E1201F56C032A2154564CC5298E615226
            Function 01762F30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 8a220c1f6f2d7c5f23846e60bac3218f7c9e3531f99b45f12ae3c3628c8536cc
            • Instruction ID: 9f22fc71efeff72b544323e8badad9e092b7e1bb31142e2b8b79f91c8a381334
            • Opcode Fuzzy Hash: 8a220c1f6f2d7c5f23846e60bac3218f7c9e3531f99b45f12ae3c3628c8536cc
            • Instruction Fuzzy Hash: 6290026134550442D60071588418B064005D7E1301F56C035E1064564DC619CE526227
            Function 01762FE0 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: cb79a41b8be069327481432c14c6ad5ac656fc5412ca9b3557ce7611ae72ab9d
            • Instruction ID: 2780cf273c5fc94c4fe614b103c12c95c624f9d3e9eabe41bc76b0d4db20d2a0
            • Opcode Fuzzy Hash: cb79a41b8be069327481432c14c6ad5ac656fc5412ca9b3557ce7611ae72ab9d
            • Instruction Fuzzy Hash: 66900221215D0042D70075688C18B07400597D0303F56C135A0154564CC9158A615622
            Function 01762FB0 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: fe96358129029a32457201c11f509d61e30f30cfc08423a446c9abb56d6cf7ee
            • Instruction ID: b3f1194d3bf4a1e2d2d04ebc4ca49bb1f1975e576d4decc26ca21a78ca90354e
            • Opcode Fuzzy Hash: fe96358129029a32457201c11f509d61e30f30cfc08423a446c9abb56d6cf7ee
            • Instruction Fuzzy Hash: 949002216055004246407168C8489068005BBE1211B56C131A0998560DC5598A655766
            Function 01762FA0 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 49fda1b7858ce07dd1fbb255b9020c4775feedd59c29656db7909a9ae9e9a312
            • Instruction ID: ff4b3cca795d54c19a22a690eee36f76a5c662edfb669b98fc8b8a2b911d6e87
            • Opcode Fuzzy Hash: 49fda1b7858ce07dd1fbb255b9020c4775feedd59c29656db7909a9ae9e9a312
            • Instruction Fuzzy Hash: C590023120590402D6007158880C747400597D0302F56C031A5164565EC665CA916632
            Function 01762F90 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 6204da92fa82b0035802633367e8b46a14f48500a1f50bf981dbcf7a093ec256
            • Instruction ID: ab7329b6292be6b87681da3e7e720df5087802b5c3885cf251b62602723777ae
            • Opcode Fuzzy Hash: 6204da92fa82b0035802633367e8b46a14f48500a1f50bf981dbcf7a093ec256
            • Instruction Fuzzy Hash: E190023120590402D6007158881870B400597D0302F56C031A1164565DC6258A516672
            Function 01762E30 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 3d15182fe1a3845ca610bf64d393bf6b558e3a83c63c3914921992c72eead119
            • Instruction ID: d353c2043eebf6997b8417e0390370371823f9ad361d6e811f05e4b82a04cdb3
            • Opcode Fuzzy Hash: 3d15182fe1a3845ca610bf64d393bf6b558e3a83c63c3914921992c72eead119
            • Instruction Fuzzy Hash: 5790022130550402D602715884186064009D7D1345F96C032E1424565DC6258B53A233
            Function 01762EE0 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: a93ab62af8e505f0104c5fb6a777dff61a822335fe0ea26b82b19fcc857590d7
            • Instruction ID: 82bd6962fb32a8bd1692ac26adcd46e509f36fbdec0e8e87e570926f84119f01
            • Opcode Fuzzy Hash: a93ab62af8e505f0104c5fb6a777dff61a822335fe0ea26b82b19fcc857590d7
            • Instruction Fuzzy Hash: FC90026120590403D64075588808607400597D0302F56C031A2064565ECA298E516236
            Function 01762EA0 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 1b7fcd046201922cf43e1b08bb6b76ab1ff58a24c1ac305742eadc8775b803f7
            • Instruction ID: 4f6c544e1c9f4bc262954f19114bef7eff21486d5d7452fdcdf01c255ff79276
            • Opcode Fuzzy Hash: 1b7fcd046201922cf43e1b08bb6b76ab1ff58a24c1ac305742eadc8775b803f7
            • Instruction Fuzzy Hash: FC90027120550402D64071588408746400597D0301F56C031A5064564EC6598FD56766
            Function 01762E80 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: f327775d835165a68c501467aafc09c4bff2b985fec5efcd8f83c71dc7a4038b
            • Instruction ID: 5cec2eb2de273af7ef5c1b27adcc5ecc8f5f9795cd3ef70429dc22916a63c392
            • Opcode Fuzzy Hash: f327775d835165a68c501467aafc09c4bff2b985fec5efcd8f83c71dc7a4038b
            • Instruction Fuzzy Hash: 3690022160550502D60171588408616400A97D0241F96C032A1024565ECA258B92A232
            Function 01763010 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 79c39eabc1282b725051ecd08b42df842b669d685c6d6b3e190f033157dbedfb
            • Instruction ID: a2341868aa12a411e605991a7913e10ae2fdffaa38001835c632a06c617d53aa
            • Opcode Fuzzy Hash: 79c39eabc1282b725051ecd08b42df842b669d685c6d6b3e190f033157dbedfb
            • Instruction Fuzzy Hash: 3890022120594442D64072588808B0F810597E1202F96C039A4156564CC9158A555722
            Function 01763090 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 9b3c102faf5e2b01819c93eabb7c94a518f708ddb4a01bdfd94ff61da44c7f88
            • Instruction ID: e96d7e270f179ab55a5510a91dfb645ae5ba3811d41f26684d2cda3b24fa81e0
            • Opcode Fuzzy Hash: 9b3c102faf5e2b01819c93eabb7c94a518f708ddb4a01bdfd94ff61da44c7f88
            • Instruction Fuzzy Hash: F890022124550802D6407158C4187074006D7D0601F56C031A0024564DC6168B6567B2
            Function 017635C0 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 1806fd3bcd3bb71a097d62487ca7a5ce529e2411d6bb6ce6e707553ec6f249d6
            • Instruction ID: b4217b1437d65659a256b99a2095463e0f44cce8bd75ab5093f7e387ccb1db6f
            • Opcode Fuzzy Hash: 1806fd3bcd3bb71a097d62487ca7a5ce529e2411d6bb6ce6e707553ec6f249d6
            • Instruction Fuzzy Hash: EB90023160960402D60071588518706500597D0201F66C431A0424578DC7958B5166A3
            Function 017639B0 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 1e5e8a6ffb5beccaf085e08fb4e9b2ec0f53e57d027d087d40fb9b1813f21c2b
            • Instruction ID: ea9e702fbc1a256cb2d72fdf1556f28a4baa4ea54ee583244b53cd6d087a9242
            • Opcode Fuzzy Hash: 1e5e8a6ffb5beccaf085e08fb4e9b2ec0f53e57d027d087d40fb9b1813f21c2b
            • Instruction Fuzzy Hash: 1F90022124955102D650715C84086168005B7E0201F56C031A08145A4DC5558A556322
            Function 01763D70 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 7df000a425f2a28584baa55b74dc7d4b7966c2629c521f3ed0b4ff16bdd25dad
            • Instruction ID: dd89340cb0f5596f32c6f382878338044ba0ede3612c73785ff05b0b4c4ac8d3
            • Opcode Fuzzy Hash: 7df000a425f2a28584baa55b74dc7d4b7966c2629c521f3ed0b4ff16bdd25dad
            • Instruction Fuzzy Hash: 8390023520550402DA1071589808646404697D0301F56D431A0424568DC6548AA1A222
            Function 01763D10 Relevance: .0, Instructions: 4COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 1a85e760d6c95d100b533167cfe17dcceef86e3e0146bc41c67937e0d497a8af
            • Instruction ID: 1359757081b8d6f89ee8978b24859fff7a0f614623e52348569b2cc399182689
            • Opcode Fuzzy Hash: 1a85e760d6c95d100b533167cfe17dcceef86e3e0146bc41c67937e0d497a8af
            • Instruction Fuzzy Hash: 51900231206501429A4072589808A4E810597E1302F96D435A0015564CC9148A615322
            Function 01762C00 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
            • Instruction ID: a6829e4c67f372c4345bb54c3a2bcf42fca153cb3710fa567e667a5536103ef7
            • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
            • Instruction Fuzzy Hash:
            Function 01762890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
            Download Yara Rule
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID: ___swprintf_l
            • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
            • API String ID: 48624451-2108815105
            • Opcode ID: 0254376a9836a6fc6d798ddbb9bfe2ce9649f23f404270ac800f6820e902fb0c
            • Instruction ID: b1c81f082015e3e1ff10aa9068d89fecfdd11b82b8a53be36107d0e4522771e2
            • Opcode Fuzzy Hash: 0254376a9836a6fc6d798ddbb9bfe2ce9649f23f404270ac800f6820e902fb0c
            • Instruction Fuzzy Hash: 7F51D5B1B00216AFDF51DB9C8C9097EFBBCBB48240B14C169E965D7646D734DE04CBA0
            Function 017D2410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
            Download Yara Rule
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID: ___swprintf_l
            • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
            • API String ID: 48624451-2108815105
            • Opcode ID: e434be150d1d5034ae9b426946a4487198b04ac5848658ae6d8fc0e594c479c2
            • Instruction ID: 2484f09295321102679f4ece7783770374025f08f51f0e7e7bec6b488a5b1c37
            • Opcode Fuzzy Hash: e434be150d1d5034ae9b426946a4487198b04ac5848658ae6d8fc0e594c479c2
            • Instruction Fuzzy Hash: D451F6B1A0064AAECB31DF5CC99097FFBF8EB44200B648899E997D7646E674DE018760
            Function 01757630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
            Download Yara Rule
            Strings
            • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 01794725
            • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 017946FC
            • Execute=1, xrefs: 01794713
            • CLIENT(ntdll): Processing section info %ws..., xrefs: 01794787
            • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 01794742
            • ExecuteOptions, xrefs: 017946A0
            • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 01794655
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
            • API String ID: 0-484625025
            • Opcode ID: 1da4f8b72122beb2543e649d482df790e5d0dc61435ea2332d9126a198b55d87
            • Instruction ID: c36553e278c428ac8b2bdb3c7bf9d8ce048224f4f87d58cf864866e6b4ab8ef9
            • Opcode Fuzzy Hash: 1da4f8b72122beb2543e649d482df790e5d0dc61435ea2332d9126a198b55d87
            • Instruction Fuzzy Hash: 75511B71600219AAEF15AAA8EC99FADF7ACEF14304F8400D9EA05A71C1D7B0DA45CF61
            Function 017F6940 Relevance: 9.4, APIs: 6, Instructions: 416COMMON
            Download Yara Rule
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
            • Instruction ID: 3245c9b7563af3ce16c41bba3c1a241256f08534930d4d83e0f41b77b2d81365
            • Opcode Fuzzy Hash: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
            • Instruction Fuzzy Hash: 85020371508342AFD709CF18C494A6BFBE5EFC8700F548A2DBA998B364DB31E945CB52
            Function 0176B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
            Download Yara Rule
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID: __aulldvrm
            • String ID: +$-$0$0
            • API String ID: 1302938615-699404926
            • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
            • Instruction ID: fc667bba44a4044465d3398c88dc1083ffdf979374424fc90857a48f389340eb
            • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
            • Instruction Fuzzy Hash: CC81A070F4524A9EEF258E6CC8917FEFBB9AF46320F18415ADD51E7291C73898408B91
            Function 017D20E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
            Download Yara Rule
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID: ___swprintf_l
            • String ID: %%%u$[$]:%u
            • API String ID: 48624451-2819853543
            • Opcode ID: 6c1e76bfc361b309b35f0d55fab752050962925252ed9f410fa94e8612ae5d7d
            • Instruction ID: 8c6c7795221a3f309ec49c41f5346410c9e0435daa3245c2ea01b1541b0e0358
            • Opcode Fuzzy Hash: 6c1e76bfc361b309b35f0d55fab752050962925252ed9f410fa94e8612ae5d7d
            • Instruction Fuzzy Hash: D921817AA0021DABDB11DE79CC44AAEFBF9AF54650F044116E915E3205E7319A028BA1
            Function 0174F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
            Download Yara Rule
            Strings
            • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 017902BD
            • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 017902E7
            • RTL: Re-Waiting, xrefs: 0179031E
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
            • API String ID: 0-2474120054
            • Opcode ID: 184d412b8d9b2b05e641a933c2db52f6428320f2cace16b946ddacaf1f66c80a
            • Instruction ID: 0398d7809a5c936a496418bf9516e0741106963cf7f255da7569b1e117a08df3
            • Opcode Fuzzy Hash: 184d412b8d9b2b05e641a933c2db52f6428320f2cace16b946ddacaf1f66c80a
            • Instruction Fuzzy Hash: E6E1AB716187419FEB25CF2CD884B2AFBE4AB84314F140A5DF5A5CB2E1D774D948CB42
            Function 0175BED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
            Download Yara Rule
            Strings
            • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 01797B7F
            • RTL: Re-Waiting, xrefs: 01797BAC
            • RTL: Resource at %p, xrefs: 01797B8E
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
            • API String ID: 0-871070163
            • Opcode ID: b73db9e5875d0b868c59304b6010cef621bc701908d510ac43eea9d62b78625d
            • Instruction ID: 34376e181398082789d36b94b43678a357319e66b62b4c97609888c26fe7c05d
            • Opcode Fuzzy Hash: b73db9e5875d0b868c59304b6010cef621bc701908d510ac43eea9d62b78625d
            • Instruction Fuzzy Hash: 9B41D2317047029FDB25DE29D840B6AF7E6EF98710F100A1DFE5ADB680DBB1E9058B91
            Function 0175B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
            Download Yara Rule
            APIs
            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0179728C
            Strings
            • RTL: Re-Waiting, xrefs: 017972C1
            • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 01797294
            • RTL: Resource at %p, xrefs: 017972A3
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
            • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
            • API String ID: 885266447-605551621
            • Opcode ID: a0d34dd55dd3381ed20da8ad2ce97379d104de1433a61869d6e378bc15f0d536
            • Instruction ID: 41ccccec3631e508df0e5faae036b85c319b02d4541762d24077b5be8a1f0050
            • Opcode Fuzzy Hash: a0d34dd55dd3381ed20da8ad2ce97379d104de1433a61869d6e378bc15f0d536
            • Instruction Fuzzy Hash: 25411031614202ABCB25CE29DC81B6AFBA6FF94710F100658FD55AB280DB70E8068BD1
            Function 017D2300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
            Download Yara Rule
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID: ___swprintf_l
            • String ID: %%%u$]:%u
            • API String ID: 48624451-3050659472
            • Opcode ID: 4b018c4e89ad893542348c7db9d3f304cbc189f5f7fb58baa2c8437803148803
            • Instruction ID: 1239a3370454f295d773961046354361464e60780b7f443ad738a404e22f19d9
            • Opcode Fuzzy Hash: 4b018c4e89ad893542348c7db9d3f304cbc189f5f7fb58baa2c8437803148803
            • Instruction Fuzzy Hash: F0314172A00219AFDB20DF2DCC44BAEF7B8AB54610F54455AED49E3245EF30AA458BA0
            Function 01767D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
            Download Yara Rule
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID: __aulldvrm
            • String ID: +$-
            • API String ID: 1302938615-2137968064
            • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
            • Instruction ID: 42db155ea4b44b7f28b8b00fa33eb8e18384742468fcba5fd978021afddd3ca8
            • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
            • Instruction Fuzzy Hash: B491D671E002069BEF28CF6DC881AFEFBA9EF447A8F54451AED55E72C4D73489818B11
            Function 01729126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
            Download Yara Rule
            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID:
            • String ID: $$@
            • API String ID: 0-1194432280
            • Opcode ID: 6e7c940d83f2fccf37da5863615b81d3e7fbc7cab1c585d867ee54c6da86aba5
            • Instruction ID: b9d07e1727f254928b0668f64349f3f947d95071648d9182a0a8e9088cb2ec01
            • Opcode Fuzzy Hash: 6e7c940d83f2fccf37da5863615b81d3e7fbc7cab1c585d867ee54c6da86aba5
            • Instruction Fuzzy Hash: CD812A71D402799BDB319B54CC44BEAF7B8AF48714F1441EAEA09B7241E7709E85CFA0
            Function 017ACEA0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 134COMMON
            Download Yara Rule
            APIs
            • @_EH4_CallFilterFunc@8.LIBCMT ref: 017ACFBD
            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.1500617309.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_3_2_16f0000_SecuriteInfo.jbxd
            Similarity
            • API ID: CallFilterFunc@8
            • String ID: @$@4_w@4_w
            • API String ID: 4062629308-713214301
            • Opcode ID: c947538d8c760a6ee067b4c3ae726fd7f69aa054e05ff6e09db42c71bdac6664
            • Instruction ID: 0cecd451173ab2f64df69d689d345252cdf160cc3ab290731d8c203cb063335e
            • Opcode Fuzzy Hash: c947538d8c760a6ee067b4c3ae726fd7f69aa054e05ff6e09db42c71bdac6664
            • Instruction Fuzzy Hash: A241C172940215DFDB319FA9C884AAEFBB8FF94B10F10462AE914DB359E774C901CB61